At our websites, we do not collect personal data unless you as a visitor provide us with it. This can be through a contact form, request quote, request sample report or the downloading of a whitepaper, guide or E-book. In these cases, you have to fill out some personal information such as name, email address and other contact info, to access the services provided. However, you need also to carefully read and approve on this privacy statement before doing so.
Personal data is only used for either our legitimate business interest, such as marketing purposes, research and to help us personalise our services, or for the performance of our services to you such as provide you with customer support or process your requests (e.g. request quote, contact or sample report).
Following is a complete list of our websites’ objectives of collecting your personal data:
Data protection and safety is something that we take very seriously. It is very important that your data is protected and that is why we take serious measures to prevent your data from being stolen. Our servers are protected behind firewalls and our database is completely closed and cannot be called from outside. We will never sell your data to third parties nor will we give it away to third parties with the solemn exception if we are obligated by law (e.g. due to request by law enforcement authorities).
We may use third parties for the processing of personal data for some of our services. We will only do this if it is necessary to provide the service. For instance, we use Salesforce.com for the processing and sending of our newsletter. When you receive an email from us, we may also use analytical tools to measure and collect data. For example, we might measure when you open the email and what links you click on. However, we can ensure you that all third parties that will ever process your personal data has their own adequate level of protection when it comes to personal data.
If you have provided us with contact details and accepted this privacy statement by the checkbox in our forms, we may occasionally send you emails with relevant and, in some cases, personalised messages and promotions. This could be about product updates, events, webinars, offers etc. You always have the option to unsubscribe from these messages.
You always have the right to change, update, amend or completely erase your personal data from our database. You can also ask for a record of your personal data in our database. If you wish to do any of this, please send an email to firstname.lastname@example.org and we will fulfil your request. Please note that me may need to verify your identity to be able to update/remove your personal data. This could mean a copy of your ID or other approved identification.
Do you have any questions regarding our use of personal data, or wish to raise a complaint, please let us know. You reach us via email@example.com.
Most educational organisations have a purpose description of how and why they manage personal data in the day to day operations and what data processing assistants they use to achieve these. For any service that the school use, where the Service Provider has access to personal data, certain requirements are imposed on you as a data controller. You will, among other things, investigate whether you, via the Service Provider manage personal data – and if so, how you process personal data, what personal data you process and what legal grounds you have for processing personal data.
Your Service Providers should be able to assist you with this. Ouriginal has its own Personal Data Processing Policy and the personal data we process, and how we manage them, are listed therein. In terms of purpose, Ouriginal does not have its own purpose in this, but deals only with tasks as assigned and instructed by the educational organisations. You will thus need to state in your own purpose description or policy on which legal grounds you allow our management of said data.
If you use Ouriginal, you will process personal information through Ouriginal, where Ouriginal is a data processor. Most schools refer to the necessity of being able to check students’ documents so that they do not contain plagiarism – as part of their tasks of assessing and grading – as the legal grounds for doing so. In GDPR there is support for this under Article 6e, that states, “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”. Several EU Member States are currently investigating a broader interpretation of Article 6f of the GDPR “General Interest” definition. Schools may also be able to utilise this as legal grounds for processing personal data for the purpose of assessing and grading.
It may be good to know that there is a limited possibility of using consent as legal grounds, since it is not considered valid when there is significant inequality between the data subject and the data controller, therefore such consent cannot be considered voluntary.
Most educational organisations consider it sufficient to describe their purposes and the systems they consider necessary, and thus use, to support these. These systems must then state, in their own policy, and in the Personal data assistant agreement, which personal data are processed, how they are processed and what security measures guards the personal data they have access to.