The MathemaTIC team considers data security to be our top priority and we are committed to maintaining the highest standards in accordance with established best practices and legal requirements. We strive to hold your data in a secure manner while helping you attain your educational goals.
For your reference, we have compiled the following information providing you with an overview of our current data policy and answers to frequently asked questions regarding the General Data Protection Regulation (GDPR).
The GDPR is a strong move forward in the protection of data across the European Union. Effective May 25 2018, it has replaced the EC Data Protection Directive (EC/95/46), bringing new legal rights for individuals, extending the scope of responsibilities for data controllers and data processors while enhancing the regime for enforcement.
The new regulations in the GDPR enhance the protection of personal data (any information that can identify a person, from names and emails to identification numbers). Personal data of a more sensitive nature (such as ethnicity or sexual orientation) is given even higher protection in the GDPR and requires stronger grounds to collect.
The GDPR applies to any organization that collects personal data from an individual residing in the European Union. This means individual rights are protected no matter where the organization is located. The right of consent has also been strengthened. In order to acquire personal information, consent must be an active process, separate from other processing, involving clear and plain language.
In addition to regulating the behavior of organizations, the GDPR also grants new rights for individuals. These rights aim to give individuals more control over their data and how it is processed. The information below should help individuals familiarize themselves with what rights they have under the GDPR:
The GDPR distinguishes two important roles that classify what an organization must to do comply with the regulation. Your ministry of education, academic institution, or organization decides the purpose and method of data processing on MathemaTIC and are therefore considered data controllers. Vretta, as the learning technology partner for MathemaTIC, is considered a data processor since the data is processed on behalf of the data controller, as per its instructions.
Vretta has implemented rigorous safeguards to protect your data. An encryption configuration necessary to achieve an ‘A’ grade on Qualys SSL Labs Report is maintained. All personal data is kept strictly confidential, meaning only those authorized for access may process it and personal data is processed only as per instructions from the data controller.
Protocols have been established to handle data processing. Just as Vretta guarantees the confidentiality and security of data, you can be assured that at the end of the service any personal data processed will be erased. Additionally, should a data breach occur, Vretta will immediately report the event and its details to the data controller upon its identification
Vretta has a team of highly specialized data personnel responsible to process data and to ensure that it is fully compliant with data protection regulations. Its data team monitors data integrity, accuracy and confidentiality and performs regular security reviews. The team keeps a record of all processing activities. When an inaccuracy is discovered, the data is updated without undue delay.
Vretta’s Data Protection Officer (DPO) keeps Vretta’s management fully updated on data protection responsibilities, risks and issues. The DPO also deals with access requests and approvals of any contracts with third parties that may handle sensitive data. Since large amounts of data is handled on a regular basis, the DPO oversees the compliance with the GDPR.
Vretta's Data Management Framework details the policies concerning the usage, storage, dissemination, and deletion of all data that is collected. If you would like to know more, download the Data Management Framework by clicking the link or the icon below.
If you would like to request any of your data from MathemaTIC, download the Data Request Form by clicking the link or the icon below, fill in the details, and send the document as an email attachment to email@example.com.
Data Controllers may download a Data Processing Agreement that serves as documented instructions between the Data Controller and Data Processor. This documentation is necessary in some jurisdictions, including the European Union.
A Data Governance Agreement is maintained between your Data Controller (the data department at the Ministry of Education) and Vretta to share data that is requested. Your Data Controller will not have visibility of names of students, teachers, or schools. Here is a snapshot of what they can see when data is sent to them:
|53621||1234||34355||227||11/12/2017 14:02||11/12/2017 14:02||27655||27655||0||0||0||0.25|
|24536||1235||35226||228||11/11/2017 17:03||11/11/2017 17:04||80987||0||0||0||80987||0.65|
|24356||1455||26644||229||12/27/2017 21:04||12/27/2017 21:04||25657||0||0||25657||0||0.95|
|97812||6444||7555||230||9/25/2018 13:04||9/25/2018 13:04||31440||0||31440||0||0||0.33|
|32566||5999||53211||607||9/15/2018 23:58||9/15/2018 23:58||11322||11322||0||0||0||0.15|
The data we share with your Data Controller is created when you use the MathemaTIC app. The data we send includes user identifiers, which are needed to ensure data is accurately associated to the right user across all events on the system. The app creates a unique identifier for each time a user starts a new activity, as well as what time an activity is started and when it ends. The app also tracks how much time is spent in each of the available languages, which makes it easier for the Data Controller to identify languages that need more inclusion. Finally, the score for each activity is available (ranging from 0 to 1), which makes it possible for the data department of your Data Controller to assess student performance.
If you have any questions or concerns, feel free to contact Vretta’s Data Protection Officer at firstname.lastname@example.org.