GDPR

Our systems are fully GDPR-compliant and our GDPR contract has been drawn-up, vetted and verified by experts, so you can use the service with confidence.

Our relationship with high-schools and sixth-form colleges (where we are the Data Processor and the college is the Data Controller) is governed by a GDPR contract which all colleges are required to sign before accessing the system: the system cannot be accessed without signing the contract, and the signed copy is time-stamped and held on file in the college’s account, where it can be accessed at any time.

The GDPR legal basis for colleges adding a student’s email address to their account is “legitimate interest”: there is no requirement to contact each student individually to ask them if they would like to receive an email offering them a free copy of an app which provides them with scholarship information because:

  1. you have already taken steps to ensure the Processor/Controller contract is in place, and
  2. you consider the information in the app will be of legitimate interest to them.

Adding a student to the college’s account sends them an email informing them that a free copy of the app is available to them, should they want it… it doesn’t sign them up to anything, and they can unsubscribe from further communication at any time.

The legal basis required by GDPR for our relationship with the students is “consent” because each student signs up to the service individually and they decide whether or not they do that, and what communication they receive from us. They can also unsubscribe at any time of course.

– – –

For reference, our Privacy statement can be found here:
https://www.GrantFairy.com/privacy

And our Terms of Service can be found here:
https://www.GrantFairy.com/terms

 

GDPR