1. Scope of this policy
For the personal data processing that is being carried out in the framework of the iRead project, the applicable legal framework is the General Data Protection Regulation (Regulation (EE) 2016/679 – the “GDPR”).
2. Who we are (the iRead project)
“iRead” is an innovation European Horizon 2020 4-year European project (2017 – 2020),developed by 15 industry and education partners from nine countries. iRead aims to develop personalised learning technologies to support reading skills, focusing primarily on primary school children (see https://iread-project.eu/about/).
iRead supports learning through a set of personalised content-driven educative components as well as monitoring progress and analytics display. The educative components of iRead are the “NAVIGO” literacy game and the “Amigo” Reader application.
The main users of the iRead are: i) the learners, who aim to improve their reading skills by using the aforementioned personalised content-driven educative components and ii) the educators (teachers), who monitor the learners’ progress through a web application. They both need to register to the system, in order to start using it. During the pilot phase of the iRead project (2019-2020) learner registration is only open to learners participating in specific pilot studies.
The NAVIGO literacy game and the Amigo Reader applications which can be downloaded from Google Play Store form the main instrument for providing personalised and adaptive literacy training towards achieving the project’s educational and learning purposes. The NAVIGO and the Amigo applications though are part of an open cloud-based software infrastructure, consisting of open interoperable components necessitating specific deployment procedures. Therefore, simply downloading these applications, without using the whole iRead infrastructure (i.e. without registering), will not allow a User to either play the NAVIGO literacy game or use the Amigo Reader.
3. Collection of Information
We do not collect any personal data (including device and/or network data) in case that the user simply downloads the NAVIGO application. Personal data is collected only about registered users.
When a user is registered, her/his details are stored in a database along with her/his credentials. More precisely, iRead collects the following data, which are necessary for its purposes:
- Password (in a protected form – we are not able to read any password)
- First name and last name
- Date of birth (only for learners)
- Mother tongue (only for learners)
- Language model (only for learners)
- E-mail address (for learners, it may be parental E-mail address)
Moreover, depending on the specific iRead trial in which the user participates, other information may be also needed and collected, such as User’s (either learner or teacher) school and classroom, as well as associations between teachers and learners – i.e. the name of the teacher that is associated with each learner.
In addition, in order to achieve its learning purposes, iRead collects:
- Usage data (username, password, access date, duration/time of usage and other information regarding User participation in the different activities of literacy games and the educational content and data generated by the software during usage, as well as information related to the reading activities of the User with the eReader application).
- Data analysing competence in literacy areas (vocal, phonological, morphological and syntactic) and data related to the reading process of texts, produced in accordance with the User’s individual performance, depending on the user’s options, categories and the data produced by the literacy game activities.
In order to evaluate how the iRead applications impact on learning and teaching, during the evaluation period of the project, we will administer pre and post tests of children’s learning and motivation. We will also conduct screen-recordings of children’s technology use, interviews with children and teachers, and classroom observation while the technology is used.
Finally, since a child may be a User only upon her/his parent/guardian’s explicit consent (see next), personal data of the parent guardian of each child are also being collected (First name, last name, gender, E-mail address).
4. Purpose of the processing
The information collected is being used only in the framework of the iRead research project, towards developing and evaluating iRead with regard to the project’s goal (see also Section 2 of the Policy). Data will not be used for any other purpose. We do not share, sell or in any other way provide access to the collected/generated data to any other persons or companies.
More precisely, the main purpose of the iRead project it to develop personalised learning technologies to support reading skills. Within iRead, the process of learning to read a language (either as a native speaker or as a foreign language), is viewed as a collection of learning-steps (the language model), where each step corresponds to a linguistic phenomenon/skill the Learner has to learn/master.
A Learner registered with iRead will be able to practice and improve herself/himself by playing interactive games, reading eBooks, undertaking activities and accessing appropriate reading material. The content presented to each Learner is personalised, i.e. appropriately selected to meet the current educational needs of the Learner. To accomplish the aforementioned goals, the iRead system creates and maintains a profile for each Learner that uses iRead, reflecting in that way the individual skills of the Learner. This profile is being built according to the interaction of the Learner with the applications, aiming to improve the Learner’s reading skills.
5. Legal basis for the processing – User’s consent
For the personal data processing carried out by the University College, London (UCL) taking place in the UK, the legal basis for the processing is based on Article 6, paragraph 1(e) of the GDPR (“processing is necessary for the performance of a task carried out in the public interest…”). All other iRead partners collect Users’ personal data only under their explicit consent (Article 6 paragraph 1(a) of the GDPR). Especially for the children participating in pilot studies taking place in the school environment, an explicit consent from the parent guardian is collected before registering the Learner to the system. Such a consent can be revoked at any time, which in turn leads to fully deleting any relevant data of the corresponding Learner.
6. Who has access to the data
Each teacher of a class participating in a pilot study has access to the data of the Learners that they are under her/his custody. Each Learner has access only to her/his data. The parent guardians have access only to their children data (through the children’s account).
The researchers of the iRead Project Consortium also have access to the data for scientific purposes as well as iRead’s technical staff for data maintenance purposes. Data access is provided to iRead’s researchers and technical staff on a “need-to-know” basis.
The only other potential recipient of the data except for the iRead’s partners is the European Office of Horizon 2020, if deemed necessary for the verification of the project results, in accordance with the Technical Bulletin.
There is no any other recipient of the data; no third party has access or collects any personal data.
7. International transfers
We do not transfer User personal data outside the European Economic Area or to a third country where the European Commission has decided that the third country does not ensure an adequate level of personal data protection.
Data retention period
Users’ data will be retained for at most 4 years after the end of the project (Dec 2020) in order to allow for thorough scientific processing (consistent with the purposes of the project), unless any User revokes her/his consent which leads to deletion of her/his data. After this period, the data will be fully anonymised so that it will not be possible to re-identify the data by any means.
9. Data security
We implement appropriate technical and organizational measures for data security, to protect data by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
10. User rights regarding the processing
Once Users have provided their personal data, they have several rights according to the GDPR, which they can in principle exercise free of charge. See Section 12for information on how to exercise any of User rights.
Should Users have unresolved concerns, they have the right to lodge a complaint with a Data Protection Supervisory Authority where they live or where they believe that is more appropriate/convenient.
Especially for the children, their rights are exercised by the parent guardian.
- Right to withdraw consent
Users are able to withdraw the consent they have provided at any time they choose and at their own initiative. Withdrawal of their consent will result to fully deleting all of their relevant data.
- Right to access and rectify User’s data
Users have the right to access, review, and rectify their Personal Data. They are entitled to ask us for a copy of their information, to review or correct it, and if they wish to rectify any information like their name, email address, passwords and/or any other preferences. They can ask for information regarding the exact purposes of the processing (as they are also stated in this Policy), as well as for the logic involved for the creation of user’s profiling in the framework of our research.
- Right to erasure
Note that whenever Users withdraw their consent, this in turn results in erasure of their data (no additional action is needed from them).
- Right to restriction of processing
Under certain circumstances, Users may ask us to restrict the processing of their Personal Data (for example, when they contest the accuracy of their personal data).
- Right to data portability
Where Users have provided their data directly to us and where the processing is carried out by automated means and based on their consent, they have the right to receive the personal data processed about them (and provided by them) in a structured, commonly used and machine-readable format, and request portability of their personal data.
In the context of iRead, once Teachers are registered to the system, they may have access to data though a web application. To this end, session cookies are being used to store information in the form of a session identification. Session cookies are also used whenever a learner provides her/his credentials to the application. These cookies are strictly necessary in order to provide the service explicitly requested by the User.
We do not allow third parties to serve advertisements or provide analytics services. Hence, we do not use any third-party cookies.