Privacy Statement
Tyro understands that your privacy is important to you and that you care about how your personal data is used. Tyro only collect and use your personal data as permitted by European Union General DataProtection regulation.
1. Information About Us
Tyro TechnologiesLimited a company registered in Ireland with company number 723148, having its registered office at Commercial House Millbank Business Park Lucan Dublin K78X5W6 Ireland trading as Tyro.
Business & postal address: The Masonry, 151 Thomas Street, Dublin, D08 PY5E.
VAT number: 4037793KH.
Data Protection Officer: Patrick Barry.
Email address: support@tyro.school.
Telephone number: (01) 2707749.
2. What Does This Policy Cover?
This Privacy Statement provides details about how Tyro (the data processor) carries out data processing on behalf of our Customers (the data controller) based on their instructions. Personal data is information that can identify you as a person, such as an email address, street address or phone number. Processing your personal data is required for us to serve our Customers. By providing your personal data, you accept the terms included in this Privacy Statement.
3. What Is Personal Data?
Personal data is defined by the European Union General Data Protection regulation as any information relating to an identifiable person who can be directly or in directly identified by reference to an identifier. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, and other online identifiers.
4. What Are My Rights?
You have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to ask any questions using the details in Part 10.
b) The right to access the personal data we hold about you. Part 9 will tell you how to do this.
c)The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 10 to find out more.
d) The right to be forgotten, i.e., the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 10 to find out more.
e) The right to restrict (i.e., prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
h) The right to data portability. This means that, you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for copy of that personal data to re-use with another service or business in many cases.
i) Rights relating to automated decision-making and profiling. It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed for as long as we have that data.
5. What Personal Data Do You Collect and How?
Tyro process data about our Customers’ employees, students, points of contact and general application users. The type of data that Tyro processes about you may include:
- Information about date of birth, age, gender, and relationship to a student in the case of a contact
- Contact details such as name, address, telephone number and email
- Content you have uploaded such as text and documents
- In the case of staff, the employment information about you at the customer company such as job title, PPS number, and position including contract terms and qualifications
- In the case of students, academic information about you including attendance, assessment, medical and behaviour records
- Unique user information such as username and display name
- Browser traffic analytics including browser type and IP address
6. How Do You Use My Personal Data?
Where we collect any personal data, it will be processed and stored securely, for no longer than is necessary considering the reason(s) for which it was first collected. We will comply with our obligations and always safeguard your rights. To meet our Service Level Agreements, Tyro requires information about you in your role as a user of our service. Our objectives for this data include:
- Provide features and services
- Perform our contractual obligations
- Deliver support to users of our software
- Increase the quality of our software
- Detect and prevent security threats and perform ongoing maintenance
- Prevent abuse of our software
- Communicate information that is relevant for our services
- Process orders, invoicing, payments
Processing according to the above is deemed necessary for us to manage our services for Customers. Tyro does not ask for your consent to process your personal data. We do not consider that the processing disadvantages you in any way.
7. How, Where, And For How Long Do You Store My Data?
Tyro ensures that the following measures are taken with respect to the storage of personal data:
- Data in transit: Azure Database for PostgreSQL encrypts in-transit data with Secure Sockets Layer and Transport Layer Security(SSL/TLS). Encryption is enforced by default.
- Data at rest: For storage encryption, Azure Database for PostgreSQL uses the FIPS 140-2 validated cryptographic module. Data is encrypted on disk, including backups and the temporary files created while queries are running.
- Access to the application is via username and password with 2 Factor Authentication. Passwords are encrypted and only known to the specific authorised user.
- Only store your personal data within the EU. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Personal data is retained for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.This means that we may retain your personal data for a reasonable period after your last interaction with us.
- When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.
8. Do You Share My Personal Data?
If governmental authorities or the Gardaí request disclosure of personal data, Tyro will promptly notify the Customer (the data controller) and we will disclose such data only to comply with a court order.Tyro does not share your personal data with third parties who intend to use the data for marketing purposes. In cases where Tyro engages subcontractors to process personal data, it is possible that your or our customers' data may be transferred outside theEuropean Union (EU). These subcontractors typically include cloud service providers or other IT hosting service vendors. To safeguard your privacy rights and fulfil our obligations to our customers, Tyro will always establish a data processing agreement (DPA) with subcontractors. If data processing occurs outside the EU, we will ensure that the DPA is based on the EU Standard Contractual Clauses. Additionally, we will notify our customers about the export of data in such instances. However, it should be noted that Tyro is not responsible for providing this information directly to data subjects whose data is controlled by our customers.
9. How Can I Access My Personal Data?
Data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which Tyro holds about them, what it is doing with that personal data, and why. Users wishing to make a SAR should do using a Subject Access Request Form, sending the form to the Company’s Data Protection Officer at support@tyro.school. Responses to SARs must normally be made within one month of receipt, however, this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed. All SARs received shall be handled by the Company’s Data Protection Officer. The Company does not charge afee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
10. Tyro’s Role As A Data Processor
Tyro offers a range of services that involve processing data provided by our customers, which may include personal data. In this arrangement, our customers act as the data controllers, determining the purposes for which the data is processed. As the data processor, Tyro adheres to the requirements of applicable data protection laws and the terms outlined in our data processing agreement (DPA) with the customer. By accepting our DPA, the customer guarantees the following:
- The customer is the rightful owner of the data or possesses the necessary rights to transfer it to Tyro for processing. The customer also assumes responsibility for the accuracy, integrity, content, reliability, and legality of the personal data.
- The customer, acting as the data controller, is responsible for informing the relevant supervisory authorities and/or data subjects, as required by applicable law, in the event of any data breach or unauthorised disclosure.
As the data processor, Tyro is responsible for implementing technical and organisational security measures to protect your privacy on behalf of our Customer, the data controller. Tyro will not process personal data in any other way or for any other purpose than what is authorised in the agreement with the data controller. If data subjects have any questions, comments, claims, or concerns regarding their personal data processed by Tyro as the data processor, they should direct them to the data controller. Tyro will not provide data subjects with access to their personal data unless specifically instructed to do so by the data controller. In the event that government authorities or law enforcement agencies request the disclosure of personal data, Tyro will promptly inform the data controller and will only disclose the data if required to comply with a court order.
11. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details
Email address: support@tyro.school
Telephone number: (01) 270 7749.
Postal Address: The Masonry, 151 Thomas Street, Dublin, D08PY5E.
