The GDPR applies to data 'controllers' and data 'processors'. As a school, you are the Data Controller in respect of the personal data you store on Insight. As a Data Controller, it is your responsibility to ensure compliance with data protection laws and to ensure that your contracts with any data processors comply with the GDPR.
Equin Limited, the company providing Insight, is the Data Processor in respect of the personal data you store on Insight. We are responsible for processing personal data on your behalf and are required to maintain records of personal data and processing activities, as well as making sure your data is securely protected.
Our GDPR Compliance
Your data is stored securely as detailed in our Privacy Notice, which details what personal data we store, how and why we store it, and how long for.
Our Terms of Service detail our contractual relationship. Under GDPR, any processing of personal data, by a Processor (that's us), should be governed by a contract or terms and conditions with certain provisions included.
Our GDPR-compliant Terms of Service, drawn up in consultation with our legal advisers, guarantee you the right protections and controls over your data. Your school will be asked to formally agree these terms when you first start a trial or when you renew your subscription.
Data Processing Agreements
While we completely understand why schools produce DPAs, unfortunately we feel we have to take the position that we can't sign bespoke agreements with each customer. At time of writing, that would involve potentially taking legal advice on, reviewing and signing 1600+ different agreements, which would then be extremely difficult for us to hold ourselves to if the terms materially differed between them
Our terms of service contain all the necessary data processing clauses under GDPR, so we believe there shouldn't be a need for a separate agreement in ordinary circumstances. If you have any particular concerns then of course we're happy to try to address them.
We are currently seeking legal advice on changing our terms in order to separate out the data processing clauses into a dedicated DPA, since that's something lots of schools do seem to expect to see.
Equin Limited, established 2007, is the provider of Insight, a Software as a Service product.
Company Number: 06347232
ICO data protection reference: Z1904040
Name of Data Protection Officer (DPO): Christopher Inman
Email address of DPO: firstname.lastname@example.org
Telephone Number: 020 3393 4005
Postal Address: Unit 6482, PO Box 6945, London, W1A 6US
Registered Office Address: Unit 7 Plantation Store, Foundry Lane, Hayle, Cornwall, TR27 4HD