The Personal Data will be processed in the purpose of administering the access rights and monitoring the progression of the End User in accordance with the Terms of Service.
1.1 Service Provider. The capitalized term Service Provider refers to Typing Master Finland
Oy, the developer, intellectual property rights owner, and publisher of a web-based typing tutor service, whose registered office is at Eerikinkatu 4 A 16, 00100 Helsinki, Finland.
1.2 Subscriber. The customer institution named in the registration, who has authorized
acceptance of this Terms of Service and completed the registration. The Subscriber provides access to the Service to its Authorized Users, and is responsible for payment of fees and implementation of this Terms of Service.
1.3 Service. The capitalized term Service refers to the web-based typing tutor application
sold under the brand names Typing Quest and TypingMaster, any updates to the application, and any related online documentation.
2. Information We Collect
We collect the following information (the Personal Data):
- Username and password;
- Data derived from the use of The Service (e.g. progression in The Service);
- Email address (optional);
- Organization and grouping information (optional);
- Registration logs.
3. How We Use the Information
The Service Provider may use the personal data the Subscriber provides online to send the
Subscriber information about changes that affect the use of Service or that we feel may be of
interest to the Subscriber. Only the Service Provider will send the Subscriber such mailings.
The Service Provider retains server logs and files which contain detailed Authorized User
access information including but not limited to date and time of access, login ID employed
and statistics relating to the use of Service. This access information may be used by the
Service Provider and its representatives for customer support purposes.
The Service Provider will not share email addresses with anyone outside the Service
Provider or disclose the User information to any third party, except as described below.
The Service Provider shall use its best endeavors to keep confidential from third parties the
Subscriber's access information, Authorized User data and usage statistics. In the case that
the Service Provider assigns its rights in this Agreement to a third party, the Subscriber may
at its discretion require this assignee either to keep such information confidential or to
destroy them. The Service Provider will comply with the requirements of the data protection
legislation currently in force (more in section 8 Confidentiality).
The Service Provider agrees that it may create, receive from or on behalf of Institution, or
have access to, records or record systems that are subject to the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. Section 1232g (collectively, the "FERPA Records").
The Service Provider represents, warrants, and agrees that it will: (1) hold the FERPA
Records in strict confidence and will not use or disclose the FERPA Records except as (a)
permitted or required by this Agreement, (b) required by law, or (c) otherwise authorized by
Institution in writing; (2) safeguard the FERPA Records according to commercially
reasonable administrative, physical and technical standards that are no less rigorous than
the standards by which the Service Provider protects its own confidential information; and (3)
continually monitor its operations and take any action necessary to assure that the FERPA
Records are safeguarded in accordance with the terms of this Agreement.
4. Service Provider’s Rights and Liabilities for Using an Information
Technical operability and development of The Service. The Service Provider is responsible
for the technical operability, safety, validity and legality of The Service according to Privacy
The Service Provider shall take into account the principle of data protection by default and by
design in the development of the Service.
The Service Provider’s access to the data. The Service Provider has a right to examine,
update and otherwise process the Subscriber’s data only according to the documented instructions of the Subscriber or it’s authorized representative.
Notwithstanding the aforesaid, the Subscriber mandates the Service Provider to examine,
The data protection impact assessment and prior consultation. The Service Provider shall
provide reasonable assistance to the Subscriber in fulfilling its liabilities of the impact assessment concerning data protection and prior consultation taking into account the information available to the Service Provider.
The Service Provider has the right to charge for reports exceeding customary investigation or
reports exceeding the informing liability described in the section 4 paragraph 5 in accordance with its current prices list.
5. The Subscriber’s Rights and Liabilities for Using an Information
Data processed in The Service. The Subscriber is responsible for the lawfulness of the
processing (i.e for the correct legal basis) and that it has the right to transfer the personal data to the Service Provider. The Subscriber is responsible for the data being up-to-date,
error-free and legal.
The rights of the data subject. The Subscriber is responsible for providing the data subject’s
rights, answering inquiries of the data subject and the costs related thereto and acts as a primary contact for the data subjects.
The Service Provider shall forward any contacts from data subjects to the Subscriber.
The Subscriber has a right to conduct an audit to the Service concerning the processing of
the personal data or have it conducted by a third party. Such third party must be approved by the Service Provider. The audit shall not result in unreasonable inconvenience to the Service
Provider. The Subscriber shall bear all the costs of the audit.
The Service Provider shall have the right to use Subprocessors for data processing (the Subprocessor), change Subprocessors and make entirely new subprocessing agreements. The Service Provider may continue to use those Subprocessors already engaged by Service
Provider shall be responsible for the processing conducted by its Subprocessors as for its own.
The Service Provider shall give the Subscriber prior written notice of appointment of any new
Subprocessor. The Subscriber shall have the right to oppose any such changes for a justified reason relating to the of data protection or data security in order to ensure legal processing
of personal data. In case the Subscriber opposes the use of a subprocessor proposed by the Service Provider within 30 days from the receipt of the notice, The Service Provider shall
negotiate with the Subscriber in good faith in order to enable a such economically reasonable change in the provision of The Service that does not result in the use of the suggested
Subprocessor. If such a change may not be carried out within 60 days after the Service Provider has received information of the Subscriber’s opposition, the Subscriber has the right
with immediate effect to terminate the part of the Terms of Service that would require the use
of the proposed Subprocessor.
7. Data Security and Personal Data Breaches
Taking into account the state of the art, the costs of implementation and the nature, scope,
context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Service Provider shall implement appropriate
technical and organizational measures to ensure a level of security appropriate to that risk. However, no method of transmission over the internet or electronic storage is completely secure, so the Service Provider cannot guarantee data’s absolute security.
Service Provider shall notify the Subscriber without undue delay upon Service Provider or any
Subprocessor becoming aware of a personal data breach affecting Subscriber’s personal data.
Service Provider shall commit to co-operating with Subscriber and taking reasonable
commercial steps to assist in remedying the consequences of each such personal data breach by accessible conventional means taking into account the information available to the Service Provider. The Service Provider commit to assist the Subscriber in fulfilling its legal notification and documentation obligations.
The Service Provider considers the confidentiality and security of your information to be of
the utmost importance.
The Service Provider commits to keeping confidential such personal and other data of the
Subscriber that is in the Service or that has been processed on the grounds of the Service.
Only those employees of the Subscriber to whom it is necessary for purposes of their tasks
may have access to The Service and the data of the Subscriber.
The Service Provider does not have a right to assign the Subscriber’s data to any third party
or use it to it’s own purposes without a permission from the Subscriber.
The Service Provider has the right to assign the data in the Service to a third party in case
obligated by a law, statute or authorities.
The Service Provider shall ensure that its personnel commit to the level of confidentiality
9. Deleting and Returning Personal Data
At the termination of the Service, The Service Provider shall seize personal data processing
and accordingly to the Subscriber’s choice either:
1) shall delete otherwise than from the backup files the personal data processed on
behalf of the Subscriber, or
2) shall return all the personal data processed on behalf of the Subscriber to the Subscriber and shall delete the files otherwise than from the backup files.
Service Provider after the Subscriber’s request in writing has the right to switch on automatic inactive user data deletion process. An inactive user under this section means the user that has not been logged in to the Service during last 6 months or as otherwise instructed by the Subscriber.
By an explicit request of the Subscriber the Service Provider may at Subscriber’s expense
delete and erase also Subscriber’s personal and other data in the Service Provider’s backup file database at the termination of the agreement.
10. Data Transfers
TypingMaster has its servers in the United States and EU. The United States Authorised
Users data will be respectively collected and processed in the United States while EU Authorised Users data is collected and processed in Finland. The United States and Finland countries have their own laws governing data protection and government access to information. The rules that protect your personal information under United States or Finland countries laws may be different than in your home country. If you choose to use the Services, you need to agree to our Terms of Service and referenced policies, which set out the contract between TypingMaster and its users.
11. Detailed Instructions for Processing the Client’s Personal Data
The Service Provider unless otherwise agreed upon. The Service Provider is liable for the lawfulness and correctness of the personal data processing instructions. The Service
Provider shall without undue delay notify the Subscriber if it notices that the instructions given by the Service Provider breach the personal data protection law legislation. The Subscriber is to the full extent liable for the damages caused to the Service Provider by the unlawful instructions.
These instructions may be altered and complemented by other documented instructions from
the Subscriber. The Service Provider shall not comply with any unlawful personal data processing instructions nor instructions on personal data processing given otherwise that in writing by the Subscriber.
The Subscriber may orally instruct the Service Provider on the personal data processing and
thus the Service Provider may take actions accordingly provided that the Subscriber will also give the instruction in writing to the Service Provider within 7 days from giving the original
instruction. The Subscriber is to the full extent liable for personal data processing in such manner. In case the Subscriber neglects the documentation of the instruction within the time
limit the Service Provider has the right to quit personal data processing according to any other than a written instruction.
12. Children’s Privacy
People under 18 (or the legal age in your jurisdiction) are not permitted to use TypingMaster
Services on their own. The Service Provider does not knowingly collect any Personal Data from children under the age of 13 and children under 13 are not permitted to register for an
account or use our Services. If you believe that a child has provided us with Personal Data, please contact us. If the Service Provider become aware that a child under age 13 has
provided us with the Personal Data, we’ll delete it.
The Service Provider does not knowingly process data of EU residents under the age of 16
without parental consent. If the Service Provider becomes aware that the data from an EU resident under the age of 16 without parental consent was collected, the Service Provider will
take reasonable steps to delete it as quickly as possible. The Service Provider also comply with other age restrictions and requirements in accordance with applicable local laws.
The Service Provider has the right to change these terms in case it is justifiable because of the
changes in legislation or its interpretation or changes in the Service Provider’s business