This privacy policy informs you about extent, purpose and kind of usage of personal data (further data) on our website, social media profiles and in our apps in compliance with Art. 13 GDPR.

Controller

Danny Wernicke

Yukon-Straße 8

14513 Teltow

Email: support@teacherstudio.de

Fon: 0170 / 98 54 171

Imprint: https://teacherstudio.de/impressum/

Brief

We take data protection very seriously and try to accumulate only data we really need. We don’t use services like Google Analytics to collection surf statistitcs of our websites users. We don’t collect contract or payment data of our customers. We don’t create profiles of our users and we don’t collect usage statistics in our apps.

Legal basis

Legal basis for obtaining consent are Art. 6(1)(a) and Art. 7 GDPR Legal basis for processing to perform contracts and to respond to queries is Art. 6(1)(b) GDPR Legal basis for processing data for legal obligations are Art. 6(1)(c) GDPR Legal basis for processing data for the purpose of our legitimate interests are Art. 6(1)(f) GDPR

Collaboration with third parties

Data is only transmitted to third parties for commissioned data processing under foundation of legal permission (Art. 6(1(b) GPRD)), personal consent, on basis of our legitimate interests (e.g. webhosting) or legal duties. Any assignment for commissioned data processing is based on Art. 28 GDPR.

Transmitting data to third party countries

Data processing and transmission is only executed if necessary for the performance of our tasks, with your consent, due to a legal obligation/duty or because of our legitimate interests. Requirements for processing and transmission of the data are Art. 44 ff. GDPR.

Rights of affected persons

  • Corresponding to Art. 15 GDPR you have the right about information regarding your processed data and a copy thereof.
  • Corresponding to Art. 16 GDPR you have the right of rectification or completion of your data.
  • Corresponding to Art. 17 GDPR you have the right of erasure of your data or to limit the processing.
  • Corresponding to Art. 20 GDPR you have the right to receive your personal data and to demand transmittion to third parties.
  • Corresponding to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority.
  • Corresponding to Art. 7(3) GDPR you have the right to widthdraw your consent also with effect for the future.
  • Corresponding to Art. 21 GDPR you have the right to object to the processing of your data for the future.
  • Corresponding to Art. 21 GDPR you have the right to object to the processing of the provided data.

Erasure of Data

Corresponding to Art. 17 and 18 GDPR we will delete or limit the processing of your data. This is carried out when the processing is not appropriate for the purpose it was collected anymore and no legal causes prevent it.

Hosting

We use a webhosting provider to publish our online offering. It is possible that the provider collect statistical data like called web pages, date, time, sent data amount, Browser, Operating System, the previousely visited IP address. This happens due to its legitimate interests on foundation of Art. 6(1)(f) GDPR. Compulsory archiving applies.

Contacting

When contacting us via email, phone or social media your provided data is processed based on Art. 6(1)(b GDPR) to answer and process your queries. The provided information is persisted in a Ticket System and are deleted when necessary.

Social Media

We provide online presences in social networks and platforms to inform about out products and to enable our customers to contact us. The terms and conditions and privacy policies of the respective social network provider apply.

Contract- und payment data

When purchasing our apps our customers enter into a contract with the respective Store operator (eg. Microsoft, Google, Apple). All contract and payment data is processed by this operator. We don’t have any access to personal data. In the Google Play Store we get an order identification number wich has no connection to payment information like credit card numbers.

Newsletter

Regarding the newsletter and agreements

The following text informs you about the content of our newsletter. It further specifies the process of logging in, sending mails and provides information about data analysis and your rights to cancel the newsletter. In subscribing to our newsletter you agree to all those processes.

Newsletter content

We exclusively send newsletter, emails and further electronic notifications with promotional information (following called „newsletter“) with consent of the receiver or a legal permission. As long as the newsletters content is correctly paraphrased in the process of subscribing to it those contents are relevant for the users approval. We will inform you about software products made by us especially our TeacherStudio Teacher App.

Doule-Opt-In and logging

The subscription to our newsletter uses a so called Double-Opt-In-Procedure. This means you’ll receive an email after initially subscribing to the newsletter which will ask you for a second approval. This approval is necessary to prevent people to subscribe email addresses which they don’t own.

The newsletter subscribtions are logged to verify the legally correctness of the subscription process. The logged information contains the time of the subcription and confirmation as well as the used IP address. Further changes of your data saved by MailChimp are logged.

Usage of the newsletter service provider „MailChimp“

The sending of the newsletter is carried out by „MailChimp“ a newsletter service provider of the US company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients as well as their additional data described in the context of this information are saved on the servers of MailChimp in the USA. MailChimp uses this information for sending and analyisis of the newsletter on our behalf. MailChimp informs us that they can use this data to optimize and improve their own service e.g. for technical improvements when sending or presenting the newsletter as well as for economical causes to determine in which country a receiver resides. MailChimp uses the data of our users not to send them information by itself and it does not share those data with third parties.

We trust in the reliability and data security of MailChimp. MailChimp is certified by the US-EU data security agreement „Privacy Shield“ and so obligates itself to comply with the EU specifications regarding data security. Further we entered into a „Data-Processing-Agreement“ with MailChimp. This is a contract in which MailChimp obligates itself to protect the data of our users, process it appropriately to their data protection laws on our behalf and especially never to share them with third parties. You can review the privacy policy of MailChimp here.
Login data
To subscribe to the newsletter it is sufficent to enter your email address.

Optionally you can enter your first and last name. This is solely used to personalize the newsletter.

Statistical evaluation and analysis

The newsletters contain a so called „web-beacon“. This is a pixel sized file which is fetched from MailChimps servers when a newsletter is opened. This happens to collect technical information of the used browser and system as well as the IP address and the time of the opening. This information is used to technically improve the service by analyzing the technical data, target audience and reading behavior specific to the country of origin ( this can be determined by the IP address ) and time of opening.

Additionally it is determined statistically if and when the newsletter has been opened and which links have been clicked. This information can for technical reasons be assigned to the newsletters receivers. It is neither ours nor MailChimps aspiration to monitor invidual users. This statistics are used to understand our users reading habits to better tailor out content for their interests.

Online opening and data management

Their are cases in which the newsletter receivers are sent to MailChimps websites. For instance the newsletters contains a link to view the newsletter online (in case they encounter presentation problems in their email application). Newsletter subscribers can also change their data like their email address later. MailChimps privacy policy is only available on their website.
In this context we advise you that MailChimp uses Cookies on their websites which are personally identifiabel data which is processed by MailChimp, their partners and utilized services like Google Analytics. We don’t have any influence regarding this data collection. You can find further information in MailChimps privacy policy. We also want to inform you about possibilities of objection regarding data collection for promotional goals on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (European region).
Termination and revokation
You can unsubscribe from our newsletter at any time which cancels your agreement to receive it. At the same time all your approvals regarding statistic data collection and analyzing by MailChimps are revoked. Unfortunately you can’t revoke the statistical data collection and analyzing via MailChimp on its own.

You’ll find a link to cancel the newsletter at the end of every newsletter you receive.

Legal basis General Data Protection Regulation

Corresponding to the specifications of the General Data Protection Regulation (GDPR) starting with the 25. May 2018 we inform you that the consent to send the email addresses are based on Art. 6 Sec. 1 lit. a, 7 GDPR as well as § 7 Sec. 2 SubSec. 3, and Sec. 3 UWG. Adoption of the newsletter service MailChimp, execution of statistical data collection and analyzation as well as logging of the login process occur because of our legitimate interests on basis of Art. 6 Sec. 1 lit. f GDPR. Our interests are usage of a user friendly newsletter system which serves our business related interests and satisfies the users expectations.
We further inform you that you can at any time revoke your consent to allow processing of your personal data based on the legal specifications in Art. 21 GDPR. This revokation can be carried out especially against the processing of the data with the goal of direct promotions.

TeacherStudio

Personal information

All entered data if personal or not is saved locally on the device and never transmitted without explicit permission.

TeacherStudio does not collect data automatically. The data has to be entered manually or by using the import functions like the import of students via CSV files. Data can be overwritten by restoring an TeacherStudio backup file.

The user decides which data is entered in TeacherStudio. All data can be entered anonymous if so desired. All data is saved for the duration of its usage. The user can delete the data at any time.

Local security features

Personal data (name, birthday, contact information, remarks, pictures) can be locally encrypted when the user activates the local encryption in the apps options. The local encryption is optional because it can affect performance and many devices are already encrypted nowadays.

Further the user can limit access to the app by setting a password which is checked on every app startup.

Technical information

The data is saved in a storage space provided by the used operating system. This data and the provided storage path can change with a operating system update. To ensure that a newer app version can import data for backup purposes all backups should be created in TeacherStudio by the functions provided.

On Windows TeacherStudio can (like every Store App) access a subfolder with the name „TeacherStudio“ in the users Downloads folder. TeacherStudio saves encrypted backups to this folder automatically if a password for backups is set in the apps settings.

Limited, non-identifiabel technical information (such as OS version, language settings, crash information) is sent to HockeyApp in the form of crash reports to detect and correct technical problems.

Exporting data

TeacherStudio provides a function to export most of its saved data to a Microsoft Excel file. That way data can be exported and printed. Further TeacherStudio can create encrypted backup file to enable the user to restore this data. Further TeacherStudio can synchronize data between multiple devices by using a cloud provider (ff).

Usage of cloud providers

TeacherStudio can synchronize data with online storage provided by cloud services like Microsoft OneDrive and Google Drive. The requires the user to authorize with her/his username and password, which are not stored or read by TeacherStudio. TeacherStudio only stores a so called access token which the cloud service provides and allows logins without entering username and password again for a specific time. This token is stored encrypted and deleted when the user logs out of the cloud service in TeacherStudio. The token is refreshed from time to time. If it should expire the user has to authorize again.

The synchronized data itself is always encrypted and only transferred encrypted via SSL. The encryption requires a password chosen by the user which is used for encryption and decryption. Neither the cloud service provider nor we or the user can decrypt this data without knowing the password.

Sending of mails

TeacherStudio can prepare mails on demand. These mails are not sent by TeacherStudio. TeacherStudio only tells the operating systems, that a mail should be sent and which contents it should contain. This starts the mail app which is configured for sending mails on the used device.

Usage of Microsoft OneNote

TeacherStudio can link the planning of lessons to OneNote pages on demand. This requires a login with a Microsoft account TeacherStudio can then read OneNote notebooks available on Microsoft OneDrive or Microsoft Offices 365. Unique identification numbers of the OneNote pages are saved in the TeacherStudio 3database. A preview of the pages using the formats Html and Inkml is saved in the storage space of TeacherStudio. This data is not synchronized.

Permissions

TeacherStudio requires some permissions to perform its functions. Dependent on the used operating system these permissions have to be granted when installing the app or during the usage.

  • Read and write access to the storage space provided by the operating system for TeacherStudio
  • Read access to the pictures folder to choose student pictures
  • Access to the camera to capture student pictures
  • Access to the interface for handling in app purchases to purchase the app
  • Internet access to send error reports and use the cloud synchronization

Encryption

The used encryption is state of the art. The data is encrypted with AES with a key length of 256bit. The key is generated by using PBKDF2. The key is „salted“ to render so called „rainbow tables“ useless. At this time there are no successful attacks on AES known.

Third Party

TeacherStudio makes (optional) use of third party services, whose usage of information is excluded from this privacy policy. The usage of a third party service is always voluntary and clearly stated. Any data shared with those services is when technically viable encrypted before being sent or stored outside of TeacherStudio.

Remark

All information refers to the most current app version and is compiled to the best of our knowledge. Changes can be necessary due to improvements and changes of the app. We are not responsible for improper use of function (e.g. entering personal data in fields which are not designated for it).