To facilitate Customer's use of the edu720 learning platform, personal data related to Customer's staff, encompassing names, emails, organizational affiliations, course details, test results, and other pertinent information connected to the e-learning platform, may be transferred and recorded within edu720's systems. Customer acts as the data controller, with edu720 undertaking the role of data processor for the processing of this personal data, as detailed in this Agreement.

Customer holds the responsibility to ensure that staff members registered on the edu720 platform are duly informed and have granted consent for their personal data processing by edu720, in alignment with the terms outlined in this Agreement. edu720 commits to processing personal data regarding Customer's staff members solely in accordance with this Agreement and to the extent that is reasonable and necessary for fulfilling obligations as defined in the Agreement or for enhancing and refining edu720's in-house services.

At edu720, we place an unwavering emphasis on data protection and security, meticulously aligning our practices with the General Data Protection Regulation (GDPR) and industry best practices. Our commitment is rooted in the strict compliance with GDPR regulations, encompassing the implementation of all necessary technical and organizational measures to safeguard personal data against unauthorized access, loss, unauthorized alterations, or any other forms of illegal processing. We are dedicated to ensuring the overall security, integrity, and confidentiality of personal data in full compliance with GDPR guidelines.

In accordance with our commitment to data protection, both parties, edu720 and the Customer, will enter into a Data Processing Agreement (DPA) at the commencement of our cooperation. This DPA will fully comply with GDPR regulations and will outline the roles and responsibilities of each party regarding the processing and protection of personal data. This agreement serves as an essential foundation for ensuring that data protection measures are consistently upheld throughout our collaboration.

In the event of deviations or breaches of GDPR regulations or other data protection statutes, rest assured that edu720 is fully prepared to promptly inform the Customer. It is our steadfast responsibility to inform the relevant data protection authorities and data subjects, a responsibility that we undertake as mandated by GDPR. Our collaboration with the Customer is unwavering, as we diligently work to facilitate the realization of data subjects' rights, enabling them to exercise their rights to access, rectify, or erase their personal data as stipulated by GDPR provisions.

Furthermore, our staunch commitment to data protection extends to ensuring the accuracy and currency of stored personal data, granting access to pertinent security documentation and the associated security measures, and overseeing the removal of information within a reasonable timeframe that aligns with the intended purposes for data collection and processing. This steadfast commitment is in perfect harmony with GDPR regulations and encapsulates the very essence of the industry's finest practices, offering our customers the assurance that their data is treated with the utmost care and responsibility.

Security Audits and Data Subject Rights

Customers and edu720 have the flexibility to mutually agree to conduct security audits. In the event that both parties reach an agreement to proceed with security audits, Customer is responsible for covering the costs associated with such audits. edu720 is fully prepared to collaborate with Customer to facilitate the fulfillment of data subjects' rights, which include the rights to access, rectify, or erase personal data in accordance with Customer's directives.

edu720 undertakes reasonable measures to initiate the deletion of information within an appropriate timeframe, aligning with the intended purposes for collecting and processing this data, unless there exists a legal basis necessitating the indefinite retention of this information.

In the event of the Agreement's termination, the Customer retains the right to request the transfer of all personal data linked to Customer's registered staff members.