Guide to GDPR
On May 26th of 2018 the European General Data Protection Regulation (GDPR) became effective. Colleges and universities that collect data from anyone physically living in the European Union (EU) (i.e. administrators, faculty, students, vendors, alumni, etc.) are required to comply with GDPR. The purpose of GDPR is to help protect the privacy of EU citizens. This guide is here to help you navigate the complexities of GDPR and to assure you we're here to help. We take your privacy and security seriously and are available if you ever have questions, concerns, or feedback for us. Feel free to reach out anytime at email@example.com.
Administrators and End-Users
Users of the ClassCred services are either “administrators” (i.e. teachers) or “end-users” (i.e. students). Within a ClassCred community of end-users, the community’s administrator has access to all of the end users’ data. If you are an end-user and have questions about your administrator’s access to your data, or use or sharing of your data, please contact your administrator.
Transporting EU citizen data to other countries
If your Community has Administrators or End-Users that are EU citizens you must ensure data about EU citizens is transferred and protected in accordance with GDPR (Chapter V, Articles 44-50). This means personal data about EU citizens can only be transferred and stored in countries the European Commission has recognized as providing adequate protection. You can view the up to date list by clicking here (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).
Your ClassCred data is stored at AWS in the United States. We do not have a Privacy Shield framework certification. We are not pursuing a Privacy Shield certification at this time due to uncertainty around its continued effectiveness and ability to satisfy GDPR requirements. We recommend anyone using our Services, with EU citizens in their Community, complete and sign a Data Processing Addendum (DPA). The DPA contains European Union Model Clauses, known as Standard Contractual Clauses, to meet the requirements for GDPR. At this time, we believe a DPA is a longer lasting solution than a Privacy Shield certification. You can request one by emailing us at firstname.lastname@example.org. If you have your own DPA document, we are happy to review and sign it instead.
How you can fulfill data request, modification, and deletion
If you are an EU citizen and use our Services, then you have specific rights to your data. This relates to GDPR Chapter 3—Right of the data subject. You can request to receive your data, modify it, and/or delete it.
Depending on if you are an Administrator or End-User, you will have different rights regarding your data. If you are an Administrator, you can request for us to send, remove or modify any information about your account. You can export data on Instructor Resource page of your ClassCred site or by emailing us. To permanently remove your data, you must email us at email@example.com, and we will remove your data within 30 days of notice.
If you are an End-User, and you would like to view, modify, or remove all or some of your data please contact your Administrator and have them email us to do so. If you do not know your administrator please email us at firstname.lastname@example.org.
GDPR gives a clear way to lodge complaints
As an EU citizen you can report GDPR violations to your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) or searching on the internet.
Our goal is to never let things escalate to the point where you need to file a complaint. Please contact us if you ever feel like we are not complying with your rights under GDPR.
GDPR is new and the rules may change. We will do our best to post updates affecting ClassCred on this page. Here are some additional resources to better familiarize yourself with GDPR, our policies, and policies of the chat platforms we integrate with.
Official site for EU data protection Rules: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
Searchable version of GDPR regulation: https://gdpr.algolia.com
Slack’s approach to GDPR: https://slack.com/gdpr
If you have questions about GDPR, please contact us at email@example.com