GDPR

On May 25, 2018, the General Data Protection Regulation (GDPR), will be effective. GDPR provides necessary legal framework to give fundamental right to privacy for every EU resident. EduBrite welcomes this regulation and is ready for serving our responsibilities as a "Data Processor". EduBrite has taken a number of steps in supporting our Customers, so they can handle their responsibilities as a "Data Controller". 

 

Data Processing Agreement

EduBrite has created a Data Processing Agreement (DPA) that outlines our data processing policies and privacy practices in detail with respect to GDPR. Customers can request a copy of our DPA by contacting privacy@edubrite.com

 

Security Measures

EduBrite uses the SOC 2 compliant hosting provider. EduBrite application is built using industry standard security practices including OWASP guidelines. Our operational infrastructure is made fully secure by following best practices such as using server hardening, firewalls, encryption, intrusion detection, monitoring and alerting. At the application level, EduBrite provides number of security features to allow customers to keep their data secure and private. 

 

Right to Access

End users can request access to their data from our Customers (the Data Controllers). Our application provides all necessary interface to download such data. EduBrite Support team can be contacted for any further assistance. 

 

Right to Be Forgotten

Organizations (Data Controllers) can request their data to be fully removed from our systems in case they no longer are our customers. Similarly end users can contact our customers (Data Controllers) to have their data removed. EduBrite (Data Processor) can't act directly on end user's request for data deletion. 

 

Right to Data Portability

Our customers (Data Controllers) can download the data the system has collected about their users, in machine readable CSV, XML and/or PDF format. 

 

Right to Be Informed

Customers (Data Controllers) should provide a clear opt-in privacy / terms of use statement to the end users who use our platform. EduBrite provides necessary built in placements for capturing and displaying the customer's "Privacy Policy" and "Terms of Use".

 

Right to Have Information Corrected

On behalf of the end users, Customers (Data Controllers) can request EduBrite to correct any data that is not already available for correction via the application. 

 

Right to Object

EduBrite (Data Processor) never uses end users information for marketing purposes. End users should contact the Customers (Data Controller) in case they have any objection with their use of data. 

 

Right to be Notified

EduBrite will notify the affected Customers (Data Controllers) about any known data breach within 72 hours of becoming aware of it. 

 

EU-US / Swiss-US Privacy Shield 

EduBrite is certified participant of the EU-US / Swiss-US privacy shield regulation. 

For any questions about EduBrite's GDPR readiness, contact privacy@edubrite.com