What personal data we collect and how
At our websites, we do not collect personal data unless you as a visitor provide us with it. This can be through a contact form, request quote, request sample report or the downloading of a whitepaper, guide or E-book. In these cases, you have to fill out some personal information such as name, email address and other contact info, to access the services provided. However, you need also to carefully read and approve on this privacy statement before doing so.
How we use personal data and why
Personal data is only used for either our legitimate business interest, such as marketing purposes, research and to help us personalise our services, or for the performance of our services to you such as provide you with customer support or process your requests (e.g. request quote, contact or sample report).
Following is a complete list of our websites’ objectives of collecting your personal data:
- Web form: „Follow us“
We will only use the personal data collected, i.e. your name and email address, in order to send you updates via email and for analytical and marketing purposes. If you provide us with this data and accept this privacy statement, you give your consent for us to do this.
- Job application (through careers.ouriginal.com)
If you apply for a job at Ouriginal through our website, we will only use your personal details to be able to contact you regarding the recruitment process. Please note that careers.urkund.com is operated by Teamtailor AB and has its own Privacy Statement which you can find here. If you have applied for a job and wish to be completely removed from the system, click here.
Data protection and safety is something that we take very seriously. It is very important that your data is protected and that is why we take serious measures to prevent your data from being stolen. Our servers are protected behind firewalls and our database is completely closed and cannot be called from outside. We will never sell your data to third parties nor will we give it away to third parties with the solemn exception if we are obligated by law (e.g. due to request by law enforcement authorities).
We may use third parties for the processing of personal data for some of our services. We will only do this if it is necessary to provide the service. For instance, we use Salesforce.com for the processing and sending of our newsletter. When you receive an email from us, we may also use analytical tools to measure and collect data. For example, we might measure when you open the email and what links you click on. However, we can ensure you that all third parties that will ever process your personal data has their own adequate level of protection when it comes to personal data.
If you have provided us with contact details and accepted this privacy statement by the checkbox in our forms, we may occasionally send you emails with relevant and, in some cases, personalised messages and promotions. This could be about product updates, events, webinars, offers etc. You always have the option to unsubscribe from these messages.
How to erase your data
You always have the right to change, update, amend or completely erase your personal data from our database. You can also ask for a record of your personal data in our database. If you wish to do any of this, please send an email to firstname.lastname@example.org and we will fulfil your request. Please note that me may need to verify your identity to be able to update/remove your personal data. This could mean a copy of your ID or other approved identification.
Do you have any questions regarding our use of personal data, or wish to raise a complaint, please let us know. You reach us via email@example.com.
Ouriginal and the EU General Data Protection Regulation (GDPR)
Most educational organisations have a purpose description of how and why they manage personal data in the day to day operations and what data processing assistants they use to achieve these. For any service that the school use, where the Service Provider has access to personal data, certain requirements are imposed on you as a data controller. You will, among other things, investigate whether you, via the Service Provider manage personal data – and if so, how you process personal data, what personal data you process and what legal grounds you have for processing personal data.
Your Service Providers should be able to assist you with this. Ouriginal has its own Personal Data Processing Policy and the personal data we process, and how we manage them, are listed therein. In terms of purpose, Ouriginal does not have its own purpose in this, but deals only with tasks as assigned and instructed by the educational organisations. You will thus need to state in your own purpose description or policy on which legal grounds you allow our management of said data.
Lawfulness of processing
If you use Ouriginal, you will process personal information through Ouriginal, where Ouriginal is a data processor. Most schools refer to the necessity of being able to check students’ documents so that they do not contain plagiarism – as part of their tasks of assessing and grading – as the legal grounds for doing so. In GDPR there is support for this under Article 6e, that states, “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”. Several EU Member States are currently investigating a broader interpretation of Article 6f of the GDPR “General Interest” definition. Schools may also be able to utilise this as legal grounds for processing personal data for the purpose of assessing and grading.
It may be good to know that there is a limited possibility of using consent as legal grounds, since it is not considered valid when there is significant inequality between the data subject and the data controller, therefore such consent cannot be considered voluntary.
Most educational organisations consider it sufficient to describe their purposes and the systems they consider necessary, and thus use, to support these. These systems must then state, in their own policy, and in the Personal data assistant agreement, which personal data are processed, how they are processed and what security measures guards the personal data they have access to.
- H1 Communication AB – 1st line support (Sweden)
- Teknik i Media Datacenter Stockholm AB – Network and OS-level server provider (Sweden)
- Easy Correct ApS – Software technology provider: Feedback solution (currently only for customer utilising Feedback functionality) (Denmark)