Privacy Policy - Typewiser

Typewiser Privacy Policy

This policy sets out Typewiser’s commitment to ensuring that any personal data, including special category personal data, which Typewiser processes, is carried out in compliance with data protection law.

“Typewiser” is a trading name of Caravel Innovation SLU, a company registered in Spain at the address shown on the covering page to this document. Typewiser is a business to business digital service that allows customers to upload data to the Typewiser platform, for the purpose of completing an online business proposal template.

This data protection policy is designed to ensure Typewiser’s compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and any terminology used herein will be meant in the way defined in GDPR.

In relation to the usage of any data uploaded to the Typewiser platform, Typewiser will be the data processor and the customer will be the data controller.

A Data Protection Agreement (DPA) will be entered into by Typewiser and its clients, in addition to an agreement regarding the general Typewiser terms of service.

Typewiser’s other data protection policies and procedures are:

  • Record of processing activities
  • Personal data breach reporting process and a breach register
  • IT security policies

Scope

This policy applies to all personal data processed by Typewiser and is part of Typewiser’s approach to compliance with data protection law. All Typewiser staff are expected to comply with this policy and failure to comply may lead to disciplinary action for misconduct, including dismissal.

It is anticipated that the only personal data that will be processed by Typewiser will be the business contact details of customers’ employees. The DPA contains a clause requiring the customer to inform Typewiser immediately in the event that personal data relating to any other category of data subject is uploaded.

Data protection principles

Typewiser complies with the data protection principles set out below. When processing personal data, it ensures that:

  • it is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
  • it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
  • it is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
  • it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
  • it is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
  • it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

Typewiser will facilitate any request from a data subject who wishes to exercise their rights under data protection law as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay.

Process / Procedures / Guidance

Typewiser will:

  • ensure that the legal basis for processing personal data is identified in advance and that all processing complies with the law
  • not do anything with personal data that is not required strictly in order to deliver the Typewiser service
  • only collect and process the personal data that it needs for purposes it has identified in advance
  • ensure that, as far as possible, the personal data it holds is accurate, or a system is in place for ensuring that it is kept up to date as far as possible
  • only retain personal data for as long as it is needed, after which time Typewiser will securely erase or delete the personal data
  • ensure that appropriate security measures are in place to ensure that personal data can only be accessed by those who need to access it and that it is held and transferred securely

Typewiser will ensure that all staff who process personal data on its behalf are aware of their responsibilities under this policy and other relevant data protection and information security policies, and that they are adequately trained and supervised. Breaching this policy may result in disciplinary action for misconduct, including dismissal. Obtaining (including accessing) or disclosing personal data in breach of Typewiser’s data protection policies may also be a criminal offence.

Data subject rights

Typewiser has processes in place to ensure that it can facilitate any request made by an individual to exercise their rights under data protection law. All staff have received training and are aware of the rights of data subjects. Staff can identify such a request and know who to send it to.

Subject access: the right to request information about how personal data is being processed, including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:

  • the purpose of the processing
  • the categories of personal data
  • the recipients to whom data has been disclosed or which will be disclosed
  • the retention period
  • the right to lodge a complaint
  • the source of the information if not collected direct from the subject, and
  • the existence of any automated decision making

Rectification: the right to allow a data subject to rectify inaccurate personal data concerning them.

Erasure: the right to have data erased and to have confirmation of erasure, but only where:

  • the data is no longer necessary in relation to the purpose for which it was collected, or
  • where consent is withdrawn, or
  • where there is no legal basis for the processing, or
  • there is a legal obligation to delete data

Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:

  • if the accuracy of the personal data is being contested, or
  • if the processing is unlawful but the data subject does not want it erased, or
  • if the data is no longer needed for the purpose of the processing but it is required by the data subject for the establishment, exercise or defense of legal claims, or
  • if the data subject has objected to the processing, pending verification of that objection

Data portability: the right to receive a copy of personal data which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller.

Object to processing: the right to object to the processing of personal data unless Typewiser can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defence of legal claims.

Special category personal data

This includes the following personal data revealing:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person
  • an individual’s health
  • a natural person’s sex life or sexual orientation
  • criminal convictions or offences

It is not anticipated that any special category personal data will be processed by Typewiser, and the DPA contains a clause requiring the customer to inform Typewiser immediately in the event that any such data is uploaded.

Responsibility for the processing of personal data

The Directors of Caravel Innovation SLU take ultimate responsibility for data protection in relation to the Typewiser Service.

Any questions, concerns or requests to exercise any rights under the GDPR, should be addressed to Typewiser’s data protection lead: info@typewiser.com

Monitoring and review

This policy was last updated on May 2020 and shall be regularly monitored and reviewed, at least every two years.

Data protection agreement

This Data Protection Agreement (“Agreement”) is entered into between you (the “Customer”) and Caravel Innovation SLU (trading as Typewiser)Calle Perez Galdos 32, 35002 Las Palmas de Gran Canaria (Company Register no. B76271808) (the “Provider”).

This Agreement should be read in conjunction with the Typewiser Data Protection Policy which is available on the Typewiser website.

By accepting this Agreement, you agree to comply with its terms and requirements.

Definitions

Applicable Laws: the law of the European Union, the law of any member state of the European Union in which either Party is domiciled or commercially active. Controller, Processor, Data Subject, Personal Data, Special Category Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation. Data Protection Legislation: the General Data Protection Regulation ((EU) 2016/679) and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data.

  1. General Provisions
    1. The Customer is a subscriber to the Provider’s Typewiser Service and the Parties have signed a separate contract specifying the Terms of Service in this regard (the “Terms of service”).
    2. Both parties will comply with all applicable requirements of the Data Protection Legislation.
    3. The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Provider is the Processor. Schedule 1 sets out the scope, nature and purpose of processing by the Provider, the duration of the processing and the types of Personal Data and categories of Data Subject.
  2. Customer’s Obligations
    1. Without prejudice to the generality of Clause 1.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Provider for the duration and purposes of this agreement.
    2. The Customer specifically agrees that the Provider can appoint as a processor of Personal Data under this Agreement any of the entities forming part of the same corporate group and listed in Schedule 2.
      1. The companies detailed at Schedule 2 will be required to comply with the terms of this Agreement and will be acting as if they were the Provider.
      2. The Provider will bear full legal liability for any breach of this Agreement committed by any of the entities listed at Schedule 2.
    3. With reference to section 2 of Schedule 1, the Customer will inform the Provider immediately if any “special category” personal data is uploaded to the Typewiser Service.
    4. With reference to section 3 of Schedule 1, the Customer will inform the Provider immediately if personal data relating to any person external to the Customer’s organisation is uploaded to the Typewiser Service.
  3. Provider’s Obligations
    1. Without prejudice to the generality of Clause 1.1, the Provider shall, in relation to any Personal Data processed in connection with the performance of its obligations under this agreement:
      1. process that Personal Data only on the documented written instructions of the Customer, unless the Provider is required by Applicable Laws to otherwise process that Personal Data. Where the Provider is relying on Applicable Laws as the basis for processing Personal Data, the Provider shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Provider from so notifying the Customer;
      2. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
      3. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
      4. not transfer any Personal Data outside of the European Economic Area, except for transfer to Indeep Artificial Intelligence Private Limited or Alien RE which are a part of the same corporate group as the Provider, in which case the Provider will ensure that:
        1. appropriate safeguards are provided in relation to the transfer, specifically as per Article 44(2)(c) of the Data Protection Legislation;
        2. the data subject has enforceable rights and effective legal remedies;
        3. the Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
        4. the Provider complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
      5. assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
      6. notify the Customer without undue delay on becoming aware of a Personal Data Breach;
      7. at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and
      8. maintain complete and accurate records and information to demonstrate its compliance with this clause 1 and immediately inform the Customer if, in the opinion of the Provider, an instruction infringes the Data Protection Legislation.
    2. With reference to 3.1(a) above, the provisions specified in Part 1 of Schedule 1 shall be taken to be the “documented written instructions” referred to.

Schedule 1

Processing, personal data and data subjects

  1. Processing by the provider
  2. Scope – Any processing of personal data by the Provider is limited strictly to that which is required in order to deliver the Typewiser Service to the Customer in accordance with the Typewiser Agreement.
  3. Purpose of Processing – The Typewiser Service provides an online editor and templates for grant applications and allows the Customer to upload relevant data into the template. The purpose of the processing by the Provider is to provide secure storage of any data uploaded by the Customer.
  4. Duration of the Processing – Processing of personal data will commence as of the Effective Date of the Terms of service and cease when the Terms of service has concluded or been terminated according to its terms.
  5. Types of personal data – It is not anticipated that any “special category” personal data will be processed by the Provider.
  6. Categories of data subject – It is anticipated that any personal data provided by the Customer will be limited to the business contact details of the Customer’s employees.

Schedule 2

List of third party processors authorised under this agreement

The Provider is part of the Albalonga Group, which is registered in Andorra as Albalonga SL (Company no. 8708318) of Crta. Arinsal sn, Urbanizació Ribasol Ski & Mountain Park , Arinsal, AD400.

The following companies are also part of the Albalonga Group and, as specified at clause 2.2, are authorized to access the Typewiser platform and to process personal data contained therein in order to assist the Provider in delivering the Typewiser service:

  1. Boldpage Srl: Via Cristoforo Colombo 348, Rome, 00145 Italy.
  2. Vis Srl: Via Cristoforo Colombo 348, Rome, 00145 Italy
  3. Nautilus Exploration: Calle Perez Galdos 32, 35002 Las Palmas De Gran Canaria Spain
  4. Alien Technology Transfer Ltd, 1 Purley Place, London N1 1qa, United Kingdom.
  5. Nautilus Exploration, Calle Perez Galdos 32, 35002 Las Palmas De Gran Canaria, Spain
  6. Indeep Artificial Intelligence Private Limited: 1-98/3/5/29, Plot No. 42,Jubilee Enclave N.t.r Pride Building, Sy. No 66 & 67, Madhapur, Hyderabad, Telangana, India.

 

Log-in / Sign-Up