Privacy policy for schools

Updated Nov 7th, 2024

Purpose

This Privacy Policy describes how Taito Learning Oy (“Taito Learning”, “we”, “us”, “our”) collect, use, process and disclose the information, including personally identifiable information (“PII”) in conjunction with the use of our Typetastic School Edition -service (“Service”).

Owner and Controller of Personal Data

This Service may be purchased by providers of educational services, such as schools, school districts, or teachers (collectively referred to as “Schools”). School is the sole owner and controller of the PII processed in the Service on behalf of the School.

School may use this Service for educational purposes. In such cases, we may process PII on behalf of the School (see below). Typing Master is a Service Provider and/or Processor and will use and process PII only for purposes authorized by the School.

We use such Student PII information only to provide our Services to Schools and improving the Service. The collection, use and sharing of Student informationPII is governed by the agreements between us and the School and any applicable laws both in the U.S. and in the EU.

Information collected on Taitolearning

In course of providing the Service, we collect the following information:

The type of personal information we collect may vary depending on the account type (e.g. teacher, student, parent etc).

• School information. A teacher, school administrator or other authorized person may register an account on the Service and correspond with us about the Service. In these cases we may collect personal information such as a name, e-mail address, payment information, username and password, and information about the school.
• Student information. The School may provide us personally identifiable information about students. Such information may contain student names or other identifiers, passwords, e-mail address for the student or the student’s parent or legal guardian, educational level, topic of study and data derived from the use of the Service (e.g. progression in the Service). Student’s personally identifiable information and any information associated with such personally identifiable information is “Student Data”.
• Parent and Child information. A parent or guardian (“Parent”) may register an account on Service or correspond with us about the Service. In these cases, we may collect personal information such as a name, e-mail address, payment information, username and password. We may also collect information about the child(ren) authorized by the Parent to use the Service through the Parent’s account, including a profile name for the child user and selection of a profile avatar.
  
  Each child user profile must be associated with a Parent account, and children cannot access the Service without the Parent first signing in to the Parent account with the Parent’s sign in credentials.

Purposes to which information is used

We use the information we collect for the following purposes:

To provide and maintain the Service. We need the information we collect to provide the Service. Some examples would be the use of School contact details for communication and customer support regarding the Service; payment information to process payments; Service use data to diagnose and fix Service bugs or other issues, to provide users with information and reports about student and child performance.

To personalize the Service. We use information to tailor and personalize the content and information that we send or display to users, to offer personalized content and instructions, and to otherwise personalize user experience while using the Service. To the extent we, in order to provide the Service, build profiles of students, it is for educational purposes only. This is for educational purposes only and we never use Student Data to profile students for any other purpose, e.g. marketing.

We may use de-identified PII for product development, research, or other purposes. De-identified PII will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, ID numbers, date of birth, demographic information, location information, and school ID.  

To communicate with clients. We use information, e.g contact details of the person who has purchased the Service, to provide notifications for certain activities relating to user’s use of our Service. For example, we may send e-mail notifications when a user completes an activity, to provide receipt for payment or other subscription notices.

From time to time, we may send promotional or informational e-mails to authorized School personnel or Parent users. School and Parent users who may opt-out of marketing and promotional communications by following the opt-out instructions contained in the e-mail.

To promote safety and security and respond to legal process. We use information to ensure and promote the safety and security of our Service, our users and other third parties. To achieve these purposes we may, for example, use information to authenticate users, facilitate secure payments, detect and prevent fraud and other harmful activities, respond to legal requests or claims, and enforce our terms and policies.

We comply with the European Union General Data Processing Regulations (“GDPR”) and to that extent we rely on the following legal bases to legalize the processing of personal data.

• Contractual obligation. The processing is necessary to enter into agreement and/or to perform our contractual obligations in our Terms of Service or other contracts with you (such as to provide you the Service as described in our Terms of Service);
• Our legitimate interest. The marketing and promotional activities, improvement of our Service and promotion of safety and security are on our legitimate interest.
• Legal obligation. The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims;
• Consent. You may have given your consent to certain processing activities, which you may withdraw at any time (such as for marketing purposes or other purposes we obtain your consent for from time to time).

If you have any questions about or would like further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below in Section 15.

Advertising and cookies

Service (i.e. Typetastic School Edition) does not include or display any advertising in the Service. Accordingly, Students or other users of the Service are not tracked for advertising purposes and no targeted, interest-based (or other) advertising are directed to Students or other users within the Service by Us of any third parties. Neither do we share PII with any advertisers.

Service uses only such cookies or other similar tracking methods that are crucial and strictly necessary for the functionality and technical operation of the Service, including Cloudflare strictly necessary cookies as explained at https://www.cloudflare.com/cookie-policy/.

Sharing and disclosures of information

We may share information on the Service with other authorized personnel of the School, e.g. teachers and school administrators. Informing us about the authorized personnel is School’s responsibility.

We never sell user data to third parties.

We may however otherwise share or disclose information on the Service (including School, Student, Parent and Child information) to third parties in order to provide our Service. To the extent we disclose or share Student Data, we ensure that such third parties adhere to our policies regarding the processing of Student Data, including this Privacy Policy.

Some typical disclosures are described below:

Subcontractors and service providers. We use subcontractors and service providers to provide our Service. In the U.S. Stepware, inc. provides our U.S. Sales support and is fully compliant with this Privacy Policy. To more complete list of our subcontractors and service providers, see here  

Subcontractors and service providers. We use subcontractors and service providers to provide our Service. In the U.S. Stepware, inc. provides our U.S. Sales support and is fully compliant with this Privacy Policy. To more complete list of our subcontractors and service providers, see here.

Aggregate or anonymized information. We may share aggregate or anonymized information with third parties. Such statistical data (e.g. total number of TypeTastic users) will always be in such a form, where no individual can be identified.

Third parties with consent. With student’s or other End User’s consent, we may share (but never sell) End User’s information with third parties.

Merger or Sale. Information on the Service may be transferred or disclosed in connection with a merger, acquisition, bankruptcy, change of control, or any form of sale of some or all of Taito Learning’s assets. However, we don’t transfer Student Data unless the recipient has committed to the Student Privacy Pledge principles or similarly stringent privacy protections.

Other. We may disclose information on the Service (a) if required by law, regulation or authorities, (b) to enforce our Terms of Service (e.g. to investigate potential violations), (c) to detect, prevent or investigate fraud and/or security or technical problems.

We adhere to and fully comply with the European data protection legislation with regard to the use of subcontractors and information disclosures.

 E-mail communications and how to opt out

We may, from time to time, send authorized School personnel e-mail or other communications regarding our products and services, or the use of our products and services. Only Taito Learning will send these communications (or our service providers on our behalf), if any, and we do not share any information on the Service to be used by third parties for marketing or for any other purposes.

You can at any time opt out from these communications by clicking the unsubscribe link in any e-mail or other communication or by contacting us in privacy@taitolearning.com.

We never contact students directly, unless instructed to do so by authorized School personnel or a Parent for example for technical support purposes.

 Access to, updating or deleting personal information

End Users and students can have their account information modified at any time by contacting the School, teacher or other administrator, who has enabled the Service to such student or End User.

If you are a parent of guardian of a student who uses Typetastic Service through a School, please refer all questions and requests to your child’s school. The School may, if needed, address such requests to us in which case we will assist the School in fulfilling your request.

Persons acting on behalf of the School who need assistance in fulfilling student’s or other End User’s request or in other questions concerning the access, modification or deletion of personal information may contact us in privacy@taitolearning.com.

Please note that when account information is deleted, some information may remain within our archive records, such as for customer and technical support, billing and tax purposes.

Retention of personal information

We will retain personal information for as long as needed to provide the Service. Further, we will retain personal information for our internal business purposes and to fulfill our legal obligations as described in section 4. Such retention and use of information may continue after the termination or cancellation of the Service by School. We will seek to pseudonymize and anonymize such data to the extent possible without compromising our legitimate purposes.

Student Data. Notwithstanding the aforesaid, we will not retain Student Data for longer than 12 months beyond the term of our agreement with the School, unless otherwise agreed with the School. We retain the Student Data for this period solely to ensure that no unintentional or accidental loss of information occur. We will however, at School’s explicit instructions, delete Student Data also before the 12 months’ retention period has passed, if the School so wishes. We do not process (e.g. modify or delete) Student Data other than on School’s explicit instructions. The School is responsible for keeping the Student Data on our Service up-to-date and for identifying Student Data the School no longer needs and removing such students or Student Data from the Service.

We will delete or anonymize personal information of student or child users, if (a) the account has been inactive for a certain period, (b) the license subscription has been terminated or cancelled, (c) our agreement with the School has been terminated or cancelled, (d) so required by the terms of service or any applicable written agreement with School, (e) so requested by School’s authorized personnel.

School’s authorized personnel may contact us at privacy@taitolearning.com to request additional information about our standard data retention practises.

Protection and security of personal information

We consider the confidentiality and security of our users’ information to be of the utmost importance.

We have implemented a variety of administrative, technological and physical safeguards to ensure the continuing security of personal information on the Service. These measures include:

• procedure and response plan to contain, assess and respond to data breaches expeditiously and mitigate potential harm to the persons affected.
• internal reviews of our data collection
• physical and technical security measures such as firewalls and data encryption
• restriction of access to personal information to those Typing Master employees, to whom it is necessary for the purposes of their tasks
• confidentiality obligations of our personnel and subcontractors and service providers

We kindly ask you to note that no system is perfect and therefore we cannot guarantee the security of our user’s personal information. In case of a data breach where personal information is compromised, we will investigate the breach and take reasonable steps to remedy the situation.

What our users can do? Our users can help us minimize the risk of data breaches. If you are a user of our Service please remember to:

• sign out of your account after you’re finished with your session
• close browser windows and clear browsing history, if you are using a public computer
• keep your login information only to yourself and not disclose it to anyone
• disable “Remember” feature of browser login

Data storage and transfer. Our servers are located in the United States. Personal information collected through our website and Service may be stored and processed in the United States and, as we are located in Europe also in the European Union.

European Union Data Protection

Residents in the European Union are entitled to certain rights with respect to personal information that we hold about them under the General Data Protection Regulation (GDPR):

• Right of access and rectification. A user has the right to access the information we hold about him/her. If user notices inaccurate personal data, user may request rectification.
• Right to object. The user has the right at any time to object the processing of personal information if user has a reason to believe that we have processed personal information unlawfully or that we do not have the right to process some of the personal information.
• Right to restriction. The user has the right to have us restrict the processing of personal information in certain circumstances, such as where the accuracy of the personal information is contested by the user, for a period enabling us to verify the accuracy of that personal information.
• Right to data portability. User has the right to request us to transmit personal information in a portable, digital format to user or for you to transfer the information from one environment to another.
• Right to erasure. User has the right to obtain the erasure of personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
  
  Please note, that we are not able to erase personal information necessary for fulfilling the statutory or other obligations (e.g. data held for accounting purposes) in any case.
• Right to appeal. User has the right to file a complaint to the relevant Supervisory Authority. A list of supervisory authorities is available here:
  https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Any inquiries and requests can be made at privacy@taitolearning.com.

Children’s privacy

The independent use of the Service is forbidden and we do not knowingly collect personal information from the children under the age of 13 without appropriate authorization. If there’s a reason to believe we have collected personal information from a child under 13 without appropriate authorization (as described below), please contact us.

Children in the School. A child under 13 may use the Service in the School and in educational context, in which case we rely on the School to provide appropriate consent and authorization for us to collect personal information from student. Upon School’s request, we will provide the School the opportunity to review and delete the personal information collected from their students.

We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that the data from an EU resident under the age of 16 without parental consent was collected, we will take reasonable steps to delete it as quickly as possible. We will also comply with other age restrictions and requirements in accordance with applicable local laws.

Student Data protection and the applicable laws

The School’s use and the required collection, use, and disclosure of Student Data is governed by our terms of service and/or any other agreement with School. Further, we comply with the provisions of the Family Educational Rights and Privacy Act (“FERPA”), the Children’s Online Privacy Protection Act (“COPPA”), Student Online Personal Information Protection Act (“SOPIPA”), Student Online Personal Protection Act (“SOPPA”), and other applicable laws that may relate to the collection and use of personal information of students.

The Student Privacy Pledge (“The Pledge”). Typing Master adheres to the Student Privacy Pledge. The Pledge is an industry standard approach to privacy for K-12 service providers. The Pledge was created by the Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) and has been endorsed by the National School Boards Association (NSBA), the National Parent-Teacher Association (PTA), and the White House.

As part of our commitment to The Pledge, we commit to:

• Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
• Not sell student personal information.
• Not use or disclose Student Data collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
• Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
• Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
• Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
• Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
• Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
• Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
• Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
• Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
• Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.

The Family Educational Rights and Privacy Act (“FERPA”). The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.

The Children’s Online Privacy Protection Act (“COPPA”). The Children’s Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13.

Students Online Personal Information Protection Act (“SOPIPA”). SOPIPA applies to websites, applications and online services that focus on California K-12 students and is designed to protect their personal information.

Student Online Personal Protection Act (“SOPPA”). SOPPA applies to websites, applications and online services that focus on the students of the state of Illinois and is designed to protect their personal information.

California Assembly Bill 1584 (“AB 1584”). Assembly Bill 1584 requires all school districts in California to enter into legal agreements with software and other vendors.

Updates to this Policy

Taito Learning has the right, in its sole discretion, to modify or update these terms. The from time to time up-to-date policy will be posted here: https://typetastic.com/privacypolicy.html. The continued use of our Service shall be deemed as acceptance of the revised policy and terms. If you do not accept the revised policy, please stop using the Service.

If we make material changes to this policy and to the way we collect, use and disclose Student Data we will always provide a notice to applicable Schools and the opportunity to choose whether to continue using the Service before any such change will take effect.

Contact Us

If you have any questions or inquiries regarding this statement, you may contact us by using the contact information below. We will do our best to respond promptly.

Taito Learning Oy
SPACES, Mannerheiminaukio 1 A, 00100 Helsinki, Finland
privacy@taitolearning.com