At Prompting.Education we are committed to protecting the privacy and security of your personal data.
In accordance with the General Data Protection Regulation (GDPR), we have implemented appropriate measures to ensure compliance with the GDPR’s requirements.
This GDPR Compliance page outlines our commitment to GDPR and provides information on how we collect, process, store, and protect the personal data of individuals located in the European Economic Area (EEA).
Data Protection Principles
We adhere to the following data protection principles when processing personal data:
- Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and transparently.
- Purpose limitation: We collect and process personal data only for specified, explicit, and legitimate purposes.
- Data minimization: We collect and process personal data that is relevant, adequate, and limited to what is necessary.
- Accuracy: We ensure that personal data is accurate, up-to-date, and corrected or deleted when necessary.
- Storage limitation: We retain personal data for no longer than necessary for the purposes for which it was collected.
- Integrity and confidentiality: We maintain appropriate security measures to protect personal data from unauthorized access, disclosure, or destruction.
Lawful Bases for Processing
We process personal data based on one or more of the following lawful bases:
- Consent: We may process personal data when you have given us your explicit consent for specific purposes.
- Contract: We may process personal data when it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
- Legal obligation: We may process personal data when it is necessary for compliance with a legal obligation to which we are subject.
- Legitimate interests: We may process personal data when it is necessary for our legitimate interests, provided that those interests do not override your fundamental rights and freedoms.
Your Rights under GDPR
As a data subject, you have several rights under GDPR, including the right to:
- Access your personal data;
- Rectify inaccurate or incomplete personal data;
- Erase your personal data, subject to certain conditions;
- Restrict the processing of your personal data;
- Object to the processing of your personal data for direct marketing or other specific purposes;
- Receive your personal data in a portable format or have it transmitted to another controller;
- Withdraw your consent to the processing of your personal data, where applicable.
To exercise any of your rights, please contact us at privacy@Prompting.Education
International Data Transfers
We may transfer your personal data to countries outside the EEA. We take steps to ensure that your information is protected in accordance with applicable data protection laws, including the use of appropriate safeguards, such as the European Union Standard Contractual Clauses or the EU-US Privacy Shield Framework.
Changes to this GDPR Compliance Page
We may update this GDPR Compliance page from time to time. If we make any material changes, we will notify you by email or by posting a notice on our website. Your continued use of the Services after we make changes constitutes your acceptance of those changes.
Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the affected data subjects without undue delay. We will also report any personal data breaches to the appropriate supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
Privacy by Design and Default
We have implemented a “privacy by design and default” approach in the development of our products, services, and business processes. This means that we consider data protection and privacy issues from the earliest stages of planning and design, ensuring that privacy is an integral part of our operations. We also ensure that our default settings provide a high level of data protection, giving our users more control over their personal data.
Employee Training and Awareness
We are committed to raising awareness about GDPR and data protection among our employees. We provide regular training and resources to ensure that our employees understand their responsibilities and the importance of protecting personal data. We also have processes in place to ensure ongoing compliance with GDPR and to monitor and address potential risks.
Third-Party Processors
We use third-party processors to help us provide the Services, and we ensure that these processors are compliant with GDPR. We enter into written agreements with our processors, requiring them to implement appropriate technical and organizational measures to protect the personal data they process on our behalf.
Data Protection Impact Assessments (DPIAs)
When required by GDPR, we conduct Data Protection Impact Assessments (DPIAs) to evaluate the potential risks and impacts of our processing activities on the protection of personal data. We use the results of the DPIAs to implement appropriate measures to mitigate and manage those risks and ensure ongoing compliance with GDPR.
By maintaining a strong commitment to data protection and GDPR compliance, Prompting.Education aims to provide our users with the highest level of privacy and security when using our Services.
Effective Date: 2023