Privacy Policy for GydEd Services

  1. Basic Understanding

    1. This Privacy policy explains how, when and why your end-users’ Personal Data is being processed by Gyded and is applicable to all use of websites and services administered by Gyded. For the purpose of this policy, any reference to “Gyded” or “us” shall mean Gyded i Stockholm AB, company registration no. 559157-3034. “You”, “your”, and “yours” refers to you, your institution, and your end-users. Gyded i Stockholm AB is the data controller of any Personal Data and other information you provide when using a service offered by us. A “Service” includes the “Chatbot,” which refers to the chatbot solution integrated into the Learning Management System (hereinafter LMS) and used by university students, and the “Dashboard,” which refers to the real-time dashboard that Gyded provides for university administrators to track engagement with and responses from the Chatbot. Gyded always processes Personal Data in accordance with the General Data Protection Regulation (“GDPR”) as well as any national legislations, regulations etc. applicable to the processing of Personal Data.
    2. Your end-users’ rights to privacy and integrity are important to us and we are therefore cautious when handling your Personal Data and aim to limit the processing only to information that is required in order to provide our services to you.

  2. Personal Data

    1. What is Personal Data?
      1. Personal Data is any kind of information that directly or indirectly refers to an identified or identifiable person.
    2. What personal data is Gyded storing?
      1. We do not store any personal identifiable information pertaining to students. The only information stored relating to students is their LMS-specific user IDs, which we encrypt. For the functionality of the Dashboard, we store user information for school administrators that access the Dashboard including their email address and name.
    3. What personal data is Gyded processing?
      1. For the purposes stated in this privacy policy, Gyded will process name, email address, course enrollment, university affiliation and any other information provided as agreed upon separately by Gyded and our customers.
      2. Process refers to using institutional APIs to query data using the aforementioned stored LMS-specific user IDs.

  3. Children’s Personal Data

    1. Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

  4. Cookies

    1. A cookie is a small data file that our Service plants on your hard drive. In the Chatbot, our cookie files contain information about the LMS-specific user ID and authentication-related information in the form of a JSON Web Token (JWT). Our cookies cannot read data off your hard disk or read cookie files created by other sites. We do not use any cookies that track user traffic patterns.
    2. Through the settings of your web browser, you can manage how and when processing of cookies should be possible. However, please note that disabling us from processing cookies may affect the usage of our Service and some functions may not work properly.
      1. Cookie expiration
        1. The JWT cookies expire after 5 minutes, after which a new JWT is generated upon page reload which refreshes the expiry time with another 5 minutes.
      2. First- and third-party cookies
        1. First party cookies are cookies that are set by the website that you are visiting and it's only this website that can access and read these cookies. The JWT cookies are first-party cookies and the only cookies we use.
        2. Third party cookies are set by someone other than the owner of the website you’re visiting. We do not use third-party cookies.
      3. Types of cookies and how we use them
        1. Necessary cookies
          1. The JWT cookies are necessary cookies required for the basic functionality of our Chatbot to work.
          2. We use the necessary cookie for authenticating requests from the Chatbot to our servers.
          3. It's not necessary to accept nor possible to reject the use of necessary cookies as they are core for the functionality of our website.
          4. Here are the necessary cookies we use, what we use them for, the specific cookies providers and each cookie’s duration:
            1. Host: The LMS provider
            2. Name: jwtoken
            3. Description: This JSON web token is generated and stored as a cookie by the LMS provider so the Chatbot can access it and authenticate its request to the server. The information in the JSON includes:
              • userid: An LMS-specific user id
              • secret_school_id: A school-specific id used to validate the JWT secret in our server
              • iat: Time of JWT creation
              • expiration: Time of JWT expiration, set to 15 minutes

  5. Processing

    1. Purpose of processing
      1. Gyded processes Personal Data when providing the Dashboard. We process this to present student responses and engagement, on an individual level, in the Dashboard.
      2. The aforementioned purposes are examples, and the use of Personal Data for these are conditioned upon receiving explicit consent from our customers. Such consent is given separately in the Terms & Conditions of our partnership agreement.
      3. Gyded may also use aggregated data (anonymous data that is not traceable to an identifiable person, and thus not Personal Data) in machine learning models for predictive analysis and to generate statistics and comparison data for the benefit of our users.
    2. Basis for processing
      1. Gyded will only process your Personal Data with your clearly given, and informed, consent. You have the right to withdraw your consent anytime, which can be done by sending an email to hello@gyded.me if you’re a Dashboard user or by contacting your institution of you are a Chatbot user and student.

  6. Protection And Storage Of Personal Data

    1. All information provided by you through the Chatbot or Dashboard is under the protection of Gyded and Gyded adheres to the Market Research Society Code of Conduct (found here), which ensures that your identity will be kept strictly confidential and will not be passed to any third parties, without your explicit consent.
    2. Gyded uses third party servers located both inside and outside of the EU/EEA. Your Personal Data is protected by both technical and organizational measures, including computer safeguards such as firewalls and data encryption. We urge you to always keep your password secret, to avoid any unauthorized access to your Service account. We may inform you if we learn of any data breaches affecting your Personal Data and have processes in place for this.

  7. Protection And Storage Of Personal Data

    1. Your Personal Data will never be forwarded to any third party unless such usage is explicitly requested or permitted by you – either separately or in accordance with this privacy policy.
    2. Guaranteeing proper safety for your Personal Data is of utmost importance. Therefore, transfer of Personal Data is only performed after careful consideration and with suitable data processing agreements in place. For the transfer of Personal Data outside of EU/EEA, Gyded will always secure the same level of protection of your Personal Data as if processed within the EU/EEA. This, by entering into standard contractual clauses in accordance with GDPR or in other ways, ensures that there is a legal basis for the transfer or processing in accordance with GDPR.

  8. Log Data

    1. When using our services, we collect Log Data which is information that your browser sends to us. This Log Data may include information such as your computer’s Internet Protocol ("IP") address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

  9. Service Providers

    1. We may employ third-party companies and individuals due to the following reasons:
      1. To facilitate our Service;
      2. To provide the Service on our behalf;
      3. To provide Service-related services; or
      4. To assist us in analyzing how our Service is used
    2. We want to inform our Service users that these third parties may have access to your Personal Data. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose and the Personal Data will always remain in databases controlled by us, unless it’s transferred in accordance with clause 7.

  10. Links to Other Sites

    1. Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

  11. Term Of Processing

    1. Gyded will only process your Personal Data for a duration agreed upon individually with each customer.

  12. Your Rights To Obtain Extract, Correction, Erasure Etc.

    1. As a Dashboard user, you have the right to obtain and extract the information Gyded holds about you. If you want to obtain such a statement, or if you wish to correct information or data, object to, or restrict a certain processing of your data, you are welcome to contact Gyded at hello@gyded.me. Gyded will also assist you, if requested, with the transmission of your data to another controller (so called “data portability”), and/or delete information regarding you and/or your use of the Dashboard. However, please be aware that if you ask us to delete all information from your user account you will no longer be able to use the Dashboard where a user account is mandatory for access.
    2. As a Chatbot user, similar requests are made through your institution who then file a request with us.
    3. We hope that questions regarding our processing of your Personal Data can be resolved effectively through communication between us. However, please be informed that you always have the right to file an objection with the Swedish Data Inspection Authority (“Datainspektionen”), regarding our processing of your Personal Data.

  13. Updates

    1. This privacy policy may be updated without prior notice. In case of any significant changes or updates, Gyded will send an email to our point-of-contact at the institution and post a notification on Gyded’s website (www.gyded.me).

  14. Contact Details

    1. Gyded i Stockholm AB, company registration no. 559157-3034, Fleminggatan 7, 112 26, Stockholm, Sweden, email address: hello@gyded.me