We take great care in using your personal data carefully and securing it from misuse. This privacy notice discloses the privacy practices for the Social Schools webapp and mobile apps (hereafter APP). This privacy notice applies solely to information collected by this APP.
Since Social Schools acts as a service provider for your school, we do not enter into an agreement with you as end-user of the APP. Instead, we enter into a Data Processing Agreement with your school, which details the following:
What personally identifiable information is collected from you through the APP, which goal this collection serves, how it is used and with whom it may be shared.
The technical and organizational measures in place to protect the misuse of your information.
The procedures in place to report misuse of personal information.
For more information, please contact your school for the full version of the Data Processing Agreement. For your convenience, we have included an outline below, which summarises the way we use your personal data and the way we secure it.
Data processing goal
Social Schools processes your personal data solely for the purpose of facilitating communication between all stakeholders in your school (employees, students and parents).
Data minimization and privacy by design
We strive to minimise the personal information needed for the APP to be fully functional. The smallest set of personal information we need is:
Parent / Professionals: Name & E-mail
Students: Name, Date of birth and class/schoolyear
This minimal set of data is also available to relevant employees of your school; such as your class teacher or the person responsible for the administration.
There is room to add more contact (phone nr, home address) and profile information (avatar, about me) to enrich the communication between the members of your school. Filling this out is optional and is a personal choice of you as a user or a result of policies of your school.
We have taken a number of technical and organizational measures to protect your data based on a data classification we executed. Please find the outlines of these measure below:
We work only with subprocessors renowned in their areas of expertise, such as Amazon Web Services, Azure App Service and Azure SQL Database.
All data is stored within the European Economic Region.
Physical access to the data is managed by our subprocessors that are certified by international standards for data protection.
Our technical infrastructure is managed by our subprocessors ensuring timely updates of hardware and firmware, minimising security risks in our infrastructure.
Personal data stored in our database is encrypted.
Media stored on our servers are encrypted.
Transport of your personal data is always encrypted with SSL.
We only access your personal data for support purposes.
Access to your personal data is restricted to our support staff and our lead developers (hereafter STAFF).
We enter into an NDA with all our STAFF to ensure the careful handling of your personal information.
For maximum traceability, our STAFF accesses your personal data with personal accounts managed by Social Schools. All changes made by our staff are logged.
Any mobile devices used by our STAFF are encrypted to minimise the risk of data leaks.
Right to view and edit your personal information & Right to be forgotten
As user, you can view (and edit) your personal data and that of your children within the app:
Your own data can be found under “Account & Profile”, here you can view and edit your profile information and contact details
Your child’s data can be found under “my students”. Since the school is responsible for this data, we request you to contact SCHOOL in case you want personal data of your child changed.
If you want to exercise your right to be forgotten, we kindly request you to reach out to us by sending an email to firstname.lastname@example.org. We will remove your account and the personal data related to it within 30 days.
If you don’t ask us to delete your account, it will be deleted automatically if you have no connection to any school for longer than 2 years.
When we find a vulnerability that might expose personal data to persons unauthorised to access this data, we treat this with the highest priority.
If you find a vulnerability in our APP we kindly request you to report it to us via email@example.com. We ask you not to download any personal data or share the vulnerability with other persons or third parties. When you report a vulnerability, we will confirm the vulnerability and will answer you with the chosen solution and the impact of the vulnerability. Depending on the impact we will report the vulnerability to the authorities.