GDPR Compliance

EduManage is fully committed to GDPR compliance: - We process data lawfully, fairly, and transparently - Data collection is limited to specified, legitimate purposes - We maintain data accuracy and integrity - Storage is limited to necessary timeframes - We ensure appropriate security measures - We are accountable for compliance demonstration Our platform is designed with privacy by design and by default.

Under GDPR, you have the right to access your personal data: - Request a copy of all personal data we hold about you - Receive information about how your data is processed - Understand the purposes of data processing - Know who has access to your data - Request data in a structured, machine-readable format Access requests are fulfilled within 30 days at no charge.

You can request corrections to your personal data: - Update inaccurate or incomplete information - Add missing data to your profile - Correct errors in academic or financial records - Update contact information and preferences We will notify third parties of corrections where applicable.

Also known as the "right to be forgotten": - Request deletion of personal data when no longer necessary - Withdraw consent for data processing - Object to processing for legitimate interests - Exercise your right when data was unlawfully processed Some data may be retained for legal or contractual obligations.

You can limit how we process your data: - Contest the accuracy of personal data - Object to processing but prefer restriction over deletion - Need data for legal claims despite deletion request - Data processing is unlawful but you oppose erasure Restricted data is stored but not actively processed.

Transfer your data between service providers: - Receive personal data in CSV, JSON, or PDF format - Transfer data directly to another platform (where feasible) - Export academic records, grades, and reports - Download financial transaction history Data portability applies to automated processing with consent.

You can object to certain data processing: - Object to processing for direct marketing (absolute right) - Object to processing for legitimate interests - Object to profiling and automated decision-making - Opt-out of research and statistical purposes We will cease processing unless we have compelling legitimate grounds.

We implement robust security measures: - End-to-end encryption for data in transit and at rest - Regular security audits and penetration testing - ISO 27001 and SOC 2 Type II certified - Data Processing Agreements (DPAs) with all vendors - Incident response and breach notification procedures - Staff training on GDPR compliance We maintain detailed processing records as required by GDPR.

When transferring data outside the EU/EEA: - We use EU Standard Contractual Clauses (SCCs) - Transfer Impact Assessments (TIAs) are conducted - Data is only sent to countries with adequate protections - We comply with cross-border data transfer regulations You have the right to obtain information about transfer safeguards.

We retain data only as long as necessary: - Active accounts: Duration of service plus 7 years - Student records: As required by educational regulations - Financial records: 7 years for tax and audit purposes - Marketing data: Until consent is withdrawn - Backups: 90 days with automated deletion Retention schedules comply with legal and regulatory requirements.

We have appointed a dedicated Data Protection Officer (DPO): - Monitors GDPR compliance across the organization - Provides expert advice on data protection - Acts as a contact point for supervisory authorities - Available for data subject inquiries and complaints - Ensures privacy impact assessments are conducted Contact our DPO at: dpo@edumanage.com

We process data based on the following legal grounds: - Consent: For marketing and optional features - Contract: To provide our services as agreed - Legal Obligation: To comply with laws and regulations - Legitimate Interests: For fraud prevention and security - Vital Interests: To protect health and safety - Public Task: For educational institutions' statutory duties You can request information about the legal basis for any processing.