Dugga and how we handle your data
Your integrity and how we handle your personal information is important to us. The GDPR (General Data Protection Regulation) entered into force in May 2018 applying to all citizens of the EU. To make you feel safe with us handling your personal information we would like to explain how we work with it.
We have established routines within the company to handle requests and questions related to personal data and ensured there are binding and legally adequate data processing agreements with our external service providers.
We view our work with GDPR-compliance as an ongoing process where we keep data protection in mind in our development. We do this to ensure that Dugga’s services are always in line with any legal requirements concerning the processing of personal data, and to make GDPR-compliance as easy as possible for our customers.
Last updated: 1st of August 2020
Dugga AB (”Dugga”, ”we”, ”our”) is a software company which has developed a web based application for knowledge assessment and to conduct exams, tests and assignments in classroom and remotely. We at Dugga AB know that our users (“you”, “your”) care about how personal information (“Personal Data”) is used and shared, and we take your privacy seriously. Therefore, we will be transparent with you about the type of Personal Data we collect and how we use that Personal data. Dugga has taken appropriate measures to ensure that we follow all applicable data protection laws and regulations. We also continuously develop our work with data privacy to ensure that we always are in line with any legal requirements concerning the processing of personal data.
Data We Collect
Data You Provide to Us
We receive and store any Personal Data you or your school actively provide to us. The data provided can be your full name, email address, class, and school. It can be information related to answering questions in for instance a test, exam or assignment. In some cases, you or the school can choose to share your personal number/social security number and a photography but that is not necessary in order to use the service.
In some cases, you may opt to share id, audio, screen shots, keyboard input and video during an exam event to secure the integrity of an exam event and the environment. This tool is mainly used for remote examinations and for higher levels of education.
In Dugga you can have different roles as Teacher, Student, Administrator, Study Administrator or Exam guard.
Data Collected Automatically
Whenever you interact with our service, we automatically receive and log data (“Log data”). For example, Log data may include data such as your computer’s IP address, type and version of operating system, the screen resolution of your computer etc. Client hash is also collected by us in order to identify a student’s computer.
There are several ways to login to the service, for example with a username and password at app.dugga.se. Another way is through Single Sign On (SSO) starting from the portal that you use. When you are using Dugga Assessment we log your logins, events (create, change, read, delete), change of roles/permissions, activation of users, last login, completed assessment, assessment and given grades and who has carried out the assessment of the student.
Whenever you interact with our website or service, certain information is also provided to us from your browser through cookies. Cookies are identifiers, files or pieces of information, that allow us to recognize the browser or device and tell us how and when pages in our website/service are visited by you. Cookies may provide information on your browser type, how you navigate, and other data. Some of this may constitute Personal Data meaning that it can be traced back to an individual. We use this information to analyze how our website is being used with the purpose to improve our website’s functionality and provide you with a better user-experience.
|timezone and offset||Stores time zone data|
|sessionid||Stores encrypted session data to authenticate user|
|csrftoken||Stores encrypted session data to authenticate user|
|g_authuser_h||Stores encrypted session data to authenticate user|
|Google (multiple cookies)||Used by Google Analytics to track user behavior anonymously and by Google to save login information and visits on webpages.|
For Microsoft integrations
When a user uses Dugga in Microsoft O365 or Teams we also collect; Office 365 user Id, Office 365 tenant details in order to be able to identify the user, for error reporting and to improve the service.
For Google integrations
Students: we use your profile information, email information and your open ID for single sign on into our application. If you are a G-Suite user, you will be able to login with your google account to our application.
Teachers: we use course and calendar information, course participants to synchronize students to our database so that teachers can see their students in Dugga and are able to schedule exams with specific students/groups.
Teachers: we need access to your assignment information so that your students can create and update their course work in Google Classroom. When students submit their exams/assignment, it will be uploaded to Google Classroom in which they can see their results once it is graded.
Purpose with collecting your personal data
We use the data we receive from you in order to fulfill our agreements with our customers as a data processor and in order to operate, administrate/maintain and improve our products and services.
Our main purpose of collecting data is to:
- Provide the product and service to allow you to conduct digital knowledge assessment
- Improve the product and service by understanding how you use it
- Provide support for the product
In particular, we use your Personal Data in the following ways: to create and maintain your account; to identify you as a user in our system; to identify those who creates and assigns exams and those who takes an exam and their result; to operate, maintain, and improve our platform and services and to improve your experience; to respond to your inquiries and for technical support.
We may also use data that we collect from you which does not contain Personal Data for our own internal purposes (i.e., to monitor overall usage trends, metrics, page views, etc.).
We may post user testimonials and reviews on our website which may contain Personal Data. Prior to posting the testimonial including Personal Data we always obtain the user’s consent via email or another suitable channels. Such consent may be withdrawn at any time. To request removal of your Personal Data from Testimonials or comments please contact us at firstname.lastname@example.org.
Where we store personal data
Dugga uses subprocessors who receive and process certain Personal Data on our behalf. Please click here for a complete list of all our subprocessors. Dugga always signs legally adequate Data Processing Agreements with our external service providers.
Disclosure of personal data
Dugga will not sell or lease any of your Personal Data in personally identifiable form. We only share such Personal Data in personally identifiable form with parties as described below.
- Trusted Third Parties: We sometimes use third party companies to facilitate and improve our services. Such parties do not have the right to use the Personal Data beyond what is necessary to assist us. We have Data Processing Agreements with all Third Parties.
- Employees: We employ people to perform work on our behalf and we need to share Personal Data with some of them to be able to facilitate and improve our services. We have NDA contracts with all our employees.
- Educational institution or other course providers: We will share your Personal Data with the educational institution or organization which is linked to your use of the services. This could apply, for example, when teachers use the service in order to prepare and administrate exams or when you as a student are conducting a test.
- Business Transfers: If Dugga are acquired, or if we enter into bankruptcy, or go through some other change of control, Personal Data would be one of the assets transferred to, or acquired by, a third party. You will then be notified via email of any change in ownership or uses of your Personal Data.
- Protection of Dugga and Others: We reserve the right to access, read, preserve, and disclose any data that we reasonably believe is necessary to comply with law or a court order or apply our conditions of use and other agreements. We also may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
General Practices Related to Data Security
We take the security of your Personal Data seriously and use appropriate measures to protect it against unauthorized or unlawful processing and against accidental loss, destruction or damage. Dugga’s security measures are constantly being revised in accordance with technological developments. Which actions that are necessary will depend on the type of Personal Data and the specific risks associated with that processing. To be able to protect your Personal Data it is important that you take appropriate measures to prevent unauthorized access to your account by protecting your credentials appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. If you share your computer or use a computer that is accessed by the general public, remember to sign off and close your browser window when you have finished your session.
Dugga is committed to secure our user’s Personal data. Therefore we have taken several actions: (a) limiting employee access to Personal Data based on roles in the company, (b) conducting data privacy training for all employees, (c) technical security safeguards in order to protect it from unauthorized access, release or use, (d) contractual measures to limited the access and use. When you enter Personal Data on our site we encrypt the transmission of that Personal Data.
If Dugga is notified about a security breach or that any user’s Personal Data was used for an unauthorized purpose, we will comply with applicable data protection legislation regarding data breaches and use appropriate measures to mitigate the breach.
As a data subject you have many rights regarding your Personal Data which is collected and stored. These include: (1) the right to transparency and access to the Personal Data that is stored and processed, (2) the right to corrections of any mistakes in the Personal Data and deletion in certain situations, (3) the right to restriction of processing in certain circumstances, (4) the right to object to processing of Personal Data concerning you when such processing is based on our legitimate interest, for example direct marketing and in certain other situations (5) the right to lodge a complaint with a data protection supervisory authority, (6) the right to data portability, i.e. to receive Personal Data collected about you (7) the right to claim compensation for damages caused by our breach of any data protection legislation.
You may access, and, in some cases, update or delete Personal Data, but keep in mind that the Personal Data may be needed to use our services. If you have any questions about accessing your Personal Data, please contact us at email@example.com. We will respond to your request to access within 30 days.
How long we keep personal data
Personal Data will never be stored longer than necessary for the purpose. The retention period is based on our agreement with each educational institution, the legal obligations we have to adhere to, and our legitimate interest to communicate with your to manage the service and handle problems that may occur. In general, we will retain your Personal Data for as long as your account is active or as needed to provide you services.
You may request deletion of your account by contacting us at firstname.lastname@example.org. All of your Personal Data will be deleted from our database or deidentified when the account is closed.
Questions regarding your privacy
Questions or requests that you have regarding your privacy should primarily be sent to your school, if there are any questions specific to Dugga you can contact our Data Privacy Officer at email@example.com