top of page

TeachAid Data Processing Agreement

This Data Processing Agreement (“DPA”) is an addendum to the legal Agreement between the Customer (“Controller”) and TeachAid (“Processor”) for your use of TeachAid's Services.

 

Definitions

  1. Customer Personal Data: All Personal Data processed by TeachAid on behalf of the Customer.

  2. Data Protection Law: Includes but is not limited to:

    • General Data Protection Regulation (GDPR);

    • UK Data Protection Act 2018;

    • Applicable U.S. state privacy laws (e.g., FERPA, SOPIPA, and COPPA).

  3. Sensitive Data: Includes personal identifiers, biometric data, and other special categories under GDPR.

  4. Sub-Processor: An entity engaged by TeachAid to process Customer Personal Data.

  5. Standard Contractual Clauses (SCCs): European Commission-approved clauses for international data transfers.

 

Roles and Responsibilities

  1. The Customer is the Controller and determines the purpose of processing.

  2. TeachAid is the Processor and processes data on behalf of the Customer for the purposes outlined in Annex A.

  3. TeachAid will:

    • Only process Customer Personal Data per documented instructions.

    • Notify the Customer if any instructions appear non-compliant with Data Protection Laws.

  4. The Customer shall:

    • Ensure all data is collected lawfully.

    • Provide necessary notifications and obtain required consents.

  5. TeachAid does not accept liability for Sensitive Data supplied in violation of this agreement.

 

Security

TeachAid shall:

  1. Implement appropriate technical and organizational measures per Article 32 of GDPR, including:

    • Data encryption at rest and in transit.

    • Access controls and regular security training for personnel.

  2. Maintain up-to-date security policies and ensure they are regularly audited.

  3. Ensure all personnel authorized to process data are bound by confidentiality.

 

Security Incidents and Notification

  1. TeachAid will:

    • Notify the Customer of any Personal Data Breach without undue delay, within 24 hours where feasible.

    • Cooperate with the Customer in fulfilling legal notification obligations.

  2. Such notification will include:

    • The nature of the breach.

    • Steps taken to mitigate risks.

    • Recommendations for the Customer.

 

Cooperation and Assistance

TeachAid will assist the Customer with:

  1. Responding to Data Subject rights requests under applicable law.

  2. Conducting data protection impact assessments (DPIAs).

  3. Complying with obligations for supervisory authority consultations.

  4. Any assistance provided beyond routine operations may incur additional costs.

 

Audit Rights

  1. TeachAid will:

    • Provide necessary documentation to demonstrate compliance.

    • Allow for audits and inspections, subject to reasonable notice.

  2. Audits are limited to one per year unless required due to legal obligations.

  3. Costs of such audits are borne by the Customer unless non-compliance is identified.

 

Use of Sub-Processors

  1. TeachAid may engage Sub-Processors and will:

    • Ensure Sub-Processors meet equivalent data protection standards.

    • Notify Customers of any new Sub-Processors, allowing a 15-day objection period.

  2. Current Sub-Processors are listed in the Annex.

 

International Transfers

  1. TeachAid will:

    • Use SCCs for any transfers outside of the EU/EEA.

    • Ensure Sub-Processors adhere to similar safeguards for international data transfers.

  2. TeachAid ensures compliance with U.S.-EU Privacy Shield requirements or equivalent frameworks, where applicable.

 

Data Retention and Deletion

  1. Upon termination, TeachAid will:

    • Delete or return all Customer Personal Data per Customer instructions.

    • Retain backup data only as required by applicable law or legitimate legal needs.

  2. Deletion requests must comply with TeachAid’s retention policies and timelines.

 

Annex A – Details of Data Processing

  1. Processor: TeachAid.

  2. Controller: The Customer.

  3. Nature of Processing: Delivery of educational services, including curriculum management and analytics.

  4. Categories of Data Subjects: Students, teachers, and administrative users.

  5. Data Types: Email addresses, names, grades, curriculum plans, and activity logs.

 

Annex B – Security Measures

TeachAid’s security measures include but are not limited to:

  1. Encryption: AES-256 for data at rest and TLS for data in transit.

  2. Access Control: Role-based access with multi-factor authentication.

  3. Monitoring: Real-time threat detection systems.

  4. Incident Management: Comprehensive incident response plans.

  • Twitter
  • Instagram
  • LinkedIn
bottom of page