fbpx

Privacy Policy

 

PRIVACY NOTICE FOR PROCESSING PERSONAL DATA BY KOOD/JÕHVI

This Privacy Notice describes the purpose and extent of processing your personal data by Mittetulundusühing Tuleviku Tehnoloogiaharidus, registry code 80583085 (kood/Jõhvi).

  1. GENERAL PROVISIONS
    1. kood/Jõhvi ensures that the processing of personal data is in accordance with the legislation regarding the protection and security of personal data (including the General Data Protection Regulation of the European Union, GDPR), other personal data protection legislation, and good business practices.
    2. kood/Jõhvi considers the privacy of individuals and the protection of their data important and makes the best efforts to ensure the security and protection of the information system and other data carriers.
  2. DEFINITIONS
    1. Platform means the online learning platform for Students provided by kood/Jõhvi and/or the data processors.
    2. Processing of personal data means viewing, collecting, saving, storing, altering, transmitting, or receiving personal data and other activities related to personal data.
    3. Student means a person who is enrolled in the curriculum of kood/Jõhvi and uses the Platform.
  3. PURPOSE OF THE PROCESSING OF PERSONAL DATA AND ITS LEGAL BASIS 
    1. kood/Jõhvi processes personal data necessary for enrolling students in courses, tracking their progress, assigning grades, providing tasks and resources, facilitating communication between students and kood/Jõhvi and educators, and maintaining records as required by educational standards and regulations. Data pertaining to the gender of the Students is collected for statistical purposes, the aim of which is to foster diversity and involvement in the tech sector by providing educational services.
    2. In general, the legal basis for such a purpose is carried out in accordance with Article 6(1)(b) of the GDPR. Such processing is necessary for the performance of the learning contract to which the Student is a party or in order to take such steps at the specific request of the Student prior to entering into a contract. Sometimes the processing of data is necessary for legitimate interests under Article 6(1)(f) of the GDPR provided those interests are not outweighed by the Students’ rights and interests. 
    3. kood/Jõhvi is processing the following personal data:

Processing activity

Data categories

Purpose

Legal basis

Account Management

Full name

Email address 

Date of birth

Enrollment status

Gender

To register students on the platform and create individual user accounts that allow access to courses and content

Contractual obligation (Article 6(1)(b) of the GDPR)

Identity Verification

Full name

Personal ID code

Residence permit information

Document photo

Nationality

To identify the students’ identity prior to or in the course of enrolment

Contractual obligation (Article 6(1)(b) of the GDPR)

Personalized Learning Paths

Academic records

Course preferences

Interaction data (e.g., pages visited, content viewed)

To tailor the educational experience to each student’s needs and preferences, optimizing their learning outcomes

Contractual obligation (Article 6(1)(b) of the GDPR)

Course Management

Attendance records

Assignment submissions

Grades and evaluations

To administer courses, track attendance, collect and grade assignments, and record academic achievements

Contractual obligation (Article 6(1)(b) of the GDPR)

Communications

Postal address

Phone number

Communication preferences

To send updates, course notifications, and other relevant communications to students

Contractual obligation (Article 6(1)(b) of the GDPR)

Online Assessments

Test responses

Grades

Feedback comments

To administer assignments, tests, and exams, provide grades, and offer feedback on student performance

Contractual obligation (Article 6(1)(b) of the GDPR)

Platform Analytics

Usage data (e.g., login frequency)

Browser and device information

Feedback and survey responses

To analyze how the platform is used and to identify areas for technical improvement and content enhancement

Legitimate interest, to improve and optimize the platform’s functionality and content (Article 6(1)(f) of the GDPR)

Compliance with Legal Requirements

Identification data

Academic records

To comply with legal obligations related to education law, health and safety regulations, and record-keeping standards

Legal obligation, to comply with applicable laws and regulations (Article 6(1)(c) of the GDPR)

Technical Support

User account data

Technical logs

Interaction data (for troubleshooting)

To provide assistance with technical issues or account-related problems

Legitimate interest, to ensure the reliable operation of the platform and user satisfaction (Article 6(1)(f) of the GDPR)

Security Measures

Login data

Access logs

Network information

To safeguard the platform from unauthorized access, cyber threats, and to ensure the integrity of student data

Legal obligation, to ensure the security of personal data under data protection laws (Article 6(1)(c) of the GDPR)

 

4. HOW KOOD/JÕHVI COLLECTS PERSONAL DATA 

    1. kood/Jõhvi collects personal information on the Platform directly when the Student:
      1. registers an account on the Platform, providing information such as name, email address, date of birth, and enrolment details;
      2. participates in educational activities, including forum discussions, assignments submission, and assessments, wherein they input personal academic data;
      3. customizes their user profile and learning experience by entering preferences, learning styles, and feedback;
      4. engages with communication tools on the platform, for instance, when sending messages or emails, contributing to discussions, or requesting support;
    2. kood/Jõhvi collects personal information indirectly on the Platform when:
      1. the administrative system of kood/Jõhvi integrates with the platform, transferring necessary student information such as accounts, enrolment status, and academic history;
      2. kood/Jõhvi inputs grades, evaluations, and feedback into the system related to student performance and participation;
      3. kood/Jõhvi collects data via cookies and similar technologies to facilitate platform functionality, including but not limited to login data, IP addresses, browser types, and access times;
      4. the Platform automatically generates records of student interactions, such as time spent on learning materials, progress tracking, and resource access patterns;

kood/Jõhvi provides aggregated data for the purpose of educational research or analytics that may contain information derived from student performance and usage metrics.

5. TRANSMISSION OF THE PERSONAL DATA

        1. kood/Jõhvi processes personal data in the European Union (EU) and within the European Economic Area (EEA). kood/Jõhvi receives, transmits, and processes personal data only digitally.

6. DISCLOSURE OF PERSONAL DATA

          1. kood/Jõhvi engages third-party service providers to provide, run, and maintain the Platform on our behalf. These service providers have access to your personal data only to the extent necessary to perform their services, and they are contractually obligated to maintain the confidentiality and security of your information.
          2. We may disclose your personal data if required to do so by law or in good faith belief that such action is necessary to comply with legal obligations, such as platform exchange of tax information or anti-money laundering obligations.
          3. Infrastructure service providers

Data Processor

Processing activity

Territory

FutureCoders OÜ

Providing, running, and maintaining the Platform

Estonia

Veriff OÜ

Identity verification

EEA

 

7. RETENTION AND DELETION OF PERSONAL DATA 

    1. The storage period of personal data depends on the legal obligations to store data (i.e. accounting regulations), contractual obligations, and legitimate interest or consent to provide the best services:

Data type

Purpose

Retention time

User Account Information

To manage student accounts on the platform and provide access to services

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement, except for information necessary for accounting purposes, which shall be retained for 7 years after expiry of the student agreement

Verification Data

To identify the students’ identity prior to or in the course of enrolment

Retained for as long as the processor conducting identity verification retains the data. For further information, refer to the privacy policy of the processor

Academic Records

To document the educational history and achievements of students

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement

Coursework and Assignments

To evaluate student performance and provide a record of work completed

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement

Examination Data

To maintain a record of assessments for accreditation and educational continuity

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement

Communication Logs

To provide a record of communications for accountability and to facilitate educational services

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement

Personalized Learning Data

To support individualized learning experiences and improvements to educational offerings

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement

Technical Logs and Usage Data

To ensure the integrity, security, and improvement of the platform

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement, then securely deleted or anonymized

Feedback and Survey Responses

To enhance the educational services and platform features

Retained for the duration of the student’s enrollment, and for a period of 3 years after the expiry of the student agreement, then anonymized for further analysis if needed

 

8. RIGHTS OF THE STUDENT (DATA SUBJECT)

    1. The Student (data subject) shall have the right at any time to request:
    2. access to personal data (accessed via the Platform);
    3. correction of inaccurate personal data;
    4. require the deletion of personal data;
    5. restriction of processing of personal data;
    6. withdrawal of data-processing consent (if applicable).
    7. In order to exercise these rights, the Student must submit a declaration to privacy@kood.tech. The application shall be responded to within a maximum of 30 calendar days.
    8. The Student has the right to lodge a complaint against the processing of personal data with the supervisory authority, which is the Estonian Data Protection Inspectorate. 

9. CHANGES AND VALIDITY

      1. kood/Jõhvi has the right to change the conditions for processing personal data. In the event, that there are substantial changes, kood/Jõhvi will provide at least 1 (one) month’s notice in advance through the Platform before the substantial changes take effect.
      2. The conditions for processing personal data are valid from 01.01.2024.