Spiky.ai Personal Data Policy
Introduction and definition of key terms
We need to compile, store, evaluate, and report information about learners to do our job. In order to protect such data, customers need to know about our policies, so we have tried to write a straightforward and succinct personal data policy.
Let’s start by defining some key terms:
- “We”/”our” refer to Spiky.ai.
- “Partner(s)” refers to companies on whose behalf Spiky processes personal data.
- “End-user(s)” refers to people who use our products.
- “Personal data” is used as defined by the European Union’s General Data Protection Regulation (GDPR): https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en.
We collect personal and activity data.
To identify your machine or device, we use tracking technologies such as cookies (small files stored on your browser), web beacons, and device identifiers (collectively also known as cookies) so that we can assess the efficacy of the design and advertisement of our website, provide you with a better experience, verify your identity, or otherwise promote the provision of services to the information society. Information such as the browser, operating system, and IP address is also registered by our systems.
The types of personal data we collect
The personal information that we obtain from partners about end-users can include any of the following:
- [ROUTINELY] Data on educational product interactions (e.g., beginning a lesson, answering a question, watching a video)
- [OFTEN] Assessment data: test scores, estimates of proficiency, observations by teachers
- [SOMETIMES] Demographic data: age group, gender, residency status
- [RARELY] Precise identity information: name of the mentioned name, surname, date of birth
How we share personal data
Except where this is necessary by law, Spiky.ai does not sell, rent, transmit or otherwise distribute personal data. However, as part of partnerships with researchers to advance the science of learning, we can often exchange data in a fully de-identified form (so that it is no longer 'personal data').
Required legalese: Even though Spiky.ai will not participate in any onward transfer of personal data to any third party (unless compelled by a lawful governmental order), Spiky.ai will remain liable for any third-party processing of personal data unless Spiky.ai can prove that it is not responsible for the event giving rise to the damage.
Protecting Your Information
To help protect your information, we use a number of security measures, including SSL, encryption, and authentication tools. Unless a more extended retention period is needed by law, we will not retain your personal data for longer than is appropriate for our business purposes.
We will not share your Personal Data with third parties without your express consent, except in the limited circumstances described below: We may share your Personal Data with third-party service providers for limited purposes.
If authorized by statute, regulation, or litigation, and if necessary for the purposes of national security, law enforcement, or other matters of public interest, we will share your personal data.
You can request your personal data at any time to be seen or removed.
To update or alter any personal information that we have stored, such as your name, address, and email, you can sign in to your account. You can also contact us by email or otherwise request clarification as to whether we are processing your personal information, access to and a copy of your personal information. Whenever it is incorrect or incomplete, you can also request the rectification of your personal information by contacting us at any time through firstname.lastname@example.org. However, we must and will verify your identity, for your own good, using fair means. For this and other good reasons, we reserve one month's time to provide you with details on measures taken to request entry, rectify, delete, port or limit or object to the processing of personal data. Where appropriate, the duration may be extended by two more months, taking into account the complexity and number of requests.
Our technology also utilizes state-of-the-art protocols for scientific, administrative, and physical security. For example, data is encrypted both when stored on our website and while traveling back and forth to partners; data access is granularized so that individuals, instruments, and services can access only data specific to their current mission.
We might share anonymized behavioral data.
We do not share any personally identifiable information (such as name, country, and email) with third-party service providers and external websites. But we might share anonymized behavioral data.
No ad companies collect data through our service. We do not allow advertising firms to collect data for ad targeting through our service.