Teach Record Of Processing Activities

Last updated 7th March 2022

INTRODUCTION

Teach Digital Software L.L.C. t/a Teach (commercial license number 1018442) of Office 1006, 10th floor, single Business Tower, Shaikh Zayed Road, Dubai, UAE (“Teach”) recognises that Article 30 of the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (also known as “UK GDPR”) and Article 30 of the General Data Protection Regulation ((EU) 2016/679) (also known as “EU GDPR”) impose an obligation to maintain a record of processing activities.

This record of processing activities sets out Teach’s data processing activities as a data controller and as a data processor.

This record is confidential but Teach will provide a copy to data protection regulators (known as ‘supervisory authorities’) on request. For the avoidance of doubt, this record does not need to be disclosed to a data subject following a data subject access request (also known as a ‘DSAR’).

1.

Controller details

Name: Teach Digital Software L.L.C. t/a Teach
Company number:UAE commercial license number 1018442
Address: Office 1006, 10th floor, single Business Tower, Shaikh Zayed Road, Dubai, UAE
Website: www.teach.io

UK REPRESENTATIVE

PrighterUK-Rep by Prighter Ltd
20 Mortlake Mortlake High Street, London, SW14 8JN, UK
https://prighter.com/q/15256454505

EU REPRESENTATIVE

PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG
Schellinggasse 3/10, 1010 Vienna, Austria
https://prighter.com/q/15256454505

2.

CATEGORIES OF DATA SUBJECTS

Teach collects personal data from the following categories of data subjects:
(a).
Teach website and platform users; prospective students (and their staff) and students (and their staff).
(b).
Teachers (and their staff).
(c).
Teach employees, job applicants and contractors.
(d).
Teach suppliers and the staff and representatives of suppliers.
3.

CATEGORIES OF PERSONAL DATA

3.1.
Teach collects the following categories of personal data about Teach website and platform users; prospective students (and their staff) and students (and their staff):
(a).
Name, job title and contact information.
(b).
Location details and electronic identification data including IP address and information collected through cookies.
(c).
Records of payments made by the student to teachers (although Teach itself does not process card or payment details).
(d).
Contractual details including details of the courses subscribed to by the student, duration of subscription, etc.
(e).
Account activity (including direct messages with other users and community hub contributions).
(f).
In the case of prospective students, the courses and other information they are enquiring about.
(g).
Marketing preferences.
3.2.
Teach collects the following categories of personal data about teachers (and their staff):
(a).
Name, job title and contact information.
(b).
Location details and electronic identification data including IP address and information collected through cookies.
(c).
Records of payments made by the student to teachers (although Teach itself does not process card or payment details).
(d).
Contractual details including details of the courses subscribed to by the student, duration of subscription, etc.
(e).
Account activity (including direct messages with other users and community hub contributions).
(f).
In the case of prospective students, the courses and other information they are enquiring about.
(g).
Marketing preferences.
3.3.
Teach collects the following categories of personal data about teachers (and their staff):
(a).
Personal details including name and contact information.
(b).
Date of birth.
(c).
Gender.
(d).
Marital status.
(e).
Beneficiary and emergency contact information.
(f).
Government identification numbers.
(g).
Education and training details.
(h).
Bank account details and payroll information.
(i).
Salary and benefit information.
(j).
Performance information.
(k).
Employment details.
(l).
Special categories of personal data, including data relating to an employee's:
(i).
racial or ethnic origin;
(ii).
political opinions;
(iii).
religious or philosophical beliefs;
(iv).
trade-union membership;
(v).
genetics, biometrics, or health; and
(vi).
sex life or sexual orientation.
3.4.
Teach collects the following categories of personal data about suppliers and the staff and representatives of suppliers:
(a).
Name, job title and contact information.
(b).
Financial and payment details.
(c).
Contractual details including details of the goods and services received from the supplier.
4.

PURPOSES OF PROCESSING

4.1.
Teach collects and processes personal data of Teach website and platform users; prospective students (and their staff) and students (and their staff) for the following purposes:
(a).
Maintaining and enhancing Teach's products and services.
(b).
Providing products and services and user management.
(c).
Account management.
(d).
Direct marketing.
(e).
Supporting network and system security.
(f).
Auditing.
(g).
Detecting and preventing fraud and other unlawful activity.
(h).
Complying with legal obligations.
(i).
Conducting web analytics.
(j).
Dealing with disputes.
4.2.
Teach collects and processes personal data of teachers (and their staff) for the following purposes:
(a).
Maintaining and enhancing Teach's products and services.
(b).
Providing products and services and user management.
(c).
Account management.
(d).
Direct marketing.
(e).
Supporting network and system security.
(f).
Auditing.
(g).
Detecting and preventing fraud and other unlawful activity.
(h).
Complying with legal obligations.
(i).
Conducting web analytics.
(j).
Dealing with disputes.
4.3.
Teach collects and processes personal data about employees, job applicants, and contractors for the following purposes:
(a).
Recruitment and selection of employees.
(b).
Personnel management.
(c).
Staff monitoring.
(d).
Human resources administration including payroll and benefits.
(e).
Complying with legal obligations.
(f).
Education, training, and development activities.
(g).
Dealing with disputes.
4.4.
Teach collects and processes personal data about suppliers and the staff and representatives of suppliers for the following purposes:
(a).
To obtain products and services (including scopes of work and costs estimates).
(b).
Supplier administration, order management, and accounts payable.
(c).
Evaluating potential and past suppliers.
(d).
Dealing with disputes.
5.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

5.1.
Teach discloses personal data to the following categories of recipients, some of which may be located in third countries or may be international organisations as defined in Article 4(26) of the UK GDPR:
(a).
Business partners.
(b).
Auditors and professional advisors, such as lawyers, accountants and consultants.
(c).
Law enforcement officials.
(d).
Third-party service providers, such as providers of:
(i).
IT system management;
(ii).
information security;
(iii).
human resources management;
(iv).
payroll administration; and
(v).
pension plan administration.
5.1.
Teach transfers personal data to the following entities which are international organisations or are based in third countries:
(a).
Amazon Web Services (AWS). AWS is an international organisation. AWS provides services to Teach which include cloud hosting and Amazon’s Simple Email Service (SES). AWS’ Service Terms (https://aws.amazon.com/service-terms/) automatically incorporate both the UK SCCs and the EU SCCs which were approved by the European Commission on 4 June 2021.
5.2.
For completeness, Teach also transfers personal data to the following organisations which are based in the UK, EU or a country which has received an adequacy regulation under UK GDPR or an adequacy decision under EU GDPR:
(a).
MongoDB Limited. MongoDB provides cloud database services to Teach. MongoDB Limited is based in the UK. In relation to EU GDPR, the UK is the subject of an adequacy decision. MongoDB’s standard terms (https://www.mongodb.com/cloud-terms-and-conditions) incorporate MongoDB’s standard-form Data Processing Agreement (https://www.mongodb.com/legal/dpa).
6.

RETENTION PERIODS

6.1.
Except as otherwise permitted or required by applicable law or regulation, Teach only retains personal data for as long as necessary to fulfil the purposes Teach collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, Teach considers the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for processing the personal data, whether the employer can fulfil the purposes of processing by other means, and any applicable legal requirements.
6.2.
Teach typically retains personal data for the periods set out below, subject to any exceptional circumstances or to comply with laws or regulations that require a specific retention period:
(a).
General website and email enquiries: 12 months from when the enquiry is resolved.
(b).
Teachers - the duration of their contract with Teach plus 7 years.
(c).
Students - the duration of them having a Teach account (although posts to community hubs, communications with other users from within the platform, etc. may be deleted before this, particularly if the relevant Teacher ceases to be a customer of Teach).
(d).
Analytics and other information collected through cookies - [period of time].
(e).
Information about employees and contractors - broadly kept for 7 years from the date on which employment/engagement ceases.
(f).
Unsuccessful job applicants - 6 months after notifying unsuccessful candidates unless Teach has a clearly communicated policy to keep candidates’ CVs for future reference or where retention is required to meet a legal obligation. Successful candidates’ details are kept in line with Teach’s policies for employees/contractors.
(g).
Suppliers and the staff and representatives of suppliers - 6 years from the end of the contract, unless a threatened or ongoing dispute requires us to keep the information for longer in order to resolve that dispute.
7.

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

Teach has implemented the following technical and organisational security measures to protect personal data:
(a).
Encryption of personal data.
(b).
Segregation of personal data from other networks.
(c).
Access control and user authentication.
(d).
Employee training on information security.
(e).
Written information security policies and procedures.
8.

LAST UPDATE

This record was last reviewed on 7 March 2022 and was last updated on 7 March 2022.

PROCESSOR DETAILS

Name: Teach Digital Software L.L.C. t/a Teach
Company number:UAE commercial license number 1018442
Address: Office 1006, 10th floor, single Business Tower, Shaikh Zayed Road, Dubai, UAE

9.

CATEGORIES OF PROCESSING

Teach processes personal data of students on behalf of teachers. Teach processes the students’ personal data to provide them with access to the teacher’s course and community via the Teach platform and to provide the teacher with information and administrative tools relating to the contract between the teacher and student for the supply of the educational course and community hub access.
10.

TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

10.1.
The teacher may be based in a third country or may be an international organisation. Teach incorporates the EU standard contractual clauses (SCCs) into its standard terms to ensure that the student’s data is safeguarded once transferred.
10.2.
Teach transfers personal data to the following entities which are international organisations or are based in third countries:
(a).
Amazon Web Services (AWS). AWS is an international organisation. AWS provides services to Teach which include cloud hosting and Amazon’s Simple Email Service (SES). AWS’ Service Terms (https://aws.amazon.com/service-terms/) automatically incorporate both the UK SCCs and the EU SCCs which were approved by the European Commission on 4 June 2021.
10.3.
For completeness, Teach also transfers personal data to the following organisations which are based in the UK, EU or a country which has received an adequacy regulation under UK GDPR or an adequacy decision under EU GDPR:
(a).
MongoDB Limited. MongoDB provides cloud database services to Teach. MongoDB Limited is based in the UK. In relation to EU GDPR, the UK is the subject of an adequacy decision. MongoDB’s standard terms (https://www.mongodb.com/cloud-terms-and-conditions) incorporate MongoDB’s standard-form Data Processing Agreement (https://www.mongodb.com/legal/dpa).
11.

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

11.1.
Teach has implemented the following technical and organisational security measures to protect personal data:
(a).
Encryption of personal data.
(b).
Segregation of personal data from other networks.
(c).
Access control and user authentication.
(d).
Employee training on information security.
(e).
Written information security policies and procedures.
12.

LAST UPDATE

This record was last reviewed on 7 March 2022 and was last updated on 7 March 2022.