Privacy Policy & GDPR Compliance


This Privacy Policy explains how Edoo Mate collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


1. Data We Collect

Pupils

  • Full name

  • Year group or class

  • Login ID / username

  • Platform usage data

  • Learning progress and performance data

Teachers & School Staff

  • Full name

  • Email address

  • Role within the school

  • Platform usage data

Schools

  • School name and address

  • Billing and payment information

  • Account administrator and contact details


2. Purpose of Data Processing

We process personal data in order to:

  • Deliver personalised and adaptive learning experiences

  • Provide teacher dashboards, reports, and performance analytics

  • Maintain platform security and functionality

  • Generate anonymised and aggregated insights to improve our products and services

Personal data is never used for advertising or marketing to pupils.


3. Data Storage and Security

  • All data is stored on secure servers located in the UK and/or European Economic Area (EEA)

  • Industry-standard encryption is applied both in transit and at rest

  • Access to personal data is restricted to authorised personnel only

  • Regular security audits and monitoring are conducted


4. Data Sharing

We only share personal data:

  • With authorised school staff

  • With vetted third-party service providers (such as hosting or analytics providers) acting under strict contractual and GDPR-compliant obligations

We do not sell personal data or share pupil data with advertisers or marketing platforms.


5. Rights of Data Subjects

Under GDPR, data subjects have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request deletion of data ("right to be forgotten")

  • Restrict or object to certain processing

  • Withdraw consent where applicable

For pupils, these rights are exercised via the school as the data controller.

Requests can be submitted via the school or directly to our Data Protection Officer.


6. Children’s Data Protection

  • Pupil data is processed strictly under the instructions of the school

  • AI tools provide educational support only and do not make automated high‑stakes or legal decisions

  • No profiling is carried out for marketing or advertising purposes

  • Data minimisation principles are applied at all times


7. Cookies and Tracking

We use:

  • Essential cookies required for platform functionality

  • Performance and analytics cookies to improve service quality

We do not use third‑party advertising cookies or behavioural ad tracking.


8. Contact Information

Data Protection Officer (DPO): dpo@edoomate.com
We aim to respond to all data protection queries within 14 days.


Data Processing Agreement (DPA) – Summary

This Data Processing Agreement forms part of the contract between Edoo Mate and each School.


1. Purpose

To define how Edoo Mate processes personal data on behalf of Schools in compliance with GDPR.


2. Roles

  • School: Data Controller – determines the purposes and means of processing

  • Edoo Mate: Data Processor – processes data solely on documented instructions from the School


3. Scope of Processing

Personal data is processed for:

  • Delivery of adaptive learning services

  • Teacher reporting and analytics

  • Creation of anonymised product improvement insights


4. Security and Confidentiality

Edoo Mate implements:

  • Technical and organisational security measures

  • Encrypted data storage and transmission

  • Role-based access controls

  • Ongoing staff training on GDPR and child data protection


5. Sub‑processors

Approved sub‑processors (e.g., hosting providers) are:

  • Bound by written GDPR-compliant contracts

  • Regularly reviewed for compliance and security standards


6. Personal Data Breach Notification

In the event of a data breach:

  • The School will be notified without undue delay

  • Full cooperation will be provided for investigation, reporting, and mitigation


7. Duration and Termination

  • This agreement remains valid for the duration of the School’s licence

  • Upon termination, personal data will be returned or securely deleted in accordance with the School’s instructions and legal obligations


Safeguarding & Child Data Protection Statement

Edoo Mate is committed to protecting children’s privacy and safety.

We ensure that:

  • Only authorised teachers and school administrators can access pupil information

  • AI tools support learning but do not replace professional teacher judgment

  • No pupil data is used for marketing or commercial profiling

  • All data is hosted on UK/EU servers with strong encryption

  • Regular internal and external audits are conducted to maintain compliance