Equin Limited – GDPR General Statements
Introduction
Equin Limited provides Insight Tracking services to UK schools. This document outlines our general approach to GDPR compliance and data protection.
Roles and Responsibilities
- Equin acts as a Data Processor for schools using Insight Tracking.
- Our customers (schools) are Public Authority Data Controllers.
- Due to the nature of our business involving regular and systematic monitoring of individuals on a large scale, including special categories of data, we have appointed an internal Data Protection Officer.
Lawful Basis for Processing
- We process data on behalf of schools based on their lawful grounds for processing.
- Schools typically process personal data as part of their public task mandated by local education authorities.
- Equin has a commercial interest via contract to support our customers’ legitimate interests.
Special Category Data
- We acknowledge that our services may involve the processing of special category data.
- To lawfully process special category data, you must identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9.
GDPR Compliance Approach
- We are committed to upholding the principles of data protection as outlined in the GDPR.
- We regularly review and update our data protection policies and procedures.
- We support our customers (Data Controllers) in fulfilling their GDPR obligations.
Brexit and International Data Processing
- Following the UK’s exit from the European Union, we primarily offer our services to schools within the United Kingdom.
- Our data processing takes place on servers hosted in the United Kingdom.
- We continue to align our practices with UK GDPR requirements.
Compliance Demonstration and Review
- We maintain records of our processing activities and conduct regular internal audits.
- This General Statement and our other data protection policies are reviewed annually or when significant changes occur in our business or relevant legislation.
- Equin is not subject to Network and Information System (NIS) 2018 regulations due to our company size and turnover being under the threshold.
For more detailed information about our specific data processing activities, please refer to our Privacy Notice.