myStudyPal Privacy Principals
2. We strive to provide you with access to and control over the information you give us, and we take the protection of your information very seriously.
3. In order to comply with the Digital Age of Consent, children under the age of 16 must be signed by their parent or legal guardian using the Parents Sign Up Form.
“Data Protection Legislation” means the Data Protection Acts 1988 and 2003 and Directive 95/46/EC, any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive), as such legislation shall be amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 ( “GDPR” ) and the Irish Data Protection Act 2018 (and laws implementing or supplementing the GDPR).
2. Personal Data we may holdThe Personal Data we hold about you and other individuals may differ depending on our relationship, including the type of communications between us and the services we provide. Personal Data we may hold, and process includes: INSERT TABLE
3. ConfidentialityWe will not sell, share, or rent your personal information to any third party or use your e-mail for any unsolicited mail. Any emails sent by us will only be in connection with the provision of agreed services and products. You will always have the right to unsubscribe from any emailing list that we communicate with.
4. CookiesWe may collect IP addresses from visitors to our website (an IP address is a number that can uniquely identify a specific computer or other network device on the internet). This allows us to identify the location of users, to block disruptive use and to establish the number of visits from different countries. We analyse this data for trend and statistics reasons, such as which parts of our Website users are visiting and how long they spend there.
A cookie is a small text file that is placed on your hard disk by a web server which enables a website and/or mobile app to recognise repeat users, facilitate the user's ongoing access to and use of a website and/or mobile app and allows the website and/or mobile app to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising.
You should also be aware that there are cookies which are found in other companies' internet tools which we may use to enhance the website. These websites have their own cookies, which are controlled by them, and we have no responsibility for such third party cookies.
5. How we use Personal DataWe use Personal Data to carry out our business activities and anonymise such Personal Data where possible. The purposes for which we use Personal Data may differ based on our relationship, including the type of communications between us and the services we provide.
The main purposes include using Personal Data to: 5.1 5.1 communicate with you and other individuals; 5.2 provide our products and services; 5.3 improve the quality of our products and services, provide training and maintain information security; 5.4 carry out research and analysis, including analysis of our customer base and other individuals whose Personal Data we collect, complete market research, including customer satisfaction surveys, and assess the risks faced by our business; 5.5 provide marketing information in accordance with preferences you have told us about (marketing information may be about products and services offered by our third-party partners subject to your preferences); 5.6 manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; data and website hosting; data analytics; business continuity; records management; document and print management; and auditing; 5.7 manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Data; 5.8 comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to anti-money laundering, sanctions, anti-bribery and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence); and 5.9 establish and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, privacy, safety or property, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies or limit our damages.
In connection with the purposes described above, we may need to share Personal Data with third parties (this may involve third parties disclosing Personal Data to us and us disclosing Personal Data to them). These third parties may include external third-party service providers that assist us in carrying out business activities.
When we provide Personal Data to third parties, the third parties will be selected carefully and will be contractually required to use appropriate measures to protect the confidentiality and security of the Personal Data pursuant to data processing agreements between us and such third parties. Those third parties will assume certain responsibilities under Data Protection Legislation for looking after the Personal Data that they receive from us.
Sharing of Personal DataIn connection with the purposes described above, we may need to share your Personal Data with third parties (this may involve third parties disclosing Personal Data to us and us disclosing Personal Data to them). These third parties may include: INSERT TABLE HERE
Processing of Personal DataDue to the global nature of our business, for the purposes set out above we may transfer Personal Data to parties located in other countries (including the USA and other countries that have data protection regimes which are different to those in the country where you are based, including countries which have not been found by the European Commission to provide adequate protection for Personal Data).
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our app, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
When making these transfers, we will take steps to ensure that your Personal Data is adequately protected and transferred in accordance with the requirements of Data Protection Legislation.
This may involve the use of data transfer agreements incorporating standard contractual clauses in the form approved by the European Commission or another mechanism recognised by Data Protection Legislation as ensuring an adequate level of protection for Personal Data transferred outside the EEA (for example, Privacy Shield, standard contractual clauses, binding corporate rules etc.).
For further information about these transfers and to request details of the safeguards in place, please contact us using the details below.
Security of Personal DataMSP uses appropriate technical, physical, legal and organisational measures, which comply with Data Protection Legislation to keep Personal Data secure.
We do our utmost to protect user privacy through the appropriate use of security technology. We restrict access to Personal Data to certain employees who need to know such Personal Data in order to operate, develop or improve the services that we provide. We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place.
As most of the Personal Data we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Data is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We train our staff regularly on data protection and information security.
When MSP provides Personal Data to a third party (including our service providers) or engages a third party to collect Personal Data on our behalf, the third party will be selected carefully and contractually required to use appropriate security measures to protect the confidentiality and security of Personal Data pursuant.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure, any transmission is at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have sent to us has been compromised), please immediately notify us.
We are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our services may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of Personal Data arising from such risks once we have complied with our obligations under Data Protection Legislation.
Legal justification for our use of Personal DataTo comply with the law, we need to tell you the legal justification we rely on for using Personal Data for our purposes. While the law provides several legal justifications, the table below describes the main legal justifications that may apply to our purposes for using Personal Data. INSERT TABLE
We may obtain Personal Data to comply with applicable legal requirements, and certain Personal Data may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else). We will inform you of the purposes of the processing of Personal Data at the time that we are obtaining the Personal Data from you. In these circumstances, if you do not provide the relevant Personal Data to us, we may not be able to provide our products or services to you. If you would like further information, please contact us using the details below.
Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using Personal Data, our legitimate interests will usually be: 10.1 pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing); 10.2 compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out background checks or otherwise preventing, detecting or investigating fraud or money laundering); 10.3 improvement and development of our business operations and service offering, or those of a third party; 10.4 protection of our business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, including debt collection); and 10.5 analysing competition in the market for our services (for example, by carrying out research, including market research).
We may need to collect, use and disclose Personal Data in connection with matters of important public interest, for instance when complying with our obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime. In these cases, the legal justification for our use of Personal Data is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.
Retention of Personal DataWe will keep Personal Data for as long as is necessary for the purposes for which we collect it. Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.
Where we hold Personal Data in order to provide a product or service, we will keep the information for at least as long as we provide the product or service, and for long as is necessary thereafter in respect of such product or service. The number of years varies depending on the nature of the product or service provided.
For further information about the period of time for which we retain Personal Data, please contact us using the details below.
Personal Data RightsYou may ask to see what Personal Data we hold about you and be provided with:
The following is a summary of the data protection rights available to individuals in the EEA in connection with their Personal Data. These rights may only apply in certain circumstances and are subject to certain legal exemptions. INSERT TABLE If you wish to exercise your rights, please contact us using the details in section 16 below.
Digital Age of ConsentIn order to comply with the new Digital Age of Consent of 16, it is our policy not to collect the Personal Data of anyone below the age of 16 without their parent’s explicit consent. In order for a child under the age of 16 to use the app, they must be signed up by their parent or legal guardian using the Parent’s Sign Up & Consent Form (“Parents Sign Up Consent Form”). If we learn that we have collected personal data of a child under the age of 16 without their parent’s consent, we will delete the information promptly. If you believe that a child under the age of 16 may have provided us personal data, please contact us at privacy@myStudyPal.app immediately.
Breach ReportingWe will notify serious data breaches to the Data Protection Commissioner (“DPC”) without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify you of any data breach affecting Personal Data (which poses a high risk to you) when we are required to do so under Data Protection Legislation. We will not be required to notify you of a data breach where:
How to Contact Us about Personal DataIf you have any comments, concerns or complaints about our use of your Personal Data, please contact us at privacy@myStudyPal.app. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period