Introduction

VisCool Ltd. is committed to protecting the personal data of all our users in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines our commitment to data protection, the rights of data subjects, and how we implement GDPR principles across our educational management platform.

As a provider of educational technology services, we recognize the particular sensitivity of educational data and maintain the highest standards of data protection for students, educators, and institutional administrators.

1. Our Data Protection Principles

In accordance with GDPR Article 5, we adhere to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner. Our Privacy Policy clearly explains what data we collect and why.
• Purpose Limitation: We collect personal data only for specified, explicit, and legitimate educational purposes and do not further process it in a manner incompatible with those purposes.
• Data Minimization: We collect only the personal data that is necessary for the intended educational purpose. We regularly review our data collection practices to ensure minimization.
• Accuracy: We take reasonable steps to ensure personal data is accurate and up to date. Users can review and update their information at any time through the Platform.
• Storage Limitation: We retain personal data only for as long as necessary to fulfill its intended purpose. Our retention policy ensures timely deletion of data no longer required.
• Integrity and Confidentiality: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.
• Accountability: We maintain comprehensive records of our data processing activities and can demonstrate compliance with GDPR at all times.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined in GDPR Article 6:

• Contractual Necessity: Processing necessary for the performance of our service agreement with educational institutions.
• Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our platform and ensuring security, where these interests do not override individuals’ rights.
• Consent: Where required, we obtain clear, informed, and freely given consent for specific processing activities. Consent can be withdrawn at any time.
• Legal Obligation: Processing necessary to comply with legal requirements, including educational regulations and reporting obligations.

3. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you and information about how it is processed.

Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restrict Processing (Article 18): You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to Object (Article 21): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

4. Data Protection Officer

VisCool has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring GDPR compliance. The DPO can be contacted at:

Data Protection Officer
VisCool Ltd.
Email: dpo@viscool.io

The DPO acts independently and reports directly to senior management on all data protection matters.

5. International Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR Chapter V:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules for intra-group transfers
• Regular assessment of the data protection laws in recipient countries

We offer regional data hosting in Europe for institutions that require data residency within the EEA.

6. Data Processing Agreements

We enter into Data Processing Agreements (DPAs) with all educational institutions in accordance with GDPR Article 28. Our DPA covers:

• The scope and purpose of data processing
• Types of personal data processed
• Rights and obligations of both parties
• Sub-processor management and notifications
• Data breach notification procedures
• Data return and deletion upon termination

DPAs are available upon request from our legal team.

7. Data Breach Notification

In the event of a personal data breach, we follow a strict notification process in compliance with GDPR Articles 33 and 34:

• Internal reporting: Breaches are immediately reported to our security team and DPO
• Supervisory Authority notification: We notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals’ rights
• Data subject notification: When a breach is likely to result in a high risk to individuals’ rights, we notify affected individuals without undue delay
• Documentation: All breaches are documented, including their effects and remedial actions taken

8. Exercising Your Rights

To exercise any of your GDPR rights:

1. Submit a request to dpo@viscool.io or through your Platform account settings
2. We will verify your identity before processing the request
3. We will respond to your request within 30 days
4. If we need additional time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period
5. There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests

For students under 16, requests should be submitted by a parent, legal guardian, or authorized institutional representative.

9. Supervisory Authority

If you are not satisfied with how we handle your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities can be found on the European Data Protection Board website.

10. Updates to This Page

We may update this GDPR Compliance page to reflect changes in regulations, our practices, or guidance from supervisory authorities. Material changes will be communicated to our users and institutional partners.

For the most current information about our data protection practices, please also review our Privacy Policy and Cookie Policy.

Contact

VisCool Ltd. Data Protection Team
Email: dpo@viscool.io
General inquiries: privacy@viscool.io