GDPR

TOPP-N GDPR Compliance Document

Introduction:

Welcome to TOPP-N! This document outlines our commitment to General Data Protection Regulation (GDPR) compliance and how we handle personal data on our platform. Your privacy and data security are of utmost importance to us.

Data Controller:

TOPP-N serves as the data controller for the personal data processed on the platform.

Purpose of Data Processing:

1. User Accounts:

   • To create and manage user accounts for students, supervisors, and teachers.

   • To personalize user experience, including account customization and language preferences.

2. Educational Data:

   • To facilitate the evaluation process, including the creation and management of evaluation forms.

   • To streamline the review and feedback process for student daily reports.

3. Communication:

   • To enable communication within the platform through nested messaging functions.

4. Document Management:

   • To organize and manage documents related to students, including assignment sheets and supplementary materials.

5. Group Notifications:

   • To provide notifications related to group activities, invitations, and critical information.

Data Collection and Processing:

1. Categories of Personal Data:

   • Usernames, names, surnames, phone numbers.

   • Educational data such as evaluations, daily reports, and documents.

2. Legal Basis for Processing:

   • Processing is necessary for the performance of a contract (user agreement) and to comply with legal obligations.

Data Security Measures:

1. Encryption:

   • Data transmitted between users and the platform is encrypted.

   • Sensitive data is stored securely using encryption.

2. Access Controls:

   • Access to personal data is restricted based on user roles.

   • Only authorized personnel have access to sensitive data.

3. Regular Audits:

   • Regular security audits are conducted to identify and address potential vulnerabilities.

Data Subject Rights:

1. Right to Access:

   • Users can request access to their personal data.

2. Right to Rectification:

   • Users can update and correct their personal data.

3. Right to Erasure:

   • Users can request the deletion of their personal data.

Data Retention:

1. User Accounts:

   • Data is retained as long as the user account is active.

   • Inactive accounts may be deleted after a specified period.

2. Educational Data:

   • Evaluation and daily report data may be retained for historical and analytical purposes.

Third-Party Services:

1. Service Providers:

   • We use reputable service providers for hosting, data storage, and other essential services, ensuring their GDPR compliance.

Contact Information:

If you have any questions or concerns about our GDPR compliance or how your data is processed, please contact our Data Protection Officer at toppn@moso.as

Changes to this Document:

We reserve the right to update this GDPR compliance document as needed. Any changes will be communicated to users through the platform.