Latest update: May 18, 2018
Hypersay is excited about GDPR compliance. Hypersay was originally constructed with a culture of strong data privacy and security principles that are at the heart of GDPR. Being an Education Technology company, our principles of data privacy and security are vital to our growth.
That being said, we still want to detail and justify every piece of data we collect from our users. The table below goes through each piece of data we collect and the reasons we do so.
Hypersay collects a variety of information that you provide directly to us. We process your information when necessary to provide you with the Service that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you, or for analytics, research, and reporting purposes. Without your information, we cannot provide you with the Services you have requested or you may be limited in your use of the Services.
We do not collect any sensitive personal information such as health-related information, racial or ethnic origin, political opinions, religious beliefs, trade union activities, or sexual life.
Learn Forward is the “data controller” of all personal information that is collected on behalf of and used by Hypersay customers.
|Personal Data||Why we need it|
|Your primary e-mail address||We must know your e-mail address so that we can distinguish you from other users of the website and allow you to sign in and establish a bi-directional communications with you. This information is private and it won’t be shared or made public.|
|Secondary email addresses||Sometimes you use multiple email addresses with your social media accounts. If you have a different email address on LinkedIn or Facebook and you connect with that account, we store it so that we know it is you. If you later sign in with any of the e-mail addresses. This information is private and it won’t be shared or made public.|
|Your name and nickname||When you upload a document, you host a live session or participate in one, you become a part of a small community. This community is able to see your name and your nickname. You can change your nickname per session. Although we won’t advertise this information, others, including in some cases the general public may see your name. You can change your name at any time (although we don’t recommend using anything else besides your real name)|
|Profile picture||Our platform is aimed to make communication more effective and humans like to see each other’s faces. We show your profile picture in live sessions participants list and also to show who answered a question. This data has the same policy and nature as your name. You can change it at any time.|
|Social media unique identifiers||We need this information to allow your login with different social networks (such as Google, Facebook or Linkedin). These identifiers are stored privately and securely in our database and will not be transmitted, shared or made public at any time.|
|Browser token||This is a short password-like string of characters that we use to identify and sign you into our platform and then remember who you are when you open your browser again. This information is securely stored in your browser and deleted when you log out.|
|Your unique user ID||This is an identifier we securely store in our database and it makes possible that you can change your email address while keeping all of your data. It is not used for processing and it will not be transmitted, shared or made public at any time.|
|Login IP||We store this address to detect fraudulent login attempts. We also process this address to create anonymous statistics about the countries and cities where Hypersay is used to help us with understanding how to localise it better.|
|Login history||We store your logins history (just the date) so that we can offer you an audit trail in case you suspect somebody is using your account without your permission|
|Your Answers||We store your answers to the interactive elements (such as quizzes, open ended questions or taps on images). We share them with you and the presenter. The presenter can show them to the audience, but your answers are not publicly available, nor indexable. We might publish summarized public statistics that are not identifiable and completely anonymous (e.g. the number of answers given for a specific question, or for a specific session or for the entire Hypersay platform)|
|Answer histories||We store your answer histories (for example how your answer changes for a quiz) so that we can provide an audit trail and undo functionality. We don’t share the the data publicly or with the presenter, but we might chose to process it for totals and statistics (e.g. for a presenter we might have the option to show “on average your participants changed their mind X times for this quiz”)|
|Documents you upload|
We securely store a copy of the files you upload so that you can revisit them . We don’t make the file public and we do not and will not process the file outside the scope of Hypersay’s purposes. You would not be able to find your uploaded document by using a Google search. The only way to access documents you upload is by knowing the session code.
When you upload or give us a link to an existing document, we process the contents of the document we and extract and store the relevant data so that we can offer you the Hypersay experience. We make this data available for you and your participants and for the people that know the unique code and access the page.
You can automatically delete this information for documents that haven’t been used in live sessions with more than three people. You can ask us to delete any of your documents (including those that you used to present to more than 3 people), but we kindly ask you to consider your audience’s interests before deleting them.
If your account is deleted as per your request or because of data expiration policy (we delete personal data after three years of account inactivity), we anonymise your presentations and keep them for archiving purposes, as read-only documents. You may ask us to delete your documents instead of anonymising them when you request your account erasure.
We may delete documents or part of them as part of legal requirements or issues such as copyright infringement or if they don’t comply with our content policies (e.g. no pornography and no hate speech).
|Customisations you make on the documents||Hypersay allows you to add and remove content on your uploaded documents (or those you start from scratch). These customisations are not part of the original document, but they still belong to you so all the policies described above for the documents also apply for customisations.|
|Details on live sessions you host||When you host a session, some of your personal data (for example name, profile picture, relevant document and customisation contents, but not the email address) is shared with the participants. Although we don’t publish the session code, anybody that knows this code can join your presentation, anonymously or as a signed in user.|
|Details on live sessions you participate in||When you join a live session, some of your personal data (for example name, profile picture, but not email address) is shared with the presenter and with the session participants. If the presenter allows anonymous logins, you can join a live session anonymously, by logging out first and then joining the session.|
|Questions you ask and you upvote||Questions you ask are shared for the presenter and the other session participants with your name. You can delete your questions. We also store (for the purpose of computing the question score and disallow anybody to vote multiple times) your vote for any of the questions. We don’t publish or share with the presenter or anybody which questions you voted. We only allow registered participants to ask questions to the presenter.|
|Claps you receive and give||As a token of appreciation for the presenter, you can applaud the presenter. All of the claps are stored in our database as individual events and are summarized per page and per presentation. We don’t publish or share with the presenter or anybody who clapped, just the anonymous summaries.|
|Feedbacks you receive and give||At the end of a live session you can send feedback in the form of a star rating and a text comment. The presenter receives only an aggregated score and the text of any feedback. We do not send, publish or otherwise process your name, image or anything that can be used to identify you. Feedback is anonymous and we only share it with the presenter if more than 3 participants have provided feedback.|
|Notes you take||The notes you take are linked to pages in documents. They are your own and not shared with anybody and you can delete any note you wish.|
|Pages you visit||We need this information to analyse which content we need to improve and how to technically optimise Hypersay (for example it will tell us which pages we need to preload so that you have a faster experience). This data is not published or shared with anybody.|
|Device Information||When you visit Hypersay some information is automatically collected from your device (e.g., mobile, computer, laptop, tablet) such as operating system, access times, browser information (e.g. type, language). This data is not published or shared with anybody and it is used in its aggregated form by us to understand usage patterns and which improvements we need to address next.|
Only children aged 16 or over can provide their own consent. For children under this age, consent of the children’s’ parents or legal guardians is required.
We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
We use a carefully selected list of service providers. Please find the list below, together with information on their location, a link to their data protection compliance page and our comments on how you're affected. We might change this list as new opportunities show up, and we’ll let you know about it.
|Service Provider||Why and which data we share|
Amazon Web Services Inc.
Headquarterd in United States, Servers and data in Ireland
Infrastructure as a Service
AWS provides the servers where we run the programs that process the information and store your files.
Email and website analytics
Google operates our company email systems. We use them when you contact us via email, and Google receives your e-mail address and message contents.Google also provides website analytics services (but they are not linked to any identifiable individual using Hypersay
United States, All data stored in Ireland
Database as a Service
We use the database to store Hypersay records on users, documents, etc.
Email as a Service
SendGrid sends e-mail messages on our behalf (e.g. sign-in codes, messages with reports, notifications, session notes). To send the message they need your e-mail address and the contents of the e-mail. For us to ensure the message deliverability and success, we might also check if links were clicked.
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
Hypersay takes technical and organizational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information.
Combined Information. You consent that, for the purposes discussed in this Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.
Aggregate/De-Identified Data. We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others. By using the Services, you consent to such use.
To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the Services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. Contact him using the form in our Data Protection page or via the web chat option of this page.
Using our GDPR Page, you can:
We don’t use any automated decision-making, including profiling. As the your data you provide is essential for you to use Hypersay, and we don’t process it for any other purpose your lack of consent means you cannot use our services. If you revoke your consent after creating your account, it means you cannot use our services and the services are suspended until you change your mind or you ask for erasure.
We store your data for the period of the service up to seven years after your last interaction with Hypersay. We may keep some of your information for a longer period for historical, statistical or scientific purposes with the appropriate safeguards in place. You can request us to erase your personal data at any time.
If you are unhappy with our way of handling your personal data, you have the right to lodge a complaint with a supervisory authority (click here for the list of Data Protection Agencies).
We kindly ask you to consider contacting us first, before lodging a complaint, as we can probably find a solution that is faster and better for you.
We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. Any changes to the policy will be accessible through the Services and communicated to you by way of an e-mail or a notice on our website