On May 25, 2018, the General Data Protection Regulation (GDPR), will be effective. GDPR provides necessary legal framework to give fundamental right to privacy for every EU resident. EduBrite welcomes this regulation and is ready for serving our responsibilities as a "Data Processor". EduBrite has taken a number of steps in supporting our Customers, so they can handle their responsibilities as a "Data Controller".
Data Processing Agreement
EduBrite has created a Data Processing Agreement (DPA) that outlines our data processing policies and privacy practices in detail with respect to GDPR. Customers can request a copy of our DPA by contacting firstname.lastname@example.org
EduBrite uses the SOC 2 compliant hosting provider. EduBrite application is built using industry standard security practices including OWASP guidelines. Our operational infrastructure is made fully secure by following best practices such as using server hardening, firewalls, encryption, intrusion detection, monitoring and alerting. At the application level, EduBrite provides number of security features to allow customers to keep their data secure and private.
Right to Access
End users can request access to their data from our Customers (the Data Controllers). Our application provides all necessary interface to download such data. EduBrite Support team can be contacted for any further assistance.
Right to Be Forgotten
Organizations (Data Controllers) can request their data to be fully removed from our systems in case they no longer are our customers. Similarly end users can contact our customers (Data Controllers) to have their data removed. EduBrite (Data Processor) can't act directly on end user's request for data deletion.
Right to Data Portability
Our customers (Data Controllers) can download the data the system has collected about their users, in machine readable CSV, XML and/or PDF format.
Right to Be Informed
Right to Have Information Corrected
On behalf of the end users, Customers (Data Controllers) can request EduBrite to correct any data that is not already available for correction via the application.
Right to Object
EduBrite (Data Processor) never uses end users information for marketing purposes. End users should contact the Customers (Data Controller) in case they have any objection with their use of data.
Right to be Notified
EduBrite will notify the affected Customers (Data Controllers) about any known data breach within 72 hours of becoming aware of it.
For any questions about EduBrite's GDPR readiness, contact email@example.com