Introduction & Objective
This privacy policy was last updated on January 10, 2018.
TEDIC Association (‘TEDIC’, ‘we’, ‘us’ or ‘our’) is committed to legal, transparent and fair managing of your personal data and the privacy thereof. We treat everything related to your personal data with integrity and respect.
Scope & Related Policies
This privacy policy describes which personal data we process, how we process them and for what purposes. It also explains your options about how we use your data.
When we refer to ‘TEDIC’, ‘we’, ‘us’ or ‘our’ in this policy, we mean ‘Technology, Education, Development, Research and Communication Association’, which controls the data that TEDIC collects when you use our services. TEDIC offers a collaborative tool used for project management. References to our product in this policy include our own cloud hosting tool, website and mobile applications developed by TEDIC. We call this set of tools “Services”.
The scope of this policy, along with our Terms of Service and Security Policy, determine how we process your personal data and also determine your rights and obligations as our users.
Definitions
Personal Data refers to any information related to an identified or identifiable natural person (‘data subject’). Simply put, any data that can identify or point in the direction of a living person.
Processing is any operation or set of operations performed with personal data or sets of personal data, either by automated means or not.
Under this policy, TEDIC can be the data controller (‘controller’) or the data processor (‘processor’) of your personal data, depending on the context of the personal data provided.
A data controller can be the natural or legal person, public authority, agency or other body that, either by itself or jointly with others, determines the purposes and means of processing personal data. TEDIC is a controller when it uses personal data for marketing, reporting, campaigning and incentive programs. We do this only when we have a legitimate interest based on TEDIC’s mission and vision or when you have given us your consent to do so.
A processor can be a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. TEDIC is a processor in cases of user authorization, providing information to subscribers to communication channels, and in other scenarios as defined in our Terms of Service.
User/customer data for any personal data/information uploaded, transmitted, or connected while using TEDIC services: the natural person or persons to whom these data is/are referred is/are the interested parties and you are the data controller. We refer to this data as User/Client Data in our Terms of Service and Privacy Policy.
End users are users who are not direct users of our Services, which means that they are not being charged for our Services, and there is an administrator or organization that administers the Services for them.
Cookies are small files placed on your device when you visit a website. These files usually contain data such as the website name and a unique user ID. They can be easily viewed and deleted. Cookies are used for a variety of purposes and, given that some cookies are used to identify users, all cookies are subject to GDPR (General Data Protection Regulation).
Summary
Your privacy matters. That is why our policies have to do with transparency. In this Policy, we will explain how we collect, use and share your information. We will also explain how and where we store your data and how we process them. In the following section of our Policy, we will discuss the following topics:
- What personal data we collect about you
- How we use your information/personal data
- TEDIC as data processor of users
- How we share your information
- Service processors
- Security
- How and where we store and process your information
- Principles
- The following are the principles regarding the data we collect.
1. What personal data we collect about you
We collect your data only when you provide it to us while using our services, and when our third-party processors, with whom we have proper contracts that are subject to EU regulations, provide them to us. We recommend that you read below our detailed list of all the data we collect and for which purposes.
Many of our functions and options require some personal data (basic functions and options such as email communication). However, you can choose not to provide us with personal data (username, profile pic, etc.) for nonessential functions. Please note that in certain situations, data supply is a legal requirement.
Account and profile information
When you sign up to an account to receive information, we only ask for your email address; adding a profile pic and other details is optional.
Your content provided through our websites
We collect content that you upload while using our websites, including our social media channels. This refers to the feedback you provide on our surveys, promotion campaigns and events.
Your use of services
We collect information about you while you use our services. We basically track your visits and interactions with our services. This information includes the functions and plugins you use, details about your activity collaboration, device and operating system, as well as browser type.
Cookies and other tracking technologies
We and our third-party processors use cookies and other tracking technologies to recognize you in different services and devices and provide better user experience and functionality.
2. How we use your information/personal data
Here we explain how we use your data depending on the purpose.
For research & development
We always strive to improve our communication and better integrate it with other applications you use. This means that we use the data we collect on how you (and others) use our Services to shorten the transposition process, identify trends in user behavior, and map activity patterns. This helps us identify the accurate areas for future improvements to TEDIC projects and programs.
For communicating with you about Services
When you sign up to our Services, you accept these communications and, in most cases, you cannot opt out. When the opt-out option is available, you will find it within the communication itself or in the configuration section of your account.
For marketing, promotional campaigns, and engagement
We create promotional content that may be tailored to your interest. That is why we email or display it in ads through our social networks. We use your contact information and the information about how you use our Services, so that the content is as relevant as possible to you. These ads appear on different websites and platforms (such as Facebook, Twitter and Google). All of this content is intended to drive engagement and help you use our Services to the fullest. In addition to emails and ads, we also create requests for surveys, newsletters and informative product content.
Legitimate interest and legal rights
We use your data when we need to protect our legal rights and interests and the interests of others, as well as when the law requires us to do so. In these cases and as always, we use your data only when necessary.
With your consent
There are specific purposes, not previously listed above, that require your consent so that we can use your data. We always ask your permission in these cases (for example, when quoting you on our website or post your story, photography on our blog or social networks). When you give us your consent to use your data for a specific purpose, you have the right to change your mind at any time, but if any processing has already been done, this will not be affected.
3. TEDIC as data processor of users
As specified under article 28 of the GDPR, the relationship between the data controller and the person in charge of the data treatment must be made in writing. An online form is also acceptable under subsection (9) of the same article. Our Terms of Service and Privacy Policy serve as your data processing agreement. TEDIC will process your data according to your written instructions as data controller, unless acting without such instructions is required by law.
You can upload and transmit your data within our Services. We neither see nor control such data, and we process them on your behalf in accordance with our Terms of Service. You are responsible for ensuring that all data that you upload and transmit have all the relevant consents or the appropriate privacy policy for transmission and processing. This means that it is also your responsibility to ensure that any private, sensitive or confidential information that you upload regarding the use of Services is not available or disclosed to unauthorized or unwanted viewers. We expressly disclaim any liability for unauthorized exchange, distribution, publication or display of any private, sensitive or confidential information.
4. How we share your information
When we collect or process your data. Depending on the context, purpose and type of data, members of different teams are in charge. All our workers have gone through extensive and adequate training programs, so they are knowledgeable of privacy principles and the relevant legal requirements. We will never share your data, unless as described below:
Sharing with third-party apps
We work with third-party apps to make our Services more integrated and easier to collaborate with you, our users. When you add a new functionality or change the behavior of the Services by enabling third-party apps, you can grant those apps access to data such as your name, email, and any context you choose to share. What you choose to share with those apps and on its websites are governed by their policies, not ours.
Sharing with third-party widgets
Some of our Services contain widgets and social media features. They collect your IP address, details of the webpage being visited on the Services, and may set a cookie to allow the function to work properly. These widgets and functions are hosted by a third-party or directly on our Services. Their interactions with these features are governed by the privacy policy of the company that provides them.
Sharing with police and prosecution authorities
We will share your data in situations where: we must comply with any law, applicable regulation, legal process or government request, including compliance with national security requirements; we must enforce our Terms of Service, Policy Privacy and other agreements; we must protect the safety and integrity of our products and services; when we believe it is necessary to respond to an emergency related to preventing the death or serious injury of someone; when we need to protect TEDIC, our clients or the public, from damages or illegal activities.
Sharing with your consent
When you give us your consent, we will share your data with third parties. You can revoke your consent at any time, just contact us and send us your request.
Sharing on business transfers
If there is a merger, sale of company assets, financing or acquisition of all or part of TEDIC to another non-profit association or company, it shall be notified by email. This will inform you of the options you can have with regards to the situation.
Sharing with third-party service processors
In the following section, we list all the third-party processors with which we have contracts. We work with them in order to provide website development and apps, hosting, maintenance, backup, storage, processing payments and other services, which may require access or use of some of your data. When these Service Providers require access to your information to perform services on our behalf, they do so under our instructions, including following policies and procedures designed to protect your information.
5. Service processors
We sometimes use external processors for processing some or all of your personal data. Here we list them all. We make sure we have signed contracts only with third-party processors that comply with the GDPR. These external processors have access to your personal data only to perform these tasks on our behalf and they are forced not to disclose or use them for any other purpose.
Matomo – This is a web analytics service that tracks and reports website traffic that is alternative to Google Analytics. Matomo uses the collected data to track and monitor the use of our Services. You can use the data to contextualize and customize the ads of your own ad network. For more information read Matomo’s privacy policy.
Facebook Ads Manager – This is an ad management tool developed by Facebook. It is designed to create ads, manage when and where they will be published, as well as tracking the performance of those ads. Facebook and Instagram can use a company’s CRM data (email, phone number) to match data with people in its database in order to create a customized audience for ad campaigns. Facebook Pixel Code uses cookies for ads in Facebook and Instagram’s advertising network.
MailChimp – We use this marketing automation platform in order to keep in touch with you through email. This happens when we send you our newsletter or we include you in our incentive program. This is where you can read more about the MailChimp policy.
Twitter Ads Manager – This is an ad management tool developed by Twitter. It is designed to create ads, manage when and where they will run, as well as tracking their performance. Twitter may use CRM data of a person and company (email, phone number) in order to match the data with the people in its database to create a customized audience for campaign ads.
BigBlueButton – This is a cloud-based platform used for video calls. With your permission, we sometimes record video calls for documentation purposes. The videos along with your name and number (if provided) are always removed within 2 weeks.
Whatsapp business – This is a message management tool developed by Facebook. It is designed to create ads, manage groups and profiles of users that subscribe to receive ads. Whatsapp business may use CRM data of a person and company (email, phone number) in order to match the data with the people in its database to create a customized audience for campaign ads.
Telegram Channel – This is a message management tool developed by Telegram Messenger Inc. It is designed to create ads, manage groups and profiles of users that subscribe to receive ads. Telegram Channel may use CRM data of a person and company (email, phone number) in order to match the data with the people in its database to create a customized audience for campaign ads.
6. Security
We have designed our platform based on human rights standards and guidelines. When it comes to security, encryption, storage and user data backup copies, everything we do is described in our Security Policy. We recommend that you read it and contact us should you have any questions or concerns.
In the event of a data breach, we will follow the procedures in place that guarantee that we will inform you and respond to the data breach in a timely manner.
How and where we store and process your information
Where we store and process your information
Personal data collected by TEDIC is stored and processed in Paraguay, USA, France and Germany, where TEDIC’s operational facilities are located. Our main storage is located in the USA, with an external backup in France. We make sure that the data we collect under this privacy statement are processed in accordance with the provisions of this policy, our Terms of Service, and the requirements of applicable law wherever that data is found.
How we handle data transfers
We transfer, process and store your data from your region to the US and France. The US is not a member of the European Economic Area, but we use a variety of legal mechanisms and contracts to ensure that your rights and protections travel and are applied with your data.
Erased data
When you cancel your account in TEDIC databases, we will delete all your data in the following 30 days.
6. Rights of the interested parties
We will always make sure that you can correct, modify, delete or limit the use of your data. You can update your data directly by writing to our contact form.
Right to be informed
You can request details about the collection and use of your data at any time. This also includes the purposes for processing your data, the retention periods of that personal data, and with whom it will be shared.
Right of access and rectification
A right of access is your right to access all the personal data that we have about you and your right to obtain information about how we share, store, secure, and process that data. A right of rectification is your right to request the modification of any inaccurate personal data we hold about you.
Right to delete personal data and data retention
This is your right to request the deletion of all personal data that we hold about you. This right is subject to certain limitations under applicable law. If we comply with your request, you may no longer be able to use our Services. Your data will be removed from all our storage devices and servers in the following 30 days after the fulfillment of your request.
Right to data portability
This is your right to request a copy of the personal data we hold about you in an electronic format of common usage, and the right to transmit them to another place.
Right to restrict the processing of personal data
This is your right to request the restriction of how and why we use or process your personal information.
Right to object to justified treatment for reasons of legitimate interest
This is your right to object to how or why we process your personal data.
Right to withdraw consent
You have the right to withdraw your consent at any time. This action will not affect the legality of processing based on consent prior to withdrawal.
Right to not be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling. This right is limited and does not apply in cases where the decision is: authorized by law (i.e., fraud purposes); based on your explicit consent; necessary due to the contract between an organization and you.
Right to lodge complaints or report abuse for EU users
If you believe that the processing of your personal data violates applicable laws, you have the right to lodge a complaint with a competent supervisory authority in your country of residence. If you need to report abuse or have any questions about how to exercise your rights listed above, we strongly recommend that you contact us.
7. Minors
Although our website and services are not intended for minors, we are aware that children or adolescents under 16 could try to access our website and Services. We do not knowingly collect personal data of children under 18. If you are under 18, do not use or provide any data on our website and Services. If we find out that we have collected or received personal data from a minor, we will delete all such data within a reasonable period of time. Prior to deleting any data, we might request proof of identification to prevent malicious removal of the account information. If you think we may have information about a minor, contact us at our contact form. Please acknowledge that we do not verify the age of our users nor do we have any responsibility to do so.
8. Updates and changes to the Privacy Policy
We may change this privacy policy from time to time in order to provide greater transparency and inform you of any changes. If a significant change occurs, you will be notified by email or with a prominent notice on our website. All previous versions of this policy will be kept in a file for your review. You can review our privacy policy at any time, and we recommend that you do so in order to be up-to-date with our practices and your rights when it comes to protecting your privacy.
9. Contact us
Questions, comments, and requests regarding this privacy policy are welcome and should be directed to our contact form. For other forms of contact, please visit our website.
Other optional items you should consider adding to the policy
Links to other websites
Our services (website and apps) contain links to other websites. We are not responsible for the content of those websites or their privacy policies. If you visit those websites, please note that any information you disclose and/or share on them become public information. We strongly recommend that you review the privacy policies and other general conditions of use of each website you visit.
Do not track
TEDIC does not perform tracking, none of our services respond to DNT signals.
Effective date of the User Agreement and Privacy Policy: September 13, 2020.