GDPR Information

Please confirm what sufficient guarantees you can give our school that demonstrate your understanding and implementation of your obligation, as a processor, under the new GDPR legislation, including any certifications or externally audited process’s.

We are pleased to confirm that Developing Experts Limited is compliant with the GDPR and all UK data protection legislation.

Do you meet the requirements of the ICO’s Age Appropriate Design Code?

Developing Experts Limited ensures it complies with the Children’s Code and the ICO Age Appropriate Design Code.

For further information please visit https://www.developingexperts.com/childrens-code

Do your standard contract terms include any new GDPR and mandatory Data Protection provisions?

Yes. Section 5 of our School Terms and Conditions contains information about privacy and data protection, which includes the mandatory GDPR and Data Protection contractual provisions relating to data sharing between data controllers and data processors.

This means that separate data sharing agreements or variation agreements with schools are not needed.

Please refer to https://www.developingexperts.com/terms

Do your standard contract terms propagate down, within a formal contract, to your Subcontractor involved in the service to our school?

Yes. Developing Experts Limited have GDPR and Data Protection compliant terms in place with any Subcontractor who have access to the personal data that we hold from our customers. A list of Subcontractors can be found within our Terms and Conditions https://www.developingexperts.com/terms

Are you maintaining Data Processing Records (as outlined in Article 30 of GDPR).

Due to the size of our organisation, we are not obliged to do this. However, as we believe it is good practice, we do.

Can you confirm our right to have personal data deleted or upon termination of contract at no extra cost?

We confirm that you have the right to have personal data deleted at no extra cost. The deletion process may take up to 30 days for all data to delete from our backup systems.

What is your data retention policy?

We will delete users’ personal data where we no longer have a legitimate business need to process or hold it. We will retain and use personal information of the main contact if required to comply with our legal and regulatory obligations, to resolve disputes, and/or to enforce our terms and conditions.

Our policy is to automatically delete any pupil data from trial accounts, 90 days after expiry of a free trial. Upon expiry of a subscription, or a non-renewal, all pupil and teacher data will be deleted within 60 days of expiry. Deleted pupil data cannot be retrieved following deletion

Do you have a data privacy policy and/or fair processing notice which meets GDPR requirements.

We have a Data Privacy Policy. Please refer to: https://www.developingexperts.com/privacy

Do your contracts of employment contain confidentiality and gross misconduct clauses, in the context of customer’s data privacy?

Our Employee Handbook, which forms part of our contracts of employment, contains this.

Do you use cloud storage, and if so, which provider?

We use Google Drive and AWS.

Where is data stored and is it secure?

Our school data is stored on the following secure servers:

Amazon Web Services are located in Ireland and back up servers located in Ireland; and https://aws.amazon.com

Heroku servers based in Europe: https://www.heroku.com

Data is encrypted in transit and at rest and our team uses secure passwords and keys to keep your data safe.

We don’t transfer your data outside of the EU. Some of our third party processors store data outside of the EU, but in each case this is strictly pursuant to, and in accordance with, GDPR compliant contractual provisions including, for example, use of SCCs.

Please refer to our Approved Subcontractor List.

What data do you collect and for what purpose?

Please refer to our Privacy Policy for full details, but in summary we collect: Schools:

School’s name, address, URN, phone number and finance contact information (for invoicing purposes and account name and management).

Teachers’ names and email addresses, along with class information (so we can provide you with an account and contact you)

Pupils’ forename and surname, class, gender and date of birth (to administer accounts)

Do you share our data with anyone?

We keep all personal information confidential and do not sell or knowingly divulge user’s information to advertisers or any external third parties. We will only disclose your personal information in very limited circumstances, which are set out in our Privacy Policy.

Anonymised User data is used as the basis for reporting to our Sponsorship Partners.

Are user names publicly available on your platforms?

Pupils create an alias to shield their public identity.

Do you hold financial information?

We don’t hold any financial information. All credit card payments are handled by Stripe https://stripe.com/gb

Can we stop getting emails from you?

All users have a right to opt-out of marketing communications at any time. Users can exercise this right by either clicking on the "unsubscribe" or "opt- out" link in any marketing e-mails we send. Alternatively, users can contact us using the contact details provided below.