ISMS 1.18 : Issue 1 Rev 29 : Auth RG
It is also important that we are clear with you of the two main groups of people we collect personal information from. Firstly, there is the personal data of the Customer that actually purchases the product or service from Texthelp and, secondly, there is the personal data of the User of the product or service that has been purchased. Sometimes these are the same person i.e. someone purchasing a single user license from the website will likely be both the Customer and the End User of the product. However, sometimes the Customer making the purchase may not be the person that will be using the product e.g. a Customer purchasing the product on behalf of a school where the product is to be used by the school’s students. The personal data of Users of the products and services are described below in the various sections for each of our products and services.
With regard to Customer personal information:
What data do we collect?
Texthelp collects customer data to enable us to process orders, for billing purposes, support purposes and to be able to provide updates on our products and services to our customers. This data could include:
Where do we store your data?
Customer Data is stored in our CRM, and this information is stored in AWS data centers. The location of storage is based on the customer's location. If you are based in North America, your data will be stored within the US. For Customers based anywhere else in the world, your data will be stored in the EU.
With regard to End-user personal information
Texthelp product End-user personal information is stored in Amazon Web Services (AWS). We have entered into Standard Contractual Clauses with AWS to ensure we comply with the EU and UK GDPR rules on international transfers.
You are uniquely identified by your Google or Microsoft email address. This information is used to determine the status of your current license. No other Google or Microsoft profile information is collected. You have a right to request erasure of this data should you wish to, otherwise it will be deleted 2 years after the expiry of the current contract.
Where possible the only student information that we store is the student’s Login ID. We need to store this so that we can store the user’s preferences and data, and to confirm that they are a licensed user. You are uniquely identified by your login address. A de-identified version of this information is used to determine the status of your Texthelp Product current license. No other Google or Microsoft profile information is collected. We may keep this de-identified data indefinitely however this does not prevent your right of erasure of your information should you request it.
In order to remain compliant with COPPA the licensee (The School District, School or Teacher) must obtain verifiable parental consent to store the following student information on the online platform. Where student information is shared with Texthelp by a School District, School or Teacher, Texthelp accepts that consent is authorized by that institution in lieu of parental consent.
Because Fluency Tutor has a teacher dashboard and displays class rosters, and individual student running records some additional information is stored. This is stored in compliance with our Information Security Policy, encrypted in transit and at rest. The data which is stored is:
Because WriQ has a teacher dashboard and displays class rosters, and individual student writing records some additional information is stored. This is stored in compliance with our Information Security Policy, encrypted in transit and at rest. The data which is stored is:
Because Mathspace has a teacher dashboard and displays class rosters, and individual student Math documents some additional information is stored. This is stored in compliance with our Information Security Policy, encrypted in transit and at rest. The data which is stored is:
By default, Browsealoud does not capture any end user information. However, administrators may log into the ReachDeck/Browsealoud portal to manage their subscription. In this instance we collect the following additional information:
The Auditor feature does not process or store any personally identifiable information.
Whilst the ReachDeck Editor does not request personal information, the purpose of the product is to help the User improve the readability of their content. Therefore the user will be entering information into this product. The information entered is sent to Texthelp for processing, however it is not stored and is deleted immediately after processing.
When using the OCR Scanning feature, PDFs that are sent for OCR are stored by Texthelp for 24 hours to ensure repeated requests are cached for optimum performance. After this period, the PDF is automatically deleted.
The PDFs are stored in compliance with our data procedures (See GDPR Compliance & International Data Transfers section) and are encrypted at rest during this period.
Applications that integrate with a Microsoft, Chrome or a Google account must declare their intent by requesting permissions. These permissions to your browser and account must be granted in order to integrate with your Microsoft, Chrome or Google accounts. Below is a list of these permissions and why they are required. At no time will Texthelp request or have access to your Microsoft or Google account password.
Microsoft Account permissions
Read&Write Admin Tool Microsoft Account permissions
OrbtiNote will only interact with the files you choose on your Google Drive. OrbitNote does not scan or interact with Google Drive files unless instructed to do so by the User.
You can revoke these permissions at any time on your Google Account Permissions page.
Equatio's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
This is required to display the errors within a document
Texthelp employees will only access content on our servers with the express permission of the provided administrator or contact at the time of purchase for a site or group license. Similar express permission from a single user license owner or trialist must be provided.
We do not scrape any personal content. Our systems are not designed to associate personal information with your activities.
We never sell any personal information. Occasionally our products need to send your personal data (such as name, email,) to 3rd parties. These 3rd parties are our Hosting and Services providers. For Example, we use Amazon Web Services to host Fluency Tutor and WriQ. The database needs to store Student information so that we can display it for you and help you track progress. These data sharing partners do not disclose your personal information, and they store it with the same level of security or greater than we do as laid out in our Information Security Policy. No ad companies collect data through our service.
We do not display advertising, therefore, no data is collected through our software for ad targeting. We do not operate any referral program and do not display any sponsored links.
We take reasonable steps to secure your personally identifiable information against unauthorized access or disclosure. We encrypt transmission of data on pages where you provide payment information. However, no security or encryption method can be guaranteed to protect information from hackers or human error.
Information we collect may be stored or processed on computers located in any country where we do business.
Your rights to the personal information we may hold on you
You have the right to request the amending, erasure or a copy of your personal information that we may collect and store while you use our products. A Data Subject Access Request may be made via this form. Alternatively you may telephone using the numbers on our 'Contact Us' page or email to firstname.lastname@example.org. We will respond to a request within these time limits.
United Kingdom 30 days, US 45 days, Canada 30 days, Australia 30 days.
Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors.
We do update this Policy from time to time, so please review this Policy regularly.
Our Head of Operational Compliance is responsible for ensuring Texthelp’s compliance with this policy and applicable privacy laws.
Customers and end users should direct any complaints, concerns, or questions regarding Texthelp’s compliance in writing to the Head of Operational Compliance at email@example.com.
You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred.
Please see details below for further information on your rights and how to complain:
Australia - https://www.oaic.gov.au/
Denmark - https://www.datatilsynet.dk/
North America - https://www.dol.gov/
Norway - https://www.datatilsynet.no/en/
Sweden - https://www.imy.se/en/
UK - ICO website