Privacy Policy

Introduction

Repetitio ("we", "our", or "us") is committed to protecting the privacy and security of our users ("you" or "user"). This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our application, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. By accessing or using our web application, you agree to the practices described in this Privacy Policy.

Data Controller and Data Protection Officer

Repetitio is the data controller responsible for the personal data processed through our web application. For any inquiries or concerns regarding your data, you can contact our Data Protection Officer (DPO) at:

Data Collection and Usage

  1. Anonymous Usage
    • Users have the option to use the application anonymously without creating an account. In this mode:
      • Data is stored locally on the device and is not synchronized with cloud services.
      • Users cannot communicate with other users, including teachers and guardians.
      • Users cannot generate personal QR codes.
  2. User Registration
    • Students:
      • Students may register using their email address or continue to use the app anonymously.
      • Registered students can optionally provide their name and surname to help teachers and guardians identify them. If not provided, a unique ID will be used.
      • The application collects input data such as photos, PDFs, PPTs, DOCs, and user preferences (e.g., themes, fonts, accessibility settings) to enhance the user experience.
    • Teachers and Guardians:
      • Registration with an email address is required for teachers and guardians.
      • Teachers and guardians can add students to their classrooms or dashboards via QR codes, facilitating the management and tracking of student performance.

Purposes of Data Collection and Processing

  • Enhancing User Experience: Collecting user preferences and input data to customize and improve application functionality.
  • User Identification: Helping teachers and guardians identify students through optional name and surname input.
  • Educational Tracking: Facilitating the management and tracking of student performance and study sessions.
  • Security and Compliance: Ensuring the application’s security and compliance with legal obligations.

Data Storage

  • User preferences, questions, answers, and metrics are stored locally to ensure data accessibility and optimal application performance.
  • Aggregated coarse metrics for added students are available to guardians and teachers to monitor educational outcomes.
  • Study session data and quiz participation information are stored locally within the respective applications.

Data Sharing

  • Data is shared between students, teachers, and guardians through QR codes and local storage synchronization, ensuring secure and efficient data transfer.
  • Metrics and answers are shared to provide insights into student performance, supporting targeted educational interventions.

Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data for specific purposes.
  • Contract: Processing is necessary for the performance of a contract with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your data protection rights do not override those interests.

User Identification

To assist teachers and guardians in identifying students, students may optionally provide their names. If no name is provided, a unique ID will be displayed. This approach balances privacy with the need for effective identification in educational settings, helping to personalize the learning experience and accurately track progress.

Parental Consent

For children under the age of 16, parental consent is required for certain activities and data processing. For children under 13, specific restrictions apply, and parental consent is mandatory as per regulations like the Children's Online Privacy Protection Act (COPPA) in the United States. Our application includes mechanisms to obtain and verify parental consent as needed. For detailed guidelines on youth safety, refer to our community guidelines.

Unified Application Platform

Our application provides distinct login modes for students, teachers, and guardians within a single platform. This differentiation is represented separately in the data flow for clarity. Each user type has access to functionalities tailored to their specific roles and requirements.

Data Subject Rights

Under the GDPR, users have the following rights regarding their personal data:

  • Right to Access: You have the right to request copies of your personal data. We may charge a small fee for this service.
  • Right to Rectification: You have the right to request correction of any inaccurate information. You also have the right to request that we complete information you believe is incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions. This is also known as the "right to be forgotten."
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions. This means we can store the data but not use it.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions. This applies to data we process by automated means and which you have provided to us based on consent or contract.
  • Right to Object: You have the right to object to our processing of your personal data, under certain conditions. This includes the right to object to processing your data for direct marketing purposes.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within one month, as required by the GDPR.

Security Measures

We implement robust security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal data. These measures include, but are not limited to:

  • Encryption: Data is encrypted both in transit and at rest to ensure confidentiality.
  • Access Controls: Access to personal data is restricted to authorized personnel only, based on role and necessity.
  • Regular Security Assessments: We conduct regular security audits and vulnerability assessments to identify and mitigate potential risks.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The criteria used to determine our retention periods include:

  • The nature and sensitivity of the data.
  • The potential risk of harm from unauthorized use or disclosure.
  • The purposes for which we process the data and whether we can achieve those purposes through other means.
  • Applicable legal requirements.

International Data Transfers

Repeticio operates globally and may transfer your personal data to countries outside of your home country. When we transfer data across borders, we ensure appropriate safeguards are in place to protect your data in compliance with the GDPR. These safeguards may include:

  • Standard Contractual Clauses (SCCs): Contractual clauses approved by the European Commission to ensure adequate protection for personal data transferred outside the EEA.
  • Binding Corporate Rules (BCRs): Internal rules adopted by multinational companies to allow intra-organizational transfers of personal data across borders in compliance with the GDPR.

Changes to This Privacy Policy

We may periodically update this Privacy Policy to reflect changes in our practices, legal requirements, or other operational reasons. We will notify users of significant changes through the application or other appropriate channels. Continued use of the application after such changes have been made will constitute your acceptance of the updated Privacy Policy.

Contact Information

For any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Conclusion

By using our application, you consent to the data practices described in this policy. Repeticio is committed to protecting your privacy and ensuring a secure and educational environment for all users.