Privacy Notice and Register Information Document

This is the privacy notice and register information document of Digital Teaching Tools Finland Ltd (Finnish business identity code 3154884-5) and it is drafted in accordance with the EU GDPR regulation.
Digital Teaching Tools Finland Ltd ( is certified through for FERPA, COPPA and CSPC.

Created on 18th Nov 2020
Updated on 4th May 2021


FERPA CertifiedCOPPA Safe HarborCalifornia Student Privacy Certified

Registrar Information

Digital Teaching Tools Finland Ltd
Tammisaarentie 68, 10320 Karjaa

Registrar Name user register.

The Lawfullness and Purpose of Processing Personal Data

The legal basis for the processing of personal data is: Consent of the data subject, contract and benefits to the date subject.
The purpose of the processing of the personal data is to provide the service to the users.
The data will not be used for automated decision-making or profiling.

Description of the Data Visibility doesn’t require registration to be used. If is used without registration, no data is persisted from the user outside of the session. Students do not need to create an account to be able to participate in the class, The student name or nickname is collected and visible to the teacher, together with what the student draws on the whiteboard. This information is only visible to the teacher and not to other students.
Students cannot post or save any information to the service, and cannot view any other students’ content or communicate with other students.

Description of the Data Content

If the teacher wants to register and benefit from all features, the following information is collected and stored: user’s name, e-mail, teaching subjects, IP addresses, images of what is drawn on the whiteboards.
This information is only stored for internal use and is not shared with third parties.

Regular Sources of Information

The data is received through the registration process of the web-service

Regular Disclosure of Data and Transfers of Personal Data to Third Countries

The data is not disclosed regularly to third parties. The data is stored within the United States or within the European Union, depending on the choice of the user.

Third-Party Service Providers utilizes the services of third party service providers to assist in providing access to the Site. The third party service providers have established privacy policies comparable to those in this Privacy Policy. Third party service providers will have access to data, including, personally identifiable information, that is necessary for the services they provide to

Amazon Web Services (AWS) for backing up and serving images for the website.
Upcloud for providing application and database servers.
Google Analytics for analyzing the traffic and site usage.
Pusher for providing real time functionality and events.

Principles of Register Protection

If becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred, and steps is taking to address the breach.

Right of Access and Right to Rectification

The register is treated confidentially. The register is adequately protected from third parties.
When storing data using cloud services, adequate processes are implemented to provide data security.
The personal data is only accessible for those employees of the company who require the data to conduct the tasks relating to the purposes described in this document.

All data subjects shall have the right to obtain personal data concerning the data subject. The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the data subject. Requests to obtain personal data and/or rectification should be addressed to the registrar via email.

Other Rights of the Data Subject

The data subject shall have the right to obtain from the controller the erasure of personal data concerning the data subject (“right to be forgotten”). The data subject shall have all the other rights specified in the EU General Data Protection Regulation. Any request under these rights should be addressed to the registrar via email.

We may revise our Privacy Policy from time to time. You can see when the last update was by looking at the “Last Updated” date at the top of this page. We won’t reduce your rights under this Privacy Policy without your explicit consent. If we make any significant changes, we’ll provide prominent notice by posting a notice on the Service or the Website and notify you by email (using the email address you provided), so you can review and make sure you know about them.

We encourage you to review this Privacy Policy from time to time, to stay informed about our collection, use, and disclosure of personal information through the Service and Website. If you don’t agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Service or the Website after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.

We keep personal information until it is deleted, or until we no longer need it to provide you with the Service. We will not retain student personal information for any longer than is necessary for educational purposes and legal obligations, or to provide the Service for which we receive or collect the student personal information. In addition, we only keep student personal information for as long as the student’s account is active, unless we are required by law or the student’s school to retain it, or need it to protect the safety of our users. Note that some content may be kept after an account is deleted for school legal compliance reasons (e.g. maintenance of “education records” under FERPA or “student records” under various state student privacy laws).

Student data, that is created at the service without a student account, is removed when the teacher closes the whiteboard class or removes the student from the session. For temporary rooms, the data is deleted after 2 hours of inactivity, and for permanent rooms the data is automatically deleted after 30 days.

Children’s or student’s data, including, personally identifiable information, cannot be sold or released for any commercial or marketing purposes by Whiteboard. Children’s or student’s data, including, personally identifiable information, may only be used by for purposes that are deemed to be legitimate educational purposes and within the intended purposes of the Site.

Parents and Eligible students have the right to inspect and review all data, including, personally identifiable information, which are subject to Data Handling by Us regarding a student.

Parent and Eligible students have the right to seek amendment of all data, including, personally identifiable information, regarding a student, that is believed to be inaccurate, misleading or otherwise in violation of a student’s privacy rights.

Parent and Eligible students have the right to seek deletion of all data, including, personally identifiable information, regarding a student.

Should you have any need for exercising any of the above rights, including those as to inspection and review, amendment or deletion of data, including, personally identifiable information, you should as a first level of support, contact the administrator at the Educational Entity. If your concerns are not addressed by the administrator at the Educational Entity, you should, as a second level of support, contact us.

Change of Control

Over time, may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy.

In the event of a change to our organizations such that all or a portion of or its assets are acquired by or merged with a third-party, or in any other situation where personal information that we have collected from users would be one of the assets transferred to or acquired by that third-party, this Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage and by email to the email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, subject to applicable law, you may request its deletion from the company.

In the unlikely event that goes out of business, or files for bankruptcy, we will protect your personal information, and will not sell it to any third party.

Should you have any questions, concerns or requests about this Privacy Policy, please contact Us as follows:
Digital Teaching Tools Finland Ltd
Address: Tammisaarentie 68, 10320 Karjaa | Finland
Contact information:
Sebastian Laxell
[email protected] participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program at [email protected]