25MTC

Data Protection & GDPR Compliance

Our Commitment to Your Data

25MTC is committed to protecting the privacy and security of all our users. This page outlines our compliance with the General Data Protection Regulation (GDPR) and explains our data protection principles in simple terms.

Our Role as a Data Processor

Under GDPR, it's important to understand the roles regarding your data:

  • When a **school** signs up and adds student information, the school is the **Data Controller**. They own the data and decide how it is used.
  • 25MTC acts as the **Data Processor**. We only process the data on the school's behalf to provide our service, according to their instructions.
  • For **family accounts**, the parent or guardian is the **Data Controller**.

What Data We Process on Your Behalf

We only process the data necessary to make 25MTC work effectively. This includes:

  • Account Information: Names and email addresses for teachers and parents.
  • Student Information: Student names, classes, and year groups needed to create and manage accounts.
  • Performance Data: The answers students give to questions and the time taken to answer. This is the core data needed for progress tracking and our adaptive learning system.
  • Technical Data: Basic technical information like IP address and device type, which is necessary to keep the service secure and functional.

Your school may choose to provide optional data like gender for their own impact reporting, but this is not required by 25MTC.

Your Data Protection Rights

As a user, GDPR gives you rights over your data. You can:

  • Request access to the data held about you.
  • Request corrections to any inaccurate data.
  • Request to delete your account and data.

To exercise these rights, students and parents should first contact their school or the account holder (the Data Controller). For any questions, you can contact us directly.

Data Security & Sub-Processors

We are committed to keeping your data safe. We use appropriate technical and organizational measures like encryption and access controls to protect it. To provide a reliable service, we use a small number of trusted technology partners (sub-processors) to store and process data. We have legally binding Data Processing Agreements (DPAs) with all of them.

Our core infrastructure providers are:

Provider Service Data Location
Google Cloud Services Cloud Server & Data Storage EU (Configurable)
Amazon Web Services (AWS) Cloud Server & Data Storage EU

We will not transfer your data outside of the UK/European Economic Area (EEA) unless appropriate legal safeguards are in place.

How to Contact Us

If you have any questions or concerns about how we handle your data, please contact us at: privacy@25mtc.com