VV15 Software Enterprise Inc., ("us", "we", or "our") operates: the thebestpianoteachers.com ('Site') website; and, creates and distributes various Information Products (the ‘Services’).
The security of all data is important to us; in this document, we will explain how we collect, use and protect our customers’ [Teachers, Studios, Schools] personal and commercial data (as a 'Data Controller') and the data we process (as a 'Data Processor') on the behalf of others [Students, Parents].
We consider the input of data into our software as being sufficient evidence of Informed Consent being freely given by Teachers/Studios/Schools (regarding the provision of Teachers/Studios/Schools personal and commercial data, given to us in our role as Data Controller), and having been fully obtained by Teachers/Studios/Schools (regarding the provision of Parents/Students data, specifically including all necessary parental permissions for children’s data, given to us as a Data Processor [by a Data Controller).
These are 6 principles that underpin our approach to GDPR in terms of our responsibilities as a Data Controller and a Data Processor. In different words, we strive to ensure personal data is:
In our role as a Data Controller, we also strive to obtain Informed Consent, defined as being ‘freely given, specific, informed and unambiguous’. Teachers and Schools, who are acting as Data Controllers themselves in regards to Parents/Students must also uphold these principles and obtain Informed Consent from these individuals.
As an EU citizen whose personal information we hold, the GDPR affords certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or through our Services. In order to process your request securely, we reserve the right to request you to provide two valid forms of identification for verification purposes.
Your rights are as follows:
In our role as a Data Controller, we strive to uphold these rights in the manner, and to the timelines, defined within GDPR. Teachers/Studios/Schools, who are acting as Data Controllers themselves in regards to Parents/Students must also uphold these rights for these individuals.
If we consider requests to: be frivolous or vexatious; necessitate disproportionate effort to complete (time or cost); or, cannot be fulfilled for another legitime reason (e.g. legal) – then we reserve the right to refuse them. If such an exceptional circumstance arises, then we will inform you (within a reasonable timeframe). If answering requests is likely to require additional time (above that specified in GDPR) or generates a commercially unreasonable expense (which you may have to meet, in part or in full), then we will also inform you (within a reasonable timeframe).
On matters where GDPR specifies a defined timeline, for example, fulfilling Subject Access Requests (‘no later than 30 days’) and/or reporting data breaches to the Supervisory Authority (‘where feasible, within 72 hours’), we will make commercially reasonable efforts to achieve said timelines. If exceptional circumstance arise, which might impact us achieving these deadlines, then we will inform you (within a reasonable timeframe). If there is no defined timeline for a specific matter, then we will strive to address them ‘within a reasonable timeline’ as recommended within GDPR.
We collect several different types of information from Customers (Teachers/Studios/Schools), including:
A core element of our Services is to enable Teachers/Studios/Schools to operate their businesses, including various billing, scheduling and messaging functions relating to Students/Parents. In this regard, we are a Data Processor and Teachers/Studios/Schools act as a Data Controller, so our software enables Teachers/Studios/Schools to capture data for their Legitimate Purpose (and where, we are required to do so to perform our Contractual Obligations). We consider the input of data into our software as being sufficient evidence of Informed Consent having been fully obtained by Teachers/Studios/Schools from Parents/Students (regarding the provision of Parents/Students data, specifically including all necessary parental permissions for children’s data, given to us as a Data Processor [by a Data Controller]).
We are a canadian-registered business and we utilize other canadian-based and US-based third parties. If you elect to provide information to us (defined as the input of data into our Services), then be advised we might transfer elements of this data, including personal data, to the Canada and process it there. In this regard, we are fulfilling a Contractual Obligation to provide the Services which our Customers are purchasing from us. For the avoidance of doubt, we also consider the input of data into our software as being sufficient evidence of Informed Consent for said transfer of your own data and the Parents/Students data you control. We further consider the input of data into our Services as being sufficient evidence you’ve obtained all necessary parental permissions for the transfer of children’s data.
We take the security of all data (teachers, studios, schools, parents, students) extremely seriously and utilize multiple technologies, processes and protocols to protect against the loss or theft of personal data, including (but not limited to): encryption, access controls, data backups, passwords, reputable third parties et al. This being said, although we invest at a commercially reasonable level, no software platform or data storage can be 100% secure; thus, we cannot make guarantees relating to data security.
We use personal Teacher/Studio/School data for various activities including (but not limited to) safeguarding, delivering and improving our Services to you, such as:
We use personal Teacher/Studio data for limited processing activities, as required to fulfil our contractual obligations to our customers (Teachers, Studios, Schools), such as:
In simple terms, we do not sell, distribute or lease any personal information (Teachers, Studios, Schools, Parents, Students) outside of our business, without obtaining Informed Consent, unless we are legally required to do so, or there is a ‘good faith belief’ such action is absolutely necessary. For example, if we or our Services are involved in a merger, acquisition or sale, then personal data might be transferred; in this case, we will provide advance notice. Disclosure could also be required to: protect the rights or assets of our business; prevent or investigate a wrongdoing related to our Services; support a legal request from a recognized legal authority; and/or, protect the safety of users of the Services et al.
We use third-parties (including, but not limited to those listed, beneath) to monitor, analyze, support, promote and enhance our Services. In some cases, these providers will use personal data to fulfill their contractual obligations (with us), when we request them to perform various services on a legitimate interest basis:
For the avoidance of doubt, we do not support Do Not Track (“DNT”) technologies (DNT is a web browser setting that requests that a web application disable its tracking of an individual user).
We are a virtual business that operates its Services without a physical office, so we’ve a strong preference to communicate in digital form via email email@example.com or through our Services (i.e. through customer support). For legal and formal purposes, our registered office is 1155 North Service Road West, unit 11, Oakville, Ontario, Canada, L6M 3E3. Be mindful, if correspondence is sent to this address it might take us longer to process (i.e. there’ll be a lead time to re-route the document[s] before one of our team members receive them).