Logo
LoginRegister

GDPR at prep4all.co.uk

Our Commitment to Your Data Protection

Understanding GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a landmark regulation in EU and UK law concerning data protection and privacy for all individuals. It came into force on May 25th, 2018, strengthening the safety and security of all personal data held by organizations. At prep4all.co.uk (operated by D&J TECHNOLOGY SOLUTIONS LIMITED), we are dedicated to upholding the principles of GDPR and ensuring the robust protection of your personal information.

This legislation replaced previous data protection laws and is a significant piece of data protection regulation. You can find comprehensive information about GDPR from regulatory bodies like the Information Commissioner's Office (ICO) in the UK, which provides an excellent Overview of GDPR.

This page provides an overview of your rights under GDPR and how we address them. For a more detailed explanation of our data processing practices, please refer to our full Privacy Policy.

Data Controllers and Data Processors

Understanding the roles of Data Controller and Data Processor is key under GDPR:

  • When parents or individual users directly provide data to us (e.g., by creating an account on the Prep4All platform or making an enquiry), D&J TECHNOLOGY SOLUTIONS LIMITED (trading as prep4all.co.uk) acts as the Data Controller. We determine the purposes and means of processing your personal data.
  • In situations where a school or other educational institution uploads or manages staff, parent, or pupil data on the Prep4All platform, the school or institution is typically the Data Controller. They determine what data is collected and how it is used. In these instances, D&J TECHNOLOGY SOLUTIONS LIMITED (trading as prep4all.co.uk) acts as the Data Processor, processing data on behalf of and according to the instructions of the school.

GDPR places significant responsibilities on Data Controllers to inform individuals (like pupils and parents) about how their data is being used and by whom.

How Prep4All Complies with GDPR

We are committed to meeting the requirements of GDPR and ensuring the security and proper handling of your personal data. Here's how:

  • Cloud Hosting and Data Location: Our platform is fully hosted in the cloud, with servers based within the European Economic Area (EEA) or the UK. We store, process, and manage all personal data primarily within the EEA/UK, ensuring high standards of data protection.
  • Third-Party Data Sharing: We do not share your personal data with third parties for their marketing purposes. We only share data with third-party service providers when necessary to provide our services (e.g., payment processors, cloud hosting providers), and we have appropriate contracts in place to protect your data. Details are provided in our Privacy Policy.
  • Data Encryption: We employ robust security measures, including encrypting your data both in transit (e.g., using SSL/TLS for website connections) and at rest (when stored on our servers), to protect it from unauthorized access.
  • Permission-Based Access: For accounts managed by schools or tutors, control over which users have access to specific data is maintained, ensuring data is only seen by authorized individuals.
  • Secure Logins: Every user on our platform has a secure login. We also implement measures such as automatic logouts after periods of inactivity to enhance security.
  • Data Retrieval (Subject Access Requests): You have the right to access the personal data we hold about you. Parents, tutors, or schools can typically download or request data related to pupils, parents, or teachers associated with their accounts. Requests can be made by contacting contact@prep4all.co.uk, as detailed in our Privacy Policy.
  • Permanent Deletion of Data (Right to be Forgotten): All users can request the deletion of their personal data where applicable under GDPR. Such requests can be made by contacting contact@prep4all.co.uk. We will process these requests in accordance with GDPR requirements.
  • Data Sanitisation and Anonymisation: For internal purposes such as data analysis, platform improvement, and machine learning (to enhance our educational tools), we ensure that any pupil data used is appropriately sanitised or anonymised to protect individual privacy.

Key GDPR Principles We Adhere To

We strive to process your personal data in accordance with the core principles of GDPR, including:

  • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner. Our Privacy Policy details our lawful bases for processing.
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  • Data Minimisation: We only collect and process personal data that is adequate, relevant, and limited to what is necessary for the intended purposes.
  • Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage Limitation: We keep personal data in a form that permits identification for no longer than is necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Your Rights Under GDPR

GDPR provides you with a number of important rights regarding your personal data. These include:

  • The right to be informed: About how your personal data is being used (which this notice and our Privacy Policy aim to do).
  • The right of access: To request a copy of the personal data we hold about you.
  • The right to rectification: To have inaccurate personal data corrected.
  • The right to erasure (right to be forgotten): To have your personal data erased in certain circumstances.
  • The right to restrict processing: To request the restriction or suppression of your personal data in certain circumstances.
  • The right to data portability: To obtain and reuse your personal data for your own purposes across different services.
  • The right to object: To object to the processing of your personal data in certain circumstances, including for direct marketing.
  • Rights in relation to automated decision making and profiling: To be protected against potentially harmful decisions made without human intervention.

You can find more details about these rights and how to exercise them in our Privacy Policy, specifically in the "Your Rights" and "Further Information and Exercising Your Rights" sections.

Data Security and International Transfers

We take the security of your personal data seriously. Information regarding our security measures, data storage, and potential international transfer of your data (and the safeguards we apply) is detailed in our Privacy Policy.

Contact Us About GDPR

If you have any questions about our approach to GDPR, wish to exercise any of your rights, or have concerns about how we handle your personal data, please contact us. Our contact details are also available in our Privacy Policy.

Email: contact@prep4all.co.uk

You also have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner's Office (ICO) in the UK, if you believe your data protection rights have been infringed.

This GDPR information page is intended to provide a general overview and should be read in conjunction with our full Privacy Policy for comprehensive details.