Privacy and Security

Privacy Policy

Privacy Policy for Drieam website, apps, and services.

Last updated: 25 December 2023

Drieam has prepared this privacy policy to describe our practices regarding the processing of personal data. The processing of personal data collected from our websites, apps and other related services (all together “Services”) shall be limited to the purposes described in this privacy policy.

1. Personal Data

Data You Provide To Us

We collect information from you, based on what kind of service or application you use, this data may vary. Below is an outline of the data that we collect.

Eduframe

In Eduframe we collect certain information from users, including first and last names, email and mailing addresses, and passwords when creating an account for network login purposes. Additionally, when ordering services via Eduframe we may collect your name, organization name, billing & shipping information, and payment details. We may also retain certain information on your behalf, such as files and messages stored within your account.

Portflow

In Portflow we collect certain information from users, including first and last names, email addresses, role, sis-id and lms-id. Additionally, when inviting external users to your portfolio, we use and disclose the e-mail address of the external user for identification purposes. We also retain certain information on your behalf, such as files and messages stored within your account.

Google Drive Integration

In Portflow, admins can optionally enable the Google Drive File Picker Integration. If enabled, the following data is exchanged and stored:

Data Source Destination Storage
User e-mail address for Google Account User (direct input) Google N/A
User password for Google Account User (direct input) Google N/A
Selected file metadata Google Portflow Not stored by Drieam, file URL is used to request the file object.
Selected files (objects) Google Portflow Only user selected files are stored in Portflow storage.
Authorization token to access the cloud storage Google Portflow This is not stored by Drieam, may be stored in the browser’s cache by Google.

Portflow’s use and transfer of information received from Google APIs (to any other app) will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Other Apps (Qualtrics LTI, StudyCoach, FeedPulse, etc.)

For our other apps, we generally only collect the first and last name, email, role, sis-id and lms-id. It is possible for the administrator at the institution to disclose more data. We may also retain certain information on your behalf, such as files and messages stored within your account.

Our website & email

If you contact us via our contact form or if you are interested in our service, for instance you use our downloads on our website, we register your data. That data could include personal data, such as your name, email address, your company name, your position within the company, your sex. Furthermore, we may use personal information for commercial purposes, for instance to market our products and services or related products and services, and to tailor our marketing and sales activities to your or your company’s interests.

If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email. When you participate in one of our surveys, we may collect additional profile information. We also collect other types of personal data and demographic information that you provide to us voluntarily.

Data Collected Via Technology

To constantly improve our Services, we collect information from you from our servers (which may be hosted by a third party service provider), including browser type, operating system, Internet Protocol (IP) address, domain name, unique device identifiers, information about how you use our Services and/or a date/time stamp for your visit, location (country), type of device.

We also use cookies and web beacons (as described below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and the solutions and information for which you searched and which you viewed. Like most Internet services, we automatically gather this data and store it in log files each time you use our Services.

COOKIES” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our websites.

WEB BEACONS” are digital images we use to log information on our websites and in our emails. We use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We also use web beacons to tell if you open or act on our emails.

ANALYTICS” use cookies, script tags and scripts to collect and store information such as how users interact with our apps, browser and site performance metrics, errors users encounter when using our apps, device identifiers, how often users visit the websites, what pages they visit, and what other sites they used prior to coming to the websites. We use the information we get from Google Analytics only to improve our websites, our apps, and our Services. Please see the following links for more information about Google Analytics: http://www.google.com/privacy_ads.html, http://www.google.com/privacy.html, and http://www.google.com/analytics/tos.html. We do not tie the information gathered using third party analytics to your personal data.

While we and others give you the choices described in this privacy policy, there are many ways web browser signals and other similar mechanisms can indicate your choice to disable tracking, and we may not be aware of or honor every mechanism.

BLOGS/FORUMS
Our Services may offer a publicly accessible blog and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Anytime you post on our blog, please be aware that you may be posting using a third party application, and we have no access or control over this information. Our privacy policy does not cover the practices of these third parties. Your interaction with these third party applications is governed by the privacy policy of the company providing it.

TESTIMONIALS
We display personal testimonials of satisfied customers on our websites in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at info@drieam.com.

2. Special and/or Sensitive Personal Data

We do not intend to collect data of our website visitors who are younger than 16 years of age, unless the parents or guardian grants permission for this data collection. However, we cannot check whether a website visitor or application user is older than 16 years. For this reason, we encourage parents to be involved in the online activities of their children, in order to prevent the collection of data without parental consent. If you are convinced that we have collected personal data about a minor without this permission, please contact us using the contact details below. We will then make sure that this data will be deleted.

3. Cookie Choices

In accepting this privacy policy, you consent to our placement and continued use of cookies on your device. To learn more about cookies, including how to delete cookies, please visit http://www.allaboutcookies.org/.

  • Most web browsers are set to accept cookies by default. If you prefer, you can typically remove and reject cookies from our site via your browser settings. If you remove or reject our cookies, it will affect how our Services work.
  • You may also render some web beacons unusable by rejecting their associated cookies. If you choose to decline cookies, certain features of the Services that placed the cookie may not function properly or at all as a result.
  • If you do not wish us to track emails we send you, some email services allow you to adjust your display to turn off HTML or disable download of images which should effectively disable our email tracking, or you may unsubscribe from our marketing emails.

You may opt out of tracking certain information collected by Google Analytics, one of our analytics providers as discussed above, on the websites by clicking here.

Eduframe

For Eduframe, Drieam places the following functional and analytical cookies. Your educator might place more cookies using Eduframe. Contact your educator to learn more.

Name Set by Retention period Purpose
_eduframe_session_production Drieam 1 Week Functional cookie
_eduframe_last_accessed Drieam 1 Week Functional cookie
_ga_<id> Google 1 Year Analytical cookie
_ga Google 1 Year Analytical cookie
Portflow

Portflow does not use tracking cookies and only uses cookies that are crucial for app functionality. When Portflow is accessed via the LMS, no cookies are placed by Portflow. Only if accessed as alumnus or without LMS container, Portflow places a functional cookie.

Name Set by Retention period Purpose
_portfolio_lti_session Drieam Browser session Functional cookie

4. Marketing Choices

For visitors of our website the following applies:

By accepting this privacy policy when submitting your personal data, you consent to us contacting you with newsletter and promotions by email. When you receive newsletters or promotional communications from us, you may “opt-out” by following the unsubscribe instructions provided in emails you receive from us or by contacting us directly at the contact information below. You do not have to provide us with any personal data, however if you do not do, so we may not be able to provide the Services to you.

Note: We will never use any personal data collected via our applications for marketing purposes.

Advertisements

Drieam does not display any advertisements within their applications. Third party processors cannot use processed data for tracking or advertising purposes.

5. Use of Your Data

The processing of your data must have a legal basis. In most cases, this will be the execution of an agreement, a legal obligation or our legitimate interests. To offer you the best possible service it is necessary to process your data. If there is a legitimate interest, we will check whether we believe that your interests do not outweigh ours.

Personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. Drieam uses your personal data in the following ways: to create and maintain your account; to identify you as a user in our system; to notate and assign support tickets that you may initiate; to operate, maintain, and improve our Services; to personalise and improve your experience; to send you administrative e-mail; to respond to your comments or inquiries; to send you surveys, promotional communications about our products and services with your permission; to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity; and to make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback with your permission.

We may use data which has been de-identified and aggregated for additional purposes.

6. Data Retention

We will retain your personal data for the period necessary to fulfil the purposes outlined in this privacy policy and will not store this information for more than one (1) year after the data is no longer necessary for those purposes and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Disclosure of Your Personal Information

We will share your personal data with third parties only in the ways that are described as follows or with your express consent.

Third Party Service Providers

We may disclose your information to third parties if we determine that such disclosure is legally required or reasonably necessary for the execution of the agreement. Relevant examples of such disclosure include submitting your personal data to a third party that is responsible for executing an agreement or using this data to accurately respond to questions or complaints. For example, we may share data with service providers who host our websites or provide email services on our behalf.

We keep data in Europe as far as possible, and we have concluded a data processing agreement (DPA) with each of our partners. In addition, we only work with partners located in the European Union, or in the United States, provided they comply with the GDPR rules and regulations when processing our data. This means that they meet security requirements that are considered adequate by the European Commission. You hereby authorize us to store personal data outside the European Economic Area.

An updated list of the partners which might have access to the processed/ collected data by Drieam you can find on our website: https://drieam.com/security-and-privacy/

HubSpot

We use HubSpot. HubSpot is a platform, which makes it possible to combine marketing, sales and customer service. Therefore, HubSpot receives information about you when you request a demo/free trial or download a whitepaper.

The purpose of the processing of personal data is client accounting and, in some cases, we might use personal data for direct marketing or commercial reasons.

The lawful basis of the processing can either be consent, performance of a contract or our legitimate interest, depending on how we use HubSpot. If we make use of the CRM function the processing is necessary for the performance of a contract. We need the CRM function of HubSpot to get in touch with you. The lawful basis of the marketing purpose is our legitimate interest. We believe the way HubSpot works is making a minimum impact on your privacy and you the possibility to opt-out. On the other hand, we do need HubSpot to generate new leads. In the case we did not use HubSpot, it would be very hard for us to find new clients. Even though we believe we have a legitimate interest in using the marketing function of HubSpot, in some cases we can ask for your consent.

For more information on how HubSpot deals with the privacy and security of your data, we refer you to their privacy policy.

Educational Institution or Other Course Provider

We will share your information with the educational institution or organisation which is linked to your use of the Services. This would apply if your educational institution uses our Services and has given you access to the Services.

Other Disclosures

Drieam may disclose information about you if it believes such disclosure is necessary to (a) comply with laws or to respond to lawful requests and legal process; or (b) protect or defend the rights, safety, or property of Drieam, users of the Services, or any person including to enforce our agreements, policies, and terms of use, or (c) in an emergency to protect the personal safety of any person.

We may also share de-identified and aggregated data with others for their own uses.

8. Your Rights Regarding Your Personal Information

We would like to inform you of your rights concerning the collection and use of your data. Under European law, individuals have the right to:

  • ACCESS THEIR PERSONAL DATA
    Individuals have the right to access the personal data we collect and may obtain a copy of this data by contacting us.
  • RECTIFICATION
    Individuals have the right to have personal data rectified if it is incomplete and/or erroneous and can make a request for rectification. You can change (some of) your personal data in your account by editing your profile or by contacting us. We will respond to your request within 4 weeks as is permitted by law.
  • ERASURE
    In some circumstances, you have the “right to be forgotten”. Those circumstances include:
    • The personal data are no longer necessary in relation to the purposes for which they were collected and/or processed;
    • You withdraw the (explicit) consent you previously provided to process the information, and there is no other legal ground for the processing;
    • You object to the processing of your personal data and have legitimate, compelling reasons which supersede our interests and reasons for processing your data;
    • You object to your personal data being processed for direct marketing purposes;
    • You are below the age of 16 and our website has collected your personal data;
    • We are obligated to delete your personal data after the time limits set by laws or other regulations;
    • There are (no longer) any legal grounds for processing your data.

You can choose to delete your account (and so cancel the Service) through the Services. You may also request changes (to see, to correct, to update) or deletions by emailing us.

  • RESTRICTION OF PROCESSING
    Individuals reserve the right to minimise the processing of your personal data. If we are informed that we are using incorrect personal data, we will not use this data until it has been rectified. We will furthermore restrict processing data if the processing is either unlawful or no longer necessary, or you oppose the erasure of your personal data and instead request the restriction of their use.
  • DATA PORTABILITY
    You reserve the right to data portability, i.e. to receive the personal data concerning you that you have provided to us.
  • OBJECT
    You have the right to object to direct marketing. You also have the right to object to the processing of your personal data, if your personal data is used for purposes other than necessary for the execution of an agreement or necessary for compliance with a legal obligation. If you object to the processing of your personal data that is necessary for the performance of our work, we consider it important to state that it is not possible to offer our services to you without your personal data.

If you would like to exercise any of these rights, please get in touch with us via securityofficer@drieam.com.

9. Security of Your Personal Information

Drieam takes reasonable steps to help protect your personal data in an effort to prevent unauthorized access, use, or disclosure. When processing your personal data, at Drieam we comply with the principles of GDPR.

The six overall guiding principles are:

  • Lawfulness, transparency, and fairness
  • Purpose Limitation
  • Data Minimization
  • Accuracy
  • Storage limitation
  • Confidentiality and integrity

Your privacy and security are of the utmost importance to us. We will always follow these principles and ask you how you would like us (or our partners) to communicate with you. Moreover, we periodically carry out internal audits in line with the SOC2 Type II controls.

Despite these measures, you should know that Drieam cannot fully eliminate security risks associated with personal data. No method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. Any content you post while using the Services is at your own risk. If you have any questions about security on our websites or apps, you can contact us at the contact information set forth below.

10. Controller

“Drieam B.V.” is the data controller in relation to processing of your data pursuant to this policy. References to ‘Drieam’ in this policy are to Drieam B.V.. Drieam welcomes your comments or questions regarding this privacy policy. Please email us at securityofficer@drieam.com or contact us at the following address or phone number:

Drieam B.V.
Don Boscostraat 4
5611KW Eindhoven
the Netherlands

+31 40 30 46 346

11. Data Protection Officer (DPO)

Drieam has appointed Aukje Looijmans (legal counsellor at Looijmans Juristen) as our DPO. As independent external supervisor and advisor she is charged with the supervision of Drieam’s security compliance with the applicable legislation (including the GDPR) in the area of personal data. Drieam’s DPO contact details:

Looijmans Juristen
Aukje Looijmans
aukje@looijmansjuristen.nl
+31 614445909

12. Complaints

If you are unhappy with the way we collect, store, or process your personal data, please contact us via securityofficer@drieam.com. Our Information Security Officer and Management, who are counselled by an external Data Protection Officer, manage this mailbox jointly. A register of questions and complaints will be kept.

If the situation is not resolved to your satisfaction by contacting the above-mentioned entities, you may file a complaint with the Dutch Data Protection Authority (DPA).

13. Changes to this Privacy Policy

Drieam may change this privacy policy, if any change is made, we will change the “last updated” date at the beginning of the document. If such changes are material, a notice of the changes will be posted along with the revised privacy policy, prior to the change becoming effective. We encourage you to visit this page from time to time in order to be aware of the latest privacy practices.

Changelog

Date Change By
31-08-2020 Removed information concerning the “Privacy Shield” & updated with the (added) security measures Celia Lopes
08-09-2020 Added Changelog Celia Lopes
17-05-2022 Updated data collection website Tom Lamers
22-03-2022 Removed information concerning Flash cookies Tom Lamers
18-07-2023 Updated the policy to make a more clear distinction between what data is collected in the different applications Drieam offers Tom Lamers
18-10-2023 Added information on the Google Drive Picker integration in Portflow Pieter J. Smits
28-11-2023 Added information about not displaying advertisements in Drieam apps and not using tracking cookies in Portflow Pieter J. Smits
25-12-2023 Added a cookie declaration, listing all used cookies and their purposes for Eduframe and Portflow Pieter J. Smits