GDPR

At Axle Education, we take the protection of personal data very seriously. As a company operating within the European Union, we are committed to adhering to the GDPR, a regulation in EU law on data protection and privacy for all individuals. This regulation is intended to unify the policies and strengthen the safety and security of all data held within our organisation.

ICO Registration

• Organisation Name: Axle Education Ltd
• Registration Number: ZA351246
• Registration Start Date: 01/05/2018

Summary

• Schools have tools to amend or remove specific data directly via our platform.
• The Data Protection Officer (DPO) details are collected during the onboarding process.
• Axle Education honours subject access requests for data review and corrections within 14 working days.
• In the event of a data breach, affected parties are notified within 72 hours.
• Internal policies ensure all staff are trained on GDPR compliance and updated regularly.
• We collect data under clear permissions, detailing the types of data collected, retention periods, and storage mechanisms. For more details, visit permissions list.
• Comprehensive audits ensure data handling and storage practices meet GDPR standards. Audit results are available in the audit document.
• Our GDPR commitments are included in all contractual agreements with schools, ensuring responsibilities and rights are clearly defined.
• Updated policies provide enhanced security and reflect the high standards set by GDPR. For more details, visit privacy policy.

Data Security Measures

• Data Hosting: All data is securely hosted within our London-based data centres, ensuring compliance with EEA standards.
• Data Encryption: Comprehensive encryption of all data at rest and in transit.
• Access Control: Data access is restricted to essential personnel only, following the principle of least privilege.
• Security Infrastructure: Robust firewalls and multi-factor authentication protect access to data servers.
• Staff Vetting: Rigorous vetting includes reference checks, criminal background checks, and DBS checks.
• Training: Regular training on security protocols and GDPR compliance is mandatory for all staff.

MIS Integration with Wonde

Axle Education partners with Wonde, a Management Information System (MIS) integration partner. Wonde facilitates access to a school's Management Information System, enabling seamless data integration and management.

• Data Sharing Agreement with Wonde: Axle Education has established a data sharing agreement with Wonde to ensure that data handling between systems is compliant with GDPR and respects the privacy and security of all parties involved.
• School Agreements: Schools utilising our service will have a separate data sharing agreement directly with Wonde. This agreement governs the use and protection of their data, complementing our own commitments to data security and privacy.

Your Rights as a Data Subject

Under certain circumstances, as a data subject, you have rights under data protection laws in relation to your personal data. These rights are detailed below. If you wish to exercise any of these rights, please contact our Data Protection Officer or email support@axle.education.

Your rights are as follows:

• Right of Access: You have the right to request a copy of the personal data we hold about you and to verify that we are processing it lawfully.
• Right of Rectification: You have the right to request that we correct any personal data we hold about you that is inaccurate or incomplete.
• Right to be Forgotten/Erasure: Under certain circumstances, you have the right to request the erasure of your personal data from our records.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to have the data we hold about you transferred to another organisation.
• Right to Object: You have the right to object to the processing of your personal data, particularly where we rely on a legitimate interest (or those of a third party) and there is something about your specific situation which makes you want to object to processing on this ground as it impacts your fundamental rights and freedoms.

Additional Provisions

• Professional Indemnity Insurance: Adequate coverage to handle any potential claims.
• Data Disposal: Secure disposal of data within 90 days post contract termination.
• Support for Subject Access Requests: We assist schools with any data access requests efficiently.
• Best Practices Compliance: Regular testing of backup systems, software updates in line with security requirements, and adherence to best practices in software development and data management.