Information Collection and Usage

Royal Academic Software is the sole owner of any information collected or shared with us. Under no circumstances will we sell, share or rent out this information to others in a way that is not directly disclosed within this policy.

RAS collects information from our customers both future and current through many different channels such as but not limited to: the Royal Academic Software website, RAS product websites, email, ticketing systems, and other additional web services.

What we collect that is identifiable to you:

Purchases of any software, subscription services and products therein.

Enquiries of any of our software and/or services.

Feedback provided to our team.

Logs from support and email communications.

Access to any of our products or services via the internet.

System-level logs from kiosk tools and services.

Usage of the software and or services provided.

Data we share with our billing and payment provider, Stripe:
We are required to share certain information with our payment provider, Stripe (Stripe Inc). You are responsible for reading and acknowledging Stripe’s privacy policy before purchasing or subscribing to any of our products.

When onboarding to any of our paid platforms, you will be required to submit certain information such as payment details, addresses, contact information and if applicable, your tax identification number.

You are responsible for ensuring that this information provided is up-to-date and entered correctly. Failure to do so may result in termination of your services with Royal Academic Software. More information can be found in our Terms of Service about the importance of ensuring your payment information is up to date.

Data we may share with third parties:
In rare situations, we may be required to share additional information with third parties such as Government Authorities. Should information be considered sensitive, we will reach out to you and ask for your authorization.

Data we share with our infrastructure partners
We team up with various companies globally to ensure our software remains operational, quick and up to certain standards. In order to make this happen, we are required to share and retain certain information from these third parties.

We share and work closely with Cloudflare (CloudFlare Inc) so that we can correctly monitor our systems and ensure the integrity and security of our infrastructure. Cloudflare provides information about how they collect and handle data, and we encourage you to read Cloudflare's policies here.

Additionally, the servers and tools we utilize on a daily basis are hosted in various data centers globally provided by the following companies: Cloudflare, OVH, Hetzner and Contabo.

Our infrastructure partners are held up to their own privacy and security standards that are compliant with the industry standards. We encourage our customers to read their data handling and privacy policies accordingly. We ensure the hardware we lease is fully managed by us, and no third party can gain access to it.

Where is your data processed?
We process data in various data centers, however our primary locations are within Switzerland, Germany and the United Kingdom. This data is processed in accordance with GDPR regulations, excluding data in Switzerland to which gets processed with the Swiss Data Protection Act (DPA).

For customers accessing our platforms in the United States or North and South American countries, your data is strictly processed within the United States following relevant data protection rules. In this case, we adopt the GDPR compliance regulations exclusively for all states and territories outside of California, where we adopt the California Consumer Privacy Act (CCPA).

For customers accessing our platforms in the Middle East, Africa and some parts of Asia, you are subject to your data being forwarded to European data centers where they are handled in accordance with GDPR.

Your rights as a data subject:
You have the right to information about your personal data that we process. One of the primary rights you have as a data subject is the right to request removal of your data. You additionally have the right to object to certain data processing.

Should you wish to request a removal of your personal data, please contact our helpdesk at [email protected]. We will process your request within 30 days.

If you are deciding to close down your account with Royal Academic Software, which can include the cancellation of a subscription to a service or software we provide, your data is automatically removed from our systems after 30 days. Once the process has started, we cannot cancel this and your data will be permanently removed from our databases and systems therein.

Voluntary nature of data provision
There is no statutory obligation for you to provide your data. However, in order for us to provide you with certain services, some personal data is required. Your decision to provide us with your personal data is completely voluntary.

Data collected from School Information Systems

In some cases, for our software to work we are required to connect, collect and process data from a School Information System (SIS).

Royal Academic Software completely acknowledges the importance of security and protection of this data and therefore, we incorporate certain safeguards to maximize the protection of data shared and collected by us from SIS’s.

We also encourage organizations who wish to utilize these SIS integrations, to create a data handling agreement between us and your organization, so we can understand and follow the requirements of your organization.

Royal Academic Software safeguards your data collected by SIS’s by utilizing the following technologies:

Encrypted databases - Only our software has access to the data stored in these confidential databases with information collected by an SIS.

Short data retention periods - We will only store the relevant data for a short period of time, anywhere between 5 seconds and 24 hours. Data that is no longer needed will be permanently deleted from our systems.

Refined data collection endpoints - We ensure that we are only collecting and processing data that we actually require. Unused access will remain as that, unused.

Control over SIS access - You define how much access you decide to grant our software. If a certain area of your SIS should remain confidential, simply do not share that information with us by limiting the access granted to us.

Please note that if a feature of our software requires access to this data, we cannot guarantee that it will function as intended. You may get error messages or warnings until the matter is resolved.

We try to work as closely with popular School Information Systems to understand what data we might need and how to correctly store and transfer that information.

If you require the connection between Royal Academic Software and your School Information System, we will reach out to you about the right ways to proceed and the understanding of the data you are sharing with us and our platforms.

Complains & Contacting Us

If you have any concerns about your personal information and how it might be processed by Royal Academic Software, please email us at [email protected] describing your concern.

Should you wish to get in touch with us, we have a Data Protection Officer (DPO) to oversee all data protection strategies and ensure that we are remaining compliant with the relevant data protection obligations and regulations. Should you have any questions or wish to contact our DPO, please contact the following: [email protected] and we will get back to you as soon as possible.

Amendments to this document

Royal Academic Software reserves the right to update this privacy policy at any time for any given reason, such as a new regulation. It is advised to revisit this privacy policy from time to time.

As a user of Royal Academic Software, any time where data is being collected or processed, you will be prompted to reread the privacy policy and confirm before it is collected and processed.