Classe365 International Data Transfers

When our clients use one of our platforms listed at the end of this notice (the “Platforms”) for managing their administrative records, arranging learning activities, and managing human resources, they often submit individuals’ (e.g., students’, parents’, teachers’, staff members’, and candidates’) personal data through the Platforms. In most instances, we act as a processor under the General Data Protection Regulation (GDPR) with regard to such personal data.

If we receive personal data of individuals located in the UK or European Economic Area (EEA), such personal data may be transferred outside the UK and EEA to ensure the operation of the Platforms, provision of our services, and our daily business activities. Such transfers are conducted only for specific purposes, such as hosting, service provision, communication, payment processing, and outsourcing. We do not transfer or use personal data for unlawful purposes that are not permitted by the GDPR and other applicable laws.

To ensure that we process personal data in consistency with the standards prescribed by the applicable law, we make sure that we comply with the rules of the GDPR that govern international data transfers (Chapter 5 of the EU GDPR). Below, we explain in detail how we ensure that the personal data processed by us outside the EEA is adequately protected.

What does the GDPR say?

The GDPR stresses that transfers of personal data from the EEA to third countries outside the EEA and UK require special consideration. According to the GDPR, international transfers may take place only when there is an adequate level of protection to the fundamental right of individuals to data protection.

To maintain high standard of privacy protection and to ensure that the level of protection afforded to individuals is not weakened when their data is transferred outside the UK and EEA, the GDPR sets a number of conditions that should be met by companies willing to transfer personal data outside the UK and EEA.

If the recipient country is not subject to an adequacy decision by the European Commission, the GDPR requires companies to ensure certain safeguards for the transferred personal data. Articles 46 and 49 of the EU GDPR list mechanisms that constitute such adequate safeguards, namely:

• Legally binding instruments approved by public authorities and bodies;
• Binding corporate rules drafted in accordance with the GDPR requirements;
• Standard data protection clauses approved by the European Commission or an EU Member State’s supervisory body;
• An approved code of conduct;
• An approved certification mechanism;
• Contractual clauses between controllers and processors approved by supervisory authorities;

Or

• Data subject’s consent.

How do we ensure compliance?

To ensure that the processing of personal data is carried out in accordance to the highest data protection standards, we use the most frequent mechanism to legitimise international data transfers, namely, the new version of the standard contractual clauses (controller to processor) approved by the European Commission (the “SCC”). The data processing agreement that our clients conclude with us (the “DPA”) is based on the SCC and a copy of the SCC is provided as an Exhibit 1 to the DPA. Our DPA is available at https://www.classe365.com/classe365-personal-data-processing-agreement-dpa.

Moreover, we comply with all data protection principles listed in the DPA, such as:

• Processing personal data for limited specific purposes that are compatible with the purpose of transferring;
• Processing only a proportional amount of personal data;
• Processing personal data only in accordance with controller’s instructions;
• Providing details about our processing activities;
• Providing information to individuals concerned;
• Implementing appropriate security measures;
• Allowing individuals to exercise their rights; and
• Implementing appropriate supervision and enforcement mechanisms.

Contact

If you have any questions about our data protection practices or would like to receive further details regarding international data transfers, please contact us by email at clientservice@classe365.com or by post at 365.Software, 22 Palm street ,St. Ives, NSW 2075, Australia.

Our platforms

1. Student management platform Classe365 available at https://www.classe365.com (“Classe365”);
2. Student hiring management platform Hiree365 available at https://www.hiree365.com (“Hiree365”); and
3. Related websites, software, and services.