Who is Responsible for your Personal Data?
- when you visit our website www.classtime.com ("the Website"), or
- when you use the learning platform or other services offered through the Website (the "Services").
We process your personal data:
- either as a data controller, which means that we are directly responsible for your personal data, or
- as a data processor while performing a contract with your school, company or other institution. In this case, it is your school, company or other institution that is primarily responsible for your Personal Data.
Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
What Personal Data do we Process, for which Purposes, and on which Basis?
1. When you Visit our Website
When you visit our website, the server automatically logs general technical information. This data includes your IP address, browser type, internet service provider, referring pages, operating system and date/time stamp.
We use essential cookies to ensure that our Website and Services function properly. We do not use any other, non-essential cookies (e.g. for marketing purposes).
Our blog may include certain social media features, such as the Facebook "Like" button, and widgets, such as the "Share This" button or interactive mini-programs. These features may collect data from a user's log files. Your interactions with these features are subject to the privacy policies of the companies providing these features.
2. When you Use our Services
When you use our Services, we collect the following personal data from you:
- Registration/login data: When you register to use our Services, we collect your contact details (which may be pseudonymized in the case of students) and other relevant personal data that you provide us with on this occasion. If you authenticate yourself with an existing account (Microsoft, Google, etc.), Classtime will receive the necessary personal data (e.g. name, email address) from these services. Students can also use Classtime with a pseudonym.
- Communication data: We store communication between you and us, such as service-related emails regarding account management, notifications on technical issues or changes to the Services.
- Other personal data: We process other personal data you store on the learning platform of your own accord or that result from your use of the learning platform.
- Technical information: We log and process certain technical information in connection with your use of our Services.
We process your personal data primarily to provide you with our Services. Accordingly, our grounds for processing is the contract for the use of our Services:
- with you, if we act as data controller, or
- with your school, company or other institution, if we act as a data processor.
In addition, we process your personal data if we are required to do so to comply with legal obligations.
In specific cases, we can also process your personal data on the basis of our legitimate interests, for example to ensure IT security and data protection or to enforce or defend legal claims.
Finally, we process your personal data for the following purposes not relating to you as an individual person:
- If you have a teacher account, we analyze certain technical information in connection with your use of the Services to improve our Services. Your personal data is pseudonymized before such processing.
- We may share data with universities from Switzerland, the EU or the EEA for scientific research purposes. Prior to sharing, we take reasonable steps to anonymize or otherwise de-identify your personal data to the best of our ability.
Based on our interest in informing people who are interested in our Services about our offers and about any new developments, we can send you newsletters and info mailings. You can opt out of receiving such information at any time.
When and how do we transfer your personal data to third parties?
It may be necessary for us to transfer your personal data to third parties in order to fulfill the contract, to protect our interests, or to comply with legal regulations:
- We may engage third parties to perform certain business-related functions, including but not limited to IT (such as maintaining databases, sending e-mail messages, providing and developing certain service functions, maintenance and security), payment, billing and collection, or marketing. If we engage a third party to perform such a function, we will only provide that third party with the data it needs to perform its specific function.
- We may share data with universities from Switzerland, the EU or the EEA for scientific research purposes. Before we share your data, we will take reasonable steps to anonymize or otherwise de-identify it to the best of our ability.
- We may disclose collected data if and to the extent necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property or the rights or property of our users (including, without limitation, against liability claims), or (iii) protect the security or integrity of the Services.
- We may share your personal information with third parties to whom we transfer our business or parts thereof or with whom we merge.
If we transfer your personal data to third parties outside Switzerland or the EU and EEA, we comply with the provisions of the applicable data protection laws on international data transfers, e.g. by concluding standard contractual clauses (and implementing additional security measures, if necessary).
We do not rent or sell your personal data to third parties.
Our database is stored on certified servers in Switzerland, which are operated either by us or by an IT service provider commissioned by us.
We protect your personal data in particular by means of the following technical and organizational security measures against unintentional, illegal or unauthorized manipulation, deletion, modification, access, disclosure, use or loss:
- connections between app and server and to the database are encrypted (TLS),
- data is stored encrypted in the database ("encrypted at rest"),
- only selected employees have access to the database,
- 2-factor authentication is possible using, for example, Google oder Microsoft SSO (single sign-on) ,
- daily backups.
How Long do we Keep your Personal Data?
We only store your personal data for as long and to the extent necessary for the purposes described above or for legal reasons.
Personal data stored in user accounts will be deleted 6 months after deletion of the corresponding account.
What are your Rights in Connection with your Personal Data?
Subject to applicable law, you have the following rights in connection with your personal data:
- Right to access your personal data,
- Right to have inaccurate personal data rectified,
- Right to erasure (“right to be forgotten”),
- Right to restrict the processing of your personal data,
- Right to data portability,
- Right to object to the processing of your personal data.
Please note that exceptions apply to these rights. In particular, we may be obliged to further process your personal data in order to fulfill a contract, to protect our own legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. In these cases, we can or must reject certain requests or comply with them only to a limited extent.
To exercise your rights in connection with your personal data, please contact us by e-mail at email@example.com.
If we act as a data processor, we will forward your request to the relevant data controller.
Links to other Websites
Our Website links to third-party websites that are not operated or controlled by us. We are not responsible for whether and how these third parties comply with data protection laws.
If you are not satisfied with the way in which we process your personal data, you have the right to complain to the Swiss Federal Data Protection and Information Commissioner FDPIC or, if the GDPR is applicable, to your competent supervisory authority.
If we act as a data processor, the data protection authority competent for the relevant data controller is responsible for your complaint.
Please contact us first before submitting a complaint. This will enable us to try to resolve it directly. The easiest way is to contact us by e-mail at firstname.lastname@example.org.