Privacy & Security Policy
Last updated: 24 January 2024
- WHO PROCESSES YOUR PERSONAL DATA?
- When we refer to Grasple, we refer to “Grasple” as a registered trade name of Grasple B.V., a company registered in the Netherlands with a registered address at Kattenburgerstraat 5, 1018JA, Amsterdam, and is registered at the Dutch Chamber of Commerce under number 66873843 ("Grasple", "we", "us", "our").
- interact with any of Grasple’s websites (including www.grasple.com) or our social media pages (collectively, the "Sites") ("website users");
- use Grasple's applications and services (collectively, the "Grasple’s Services") ("users”, and/or “customers");
- are an interested prospect, who is anyone whose data Grasple processes for the purposes of assessing user or customer eligibility ("marketing prospect");
- receive marketing communications from Grasple;
- interact with our job websites (including grasple.homerun.com) (“job applicants”).
- In case that you use Grasple based on an invitation or instruction by a third party organization (ie: your university, school or employer), then your organization will determine how your data are processed and act as Controller and Grasple will act as Processor.
For questions about your privacy you can email email@example.com
- WHICH PERSONAL DATA DO WE PROCESS?
- This privacy statement gives information about the processing of personal data of users of Grasple.
- For users and customers of Grasple, we process the following personal data:
Category of Data
First and last name
The Respondent's intention is to connect to SurfConext. In the event that the Respondent deviates from this and asks students to create an account, we will also process passwords.
If paired with SURFConext:
Needed for access to courses in Grasple and when linking LTI (1.3) and SURFConext
Learning and usage data
Including but not limited to: finished
exercises, date, time, practice time, practice
results, usage of components in the program,
opening and clicking behaviour in emails.
Optional: student number
If the service is used for summative testing:
Summative test results
Results which are used for a grade or review.
- In case you are a (potential) contact for or instructor at your organization, marketing prospect or job applicant, we may also ask you for your (mobile) phone number, but you can choose not to provide it.
- Aggregated non-personally identifiable Data. Notwithstanding anything to the contrary herein, Customer agrees that Grasple may obtain and aggregate technical and other data about Customer's use of the Services that is non-personally identifiable with respect to Customer ("Aggregated non-personally identifiable Data"), and Grasple may use the Aggregated non-personally identifiable Data to analyze, improve, support and operate the Services and otherwise for any business purpose during and after the term of this Agreement, including without limitation to generate industry benchmark or best practice guidance, recommendations or similar reports for distribution to and consumption by Customer.
- FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
- For students, instructors, learners and creators:
- Invite, make and provide access to personal accounts
- Online learning and practicing
- Test and grade
- To provide the student with information about and insight in his/her own learning process
- To provide teachers with information about and insight in the learning process of students
- Making and sharing of learning materials by users
- Insights into individual activity, progress, and knowledge to show to teachers, and users (students) themselves
- Personal advice about progress and mastery through algorithms, data and through teachers
- data and through teachers
- Offering adaptive advice and learning paths to students through algorithms
- Automatically checked exercises through algorithms
- Facilitating support through chat app and email in platform
- Sharing of experiences (provided that user gives written permission)
- Gathering feedback to improve the product
- Improvement of the product
- Back-up of data
In order to be able to process your personal data, the processing has to comply with one of the legal bases described in the AVG/GDPR. For the purposes above, the legal basis is the fulfillment of a contractual agreement. In case you do not provide us with certain personal data, we cannot offer you the service that you or your organization has requested from us. Without your personal data Grasple cannot operate.
- For potential users or customers:
- Sending marketing communications: We process your personal data to send you marketing communications via email, post, phone or chat/sms about our products, services and upcoming events that might interest you in reliance on our legitimate interests or where we seek your consent.
For this purpose the legal basis is, dependent on the specific situation, either fulfilment of a contractual agreement, user consent or in some cases legitimate interest.
- For job applicants:
- Identify, screen and interview applicants for positions in our team
For this purpose the legal basis is user consent.
- For students, instructors, learners and creators:
- SHARING YOUR PERSONAL DATA
- We will never sell your personal data to third parties.
- We do share your personal data with third parties in order to provide you the service. We refer to these parties as (sub) Processors. In these cases, we retain control over the processing and we conclude a written processing agreement with these processors, called a Data Processing Agreement (DPA). In the DPA we make agreements about, among other things, the objective, the duration and the scope of the processing, the retention periods and the security measures taken to protect the personal data.
- We may ask you to share your data with research groups for research purposes. In that case, we will ask you or your organization for consent.
- TRANSFERS OF YOUR PERSONAL DATA
- Grasple processes most of your data within the European Union (“EU”). This means that the servers where we save your personal data are located within the EU. In some cases, we do work with processors that process your data or have ties to (parent) companies outside of the European Economic Area (EEA), for example the United States. In that case, we follow the European Data Protection Board (EDPB) recommendations and conclude a DPA based on the Standard Contractual Clauses (SCCs) and supplementary measures, such that your personal data is considered as safe and secure as if it were processed within the EEA.
- YOUR RIGHTS REGARDING YOUR PERSONAL DATA
- You have the right to view your personal data, have it corrected, deleted or restricted. You can also under certain circumstances object or request a transfer of your personal data. To make a request to us in this context, you can contact us via firstname.lastname@example.org. In these cases, we may ask you to identify yourself.
- In case a third party is the Controller (for example your university or school), then we will relay your request to them, and we will comply with their instructions.
- Your privacy rights:
- View or Correct: in case you want to know if we are processing your personal data or if you want to change your personal data, you can contact us via email@example.com.
- Delete: the AVG/GDPR offers, under certain circumstances, the possibility to have personal data deleted. We or your Organization will assess whether such a request can be executed. In some cases we do have to retain your personal data, for example due to a legal requirement or for the operation of Grasple.
- Restrict: you can contact us with a request to limit the processing of your personal data if you think that your personal data is incorrect, the processing is unlawful, you need it for a legal action or if you have objected to the processing thereof.
- Object: if we process your personal data on the basis of a legitimate interest, you may object to further use of your personal data under specific circumstances.
- HOW DO WE SECURE YOUR PERSONAL DATA?
- We have taken fitting technical and organizational measures to prevent the loss of personal data or unlawful processing. For example, your personal data can only be accessed by employees who are authorized to do so on the basis of their position.
- RETENTION: HOW LONG DO WE STORE YOUR PERSONAL DATA?
- We will store your personal data for as long as necessary for the objectives for which we use your personal data.
- Content that you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.
- CHILDREN'S PRIVACY
- QUESTIONS OR COMPLAINTS?
- If you have any questions about how we process your personal data, you can contact us via firstname.lastname@example.org. We are happy to help you.
- If you do not agree with our processing and/or course of action, you can submit a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). The Dutch Data Protection Authority will handle the complaint or the request and will decide a course of action.