Terms of service

These terms and conditions outline the rules and regulations for the use of Company Name, located at companydomain.com.

By accessing this website we assume you accept these terms and conditions. Do not continue to use Website Name if you do not agree to take all of the terms and conditions stated on this page.

The following terminology applies to these Terms and Conditions, Privacy Statement and Disclaimer Notice and all Agreements: “Client”, “You” and “Your” refers to you, the person log on this website and compliant to the Company's terms and conditions. “The Company”, “Ourselves”, “We”, “Our” and “Us”, refers to our Company. “Party”, “Parties”, or “Us”, refers to both the Client and ourselves. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of our assistance to the Client in the most appropriate manner for the express purpose of meeting the Client's needs in respect of provision of the Company's stated services, in accordance with and subject to, prevailing law of Netherlands. Any use of the above terminology or other words in the singular, plural, capitalization and/or he/she or they, are taken as interchangeable and therefore as referring to same.

Cookies

We employ the use of cookies. By accessing Website Name, you agreed to use cookies in agreement with the Company Name's Privacy Policy.

Most interactive websites use cookies to let us retrieve the user's details for each visit. Cookies are used by our website to enable the functionality of certain areas to make it easier for people visiting our website. Some of our affiliate/advertising partners may also use cookies.

License

Unless otherwise stated, Company Name and/or its licensors own the intellectual property rights for all material on Website Name. All intellectual property rights are reserved. You may access this from Website Name for your own personal use subjected to restrictions set in these terms and conditions.

You must not:

  • Republish material from Website Name
  • Sell, rent or sub-license material from Website Name
  • Reproduce, duplicate or copy material from Website Name
  • Redistribute content from Website Name

This Agreement shall begin on the date hereof.

Parts of this website offer an opportunity for users to post and exchange opinions and information in certain areas of the website. Company Name does not filter, edit, publish or review Comments prior to their presence on the website. Comments do not reflect the views and opinions of Company Name,its agents and/or affiliates. Comments reflect the views and opinions of the person who post their views and opinions. To the extent permitted by applicable laws, Company Name shall not be liable for the Comments or for any liability, damages or expenses caused and/or suffered as a result of any use of and/or posting of and/or appearance of the Comments on this website.

Company Name reserves the right to monitor all Comments and to remove any Comments which can be considered inappropriate, offensive or causes breach of these Terms and Conditions.

You warrant and represent that:

  • You are entitled to post the Comments on our website and have all necessary licenses and consents to do so;
  • The Comments do not invade any intellectual property right, including without limitation copyright, patent or trademark of any third party;
  • The Comments do not contain any defamatory, libelous, offensive, indecent or otherwise unlawful material which is an invasion of privacy
  • The Comments will not be used to solicit or promote business or custom or present commercial activities or unlawful activity.

You hereby grant Company Name a non-exclusive license to use, reproduce, edit and authorize others to use, reproduce and edit any of your Comments in any and all forms, formats or media.

Hyperlinking to our content

The following organizations may link to our Website without prior written approval:

  • Government agencies;
  • Search engines;
  • News organizations;
  • Online directory distributors may link to our Website in the same manner as they hyperlink to the Websites of other listed businesses; and
  • System wide Accredited Businesses except soliciting non-profit organizations, charity shopping malls, and charity fundraising groups which may not hyperlink to our Web site.

These organizations may link to our home page, to publications or to other Website information so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products and/or services; and (c) fits within the context of the linking party's site.

We may consider and approve other link requests from the following types of organizations:

  • commonly-known consumer and/or business information sources;
  • dot.com community sites;
  • associations or other groups representing charities;
  • online directory distributors;
  • internet portals;
  • accounting, law and consulting firms; and
  • educational institutions and trade associations.

We will approve link requests from these organizations if we decide that: (a) the link would not make us look unfavorably to ourselves or to our accredited businesses; (b) the organization does not have any negative records with us; (c) the benefit to us from the visibility of the hyperlink compensates the absence of Company Name; and (d) the link is in the context of general resource information.

These organizations may link to our home page so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products or services; and (c) fits within the context of the linking party's site.

If you are one of the organizations listed in paragraph 2 above and are interested in linking to our website, you must inform us by sending an e-mail to Company Name. Please include your name, your organization name, contact information as well as the URL of your site, a list of any URLs from which you intend to link to our Website, and a list of the URLs on our site to which you would like to link. Wait 2-3 weeks for a response.

Approved organizations may hyperlink to our Website as follows:

  • By use of our corporate name; or
  • By use of the uniform resource locator being linked to; or
  • By use of any other description of our Website being linked to that makes sense within the context and format of content on the linking party's site.

No use of Company Name's logo or other artwork will be allowed for linking absent a trademark license agreement.

iFrames

Without prior approval and written permission, you may not create frames around our Webpages that alter in any way the visual presentation or appearance of our Website.

Content liability

We shall not be hold responsible for any content that appears on your Website. You agree to protect and defend us against all claims that is rising on your Website. No link(s) should appear on any Website that may be interpreted as libelous, obscene or criminal, or which infringes, otherwise violates, or advocates the infringement or other violation of, any third party rights.

Reservation of rights

We reserve the right to request that you remove all links or any particular link to our Website. You approve to immediately remove all links to our Website upon request. We also reserve the right to amen these terms and conditions and it's linking policy at any time. By continuously linking to our Website, you agree to be bound to and follow these linking terms and conditions.

Removal of links from our website

If you find any link on our Website that is offensive for any reason, you are free to contact and inform us any moment. We will consider requests to remove links but we are not obligated to or so or to respond to you directly.

We do not ensure that the information on this website is correct, we do not warrant its completeness or accuracy; nor do we promise to ensure that the website remains available or that the material on the website is kept up to date.

Disclaimer

To the maximum extent permitted by applicable law, we exclude all representations, warranties and conditions relating to our website and the use of this website. Nothing in this disclaimer will:

  • limit or exclude our or your liability for death or personal injury;
  • limit or exclude our or your liability for fraud or fraudulent misrepresentation;
  • limit any of our or your liabilities in any way that is not permitted under applicable law; or
  • exclude any of our or your liabilities that may not be excluded under applicable law.

The limitations and prohibitions of liability set in this Section and elsewhere in this disclaimer: (a) are subject to the preceding paragraph; and (b) govern all liabilities arising under the disclaimer, including liabilities arising in contract, in tort and for breach of statutory duty.

As long as the website and the information and services on the website are provided free of charge, we will not be liable for any loss or damage of any nature.

Product

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

Link to a page

Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

Link to a page

Data Retention Schedule

Data subjects Subsets Retention Period Reason for keeping
Mobile app users Full name 1 year after users leave the products (i) or when owners (ii) request deletion Display reports to teaches in Astrid Teacher Platform
Email address 1 year after users leave the products (i) or when owners (ii) request deletion Single sign on
School name, class name 1 year after users leave the products (i) or when owners (ii) request deletion Display reports to teachers in Astrid Teacher Platform
Scoring, performance analysis and exercise assessment 6 year after users leave the products (i) or when owners (ii) request deletion For mobile app functionality, for reporting to teachers in Astrid Teacher Platform, and service improvement
Voice recordings 6 year after users leave the products (i) or when owners (ii) request deletion For continous services improvement
Device locales 1 year after users leave the products (i) or when owners (ii) request deletion For app functionality (for communication)
Users' activity such as book content and timestamp 1 year after users leave the products (i) or when owners (ii) request deletion For mobile app functionality and for reporting to teachers in Astrid Teacher Platform
System logs and application performance reports that are not need for app functionalities Automatic deletion after 90 days For Service Level Agreement (SLA) and monitoring
Emails and push notification Automatic deletion after 90 days For app functionality (for communication, if applicable by subscription)
Insight platform users (eg.: Teachers, parents) Name and email address 1 year after users leave the products (i) or when owners (ii) request deletion For app functionality
School name 1 year after users leave the products (i) or when owners (ii) request deletion For app functionality, manage subscription and contracts
(i): leave product = no learning activities for 1 month or subscription ended or other reasonable triggers for leaving the product.
(ii): owner = lawful data owner such as: end users as defined by GDPR

Data Security

1. Introduction

At Astrid Education (“Astrid”, “us”, “we”), we are committed to safeguarding the security and confidentiality of all user data gathered and processed through our proprietary systems. This Data Security Policy outlines our approach to protecting users' personal information and the measures we take to uphold data privacy. It applies to all employees, contractors, and third parties who handle or have access to data within our systems.

The creation of this security policy has been motivated by several factors. Firstly, we must comply with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR). Secondly, we aim to address growing concerns around user privacy and data protection in an increasingly digital world. Furthermore, maintaining customer trust is crucial, and we can establish this trust by demonstrating our commitment to data security and privacy. Finally, we have expectations from our customers, partners, and stakeholders regarding the protection of sensitive data which we must meet.

By implementing this policy, regularly reviewing it, and holding ourselves and our partners accountable to its standards, Astrid seeks to assure users that their data will be managed securely and in accordance with all legal and ethical obligations. Our goal is to provide a seamless experience that users can enjoy with full confidence in the privacy and protection of their information. Continuous evaluation of risks and threats, as well as open communication about security practices, will enable us to fulfill this commitment going forward.

2. Purpose

The purpose of this policy is to establish guidelines and procedures for securely handling, storing and transmitting personal data in accordance with GDPR. This policy aims to minimize unauthorized access, use, disclosure, alteration or destruction of personal data and promote a culture of data privacy and security. As both a data controller and processor, we have obligations under GDPR to implement appropriate technical and organizational measures to ensure data confidentiality, integrity and availability.

3. Scope

This policy applies to all personal data collected and processed by Astrid, including:

- User account information: Names, email addresses, usernames, passwords, etc.
- Audio recordings and analysis data: Spoken English recordings, feedback, and other data associated with a user's learning progress.
- Communications data: Support tickets, correspondence, and other interactions between users and Astrid's platform.
- System and technical data: IP addresses, device information, and logs collected for monitoring and troubleshooting.

In accordance with GDPR requirements, Astrid will only collect and process personal data that is adequate, relevant, and limited to what is necessary for the purposes of providing our service to users. We will not retain personal data longer than necessary and will establish retention schedules to fulfill our data minimization obligations. See our Data Retention Schedule for more information.

4. Policy requirements
4.1 Data Protection Principles

Astrid adheres to core data protection principles in our handling of personal data. We follow the principles of data minimization by collecting and processing only the minimum amount of personal information required to provide our English learning service to users and operate our business. We limit the use of any data to the purposes stated at the time of collection as outlined in our privacy policy.We strive to keep personal data as accurate and up to date as possible. Individuals can request corrections to inaccurate data. We protect the integrity and confidentiality of personal data through a combination of technical and organizational security controls. These controls establish appropriate safeguards based on a regular assessment of risks to users' privacy.

4.2 Policy Requirements

To uphold our data protection principles, we enforce several key requirements. Examples of such measures include the adoption of password managers, multi-factor authentication where possible, and regular reviews of access controls and security policies at least every 6 months to address emerging threats.

All individuals handling personal data complete data privacy and security training upon hiring and annually thereafter. This mandatory training educates employees and contractors about their obligations under this policy and laws such as GDPR. We provide definitions and criteria to identify sensitive forms of data that require the highest levels of protection. Sensitive data includes personal information, system account credentials, and other data that, if compromised, could cause harm to individuals or damage the organization. Sensitive data is safeguarded through encryption of digital records and strict access control.

These policy requirements work together to build a robust data privacy program with multiple layers of protection for users' personal information. However, continuous risk monitoring and policy review are still necessary in the face of evolving threats and regulations. Astrid aims to maintain a secure and prudent approach to data protection through an ongoing commitment to these principles and requirements.

5. Reporting requirements

In the event of a data breach incident, including but not limited to unauthorized access, loss, theft, or disclosure of user data, it is essential to promptly report the incident. Employees, contractors, and third parties must report any actual or suspected data breaches to Astrid's designated Data Protection Officer (DPO) or the designated point of contact within the organization, as well as the appropriate authorities. Users must also be notified.

A data breach incident needs to be reported as soon as possible to enable appropriate containment and remedial actions. Failing to report such incidents in a timely manner could expose the organization to penalties and fines under GDPR. Upon receiving the report of a data breach incident, the DPO will evaluate the situation to determine whether the breach is likely to result in a risk to the rights and freedoms of the affected data subjects. If such a risk exists, the DPO will notify the relevant supervisory authority within 72 hours of becoming aware of the incident. The DPO will also notify the affected data subjects if the breach is likely to impact their personal data, again within 72 hours.

Prompt reporting and notification of data breaches are crucial to meet compliance requirements under GDPR and to minimize any impacts on data subjects. Employees should be aware of their responsibility to report data breaches in a timely and accurate manner.

6. Responsibilities
6.1 Data Protection Officer

The DPO oversees the implementation of this policy across Astrid. The DPO monitors compliance with GDPR, this policy, and other data privacy regulations to provide recommendations on meeting our obligations. They serve as the point of contact for individuals exercising data subject rights, such as requesting access to their personal information. The DPO will also liaise with supervisory authorities, such as the Swedish Data Protection Authority, regarding our data privacy practices and the reporting of any data incidents.

The DPO stays up to date with guidance from regulatory bodies and makes changes to this policy as necessary to maintain compliance. They provide data privacy training and resources for employees and contractors. The DPO helps assess risks and address concerns related to the handling of personal data within the organization. They collaborate with the Engineering team to incorporate privacy into system designs and software.

6.2 Engineering/Developer Team

Our Engineering team is responsible for the technical implementation of data privacy and security controls. They integrate privacy by design and default into all systems, products, and software to uphold the standards of this policy. The team conducts routine audits and testing on the infrastructure, networks, and applications that store or transmit personal data to identify and mitigate potential security vulnerabilities.

The Engineering team monitors system activity and access for events that could threaten the privacy of users' data. They use encryption and access control mechanisms to protect personal data both in transit and at rest. Access to sensitive data is restricted to only those individuals with a legitimate need-to-know for their job functions. The Engineering team stays up to date with industry best practices and security standards to guard against emerging threats.

6.3 All Employees & Contractors

All employees and contractors at Astrid must comply with this Data Security Policy. Employees are required to attend data privacy training to understand their responsibilities in protecting users' personal information. Any data incidents, privacy violations, or concerns must be reported immediately to the Data Protection Officer. Failing to report policy breaches will be considered a violation itself.

Employees and contractors access and handle personal data on a need-to-know basis only. They maintain the confidentiality and security of the data they work with and do not share it improperly without authorization. Users' privacy is a collective responsibility, and employees should alert the DPO regarding any activity that could jeopardize data protection standards. Non-compliance will result in disciplinary action, as outlined in the Enforcement section of this policy. Contractors in violation of policy terms may face termination of their agreements.

7. Responsibilities

To ensure compliance with this policy and safeguard our users' personal data, Astrid will take appropriate action against violations of this Data Security Policy. Failure to comply may result in disciplinary consequences for employees and contractors.

For employees, non-compliance with this policy may first result in verbal or written warnings. Serious or repeat offenses could lead to temporary suspension of data access privileges or termination of employment. Employees should be aware that certain violations of this policy may qualify as gross misconduct and result in immediate termination of employment.

For contractors and third-party partners, violations of this policy may be considered a breach of contract and result in termination of contractual agreements. We may also terminate relationships with vendors and service providers who fail to adhere to data protection standards.Beyond internal disciplinary actions, serious policy breaches may prompt legal action against the individuals or entities responsible. We may have legal obligations under GDPR and other laws to report certain incidents to regulatory authorities, which could initiate investigations or impose fines and penalties. In some circumstances, willful or negligent mishandling of personal data could expose individuals to criminal charges.Astrid trusts that all internal and external parties will comply with this policy and prioritize data protection. However, we will take appropriate and proportionate action against those who violate policy terms to mitigate the risks of unauthorized data access or disclosure. Protecting users' privacy and security is a responsibility we take very seriously at all levels of our organization and in our partnerships. We strive for transparency, cooperation, and shared accountability on data protection matters with all stakeholders.