SchoolDrive Privacy Statement

This statement describes the way the SchoolDrive system developed and operated by Solware Ltd. (address: Gödöllő 2100, Kard u. 10., registration no.: 13 09 125775, tax number: 12384114-2-13) ("Service Provider") handles personal data.

Our information security management system for SchoolDrive complies with the ISO/IEC 27001:2014 standard and the quality management system with the ISO 9001:2015 standard.

It is the primary objective of SchoolDrive to store and manage your personal data safely and with care. The purpose of this statement is to disclose what personal data the system is collecting, how it is used, how you can request to use less data about you and the processes implemented to secure the privacy of personal data.

Our promise

  1. We have implemented adequate privacy measures and expect all other organizations working with us to provide a service at a similar level of quality to us.
  2. If we are requesting and managing your personal data, we will always explain why we are requesting the data, what we will use it for and with whom we will share it.
  3. We only collect personal information if it is legitimate from a privacy point of view.
  4. We only ask for so much personal data that is needed to provide our services at an appropriate level and to be able to fulfill our legal or contractual obligations.
  5. We only use personal data for the purpose for which we originally collected it.
  6. SchoolDrive has functionality that enable users to manage their personal data themselves independently. Users can query, update, export or delete their personal data.

What type of users use the system?

  1. School staff: course organizers, head teachers, office head, manager.
  2. Teachers
  3. Bussiness contacts
  4. Students

What personnel data do we collect from users?

We only manage the personal data that is required in order to use the system as Data controller:

Data category Data items What do we use it for
Personal data Email, password, user type, nick name, user interface language, last login, change log
For student users: name, phone, address		 Access, customize user interface
Identification of student users

In addition, users may store additional personal information in the system in order to use it for its intended purpose ("User Data"), which we manage as Data processor. For example:

UserPersonal data
School staffName, mobile, email
Business contactName, mobile, email
Teachers
  • Personal data: name, name at birth, mother's name, birth place and date, gender, nationality, communication language, mobile, e-mail, address, bank account, insurance no., tax no., photo, taught subjects, comments
  • Documents: archived diploma, cv, contract copies
  • Calendar: lessons and private events
Students-

SchoolDrive does not use this data, it only provides storage for them. The goal and the legal basis for the data processing is always determined by the school and the contracts concluded with the school, so the school is the data controller. Users can choose to share data with other users. In the case of teachers and business contacts, data is shared with schools voluntarily by entering into an agreement with the school and including the school in their relationships.

In case of school staff and business contacts the data is limited to contact details. For teachers, this range is broader - in which case schools can store and manage additional related data (eg. courses or finance) once the teacher has started teaching with them. During registration, students can request that the system automatically notifies schools that have students with the same email address as the user to give access to their data. In the case of students, this is personal data that can be used to identify which student or students the registered user belongs to. Personal data that is entered by students during the registration is visible to customers who are identified by the students as their sponsor during the registration.

What do we use the personal data for?

  1. Accessing the system
  2. Customizing the user interface
  3. Logging of changes in order to identify who is responsible for the changes.

Data stored and shared by users is stored by the system but not used for any purpose. It is important for users to be aware of what schools and other users do with their personal information after sharing these with them. This is governed by the agreement between the parties. Teachers and business contacts can only share their data with schools through the system after they have reached an agreement (this is when they know the school's connection password). Sharing lasts as long as the school's regulations make it necessary (this duration is set by the school). The content of a specific agreement is beyond the scope of the system - except for the duration of the agreement, because user data is stored as long as the agreement is not terminated.

Agreements with schools usually include a privacy statement. The following web sites contain sample privacy statements (for teachers, business contacts, school staff and students) that describe the personal information that may be stored by the system and how it may be handled. It is worth considering the criteria given in the samples when accepting agreements with schools.

What is the legal basis for collecting the personal data?

Personal information is collected on the basis of consent, and the use of the system is subject to the acceptance of this privacy statement.

Whom do we share the personal data with?

The SchoolDrive system does not share user data with anybody.

Users may choose to share their personal data with each other through the system, subject to agreements between them.

How long do we store the personal data?

Personal data is stored at least for the duration of the user's agreement with the schools. Thereafter, the system will automatically erase the data if 1 year has elapsed without the user logging in to the system. The system informs the user prior to deletion to provide opportunity for preventing deletion by logging in.

How do we ensure the safety of personal data?

  1. Secure storage and access is ensured by a number of measures:
    1. Data is stored in geographically distributed high speed internet data centers of LeaseWeb és a RackForest. Data center availability is 99.95%. Data centers have redundant uninterruptible power supply, redundant IP network. There is a video system and a continuous concierge service.
    2. Data is stored on Linux servers that are our property and which are geared to the task.
    3. Server redundancy is implemented and in case of server downtime, we can switch to another server within a limited amount of time.
    4. Access to servers is minimized and protected by multiple layers.
    5. We back up the data at least daily and physically store the copies at physically other locations than your live data.
    6. We use encryption to communicate with the server (HTTPS or SSL or TLS).
    7. We monitor the availability of our systems continuously using watchdogs, which notify our administrators about change in the status by email and SMS.
  2. Our staff are required to adhere to the privacy and privacy policies of our company, to conduct themselves in accordance with business ethics, and to conduct their work in accordance with industry standards. Our staff will not access or manage user data without permission.
  3. Our only subcontractors are data centers where we host our servers. Data center employees cannot access data on our servers.

How can you check what personal data is stored about you, how can the data be modified or removed?

After logging in, users can independently access, modify and export their personal data.

In the case of school staff, you must request deletion of the user data from the school, which can be done by another user with a higher authorization level.

Teachers and business contacts who have shared their data with schools can cancel sharing by deleting the school from their records. This is possible when, according to their agreement with the school, the school no longer need to access their data. If they do not already have a valid agreement with any school, the entire user account can be cancelled.

Student users can delete their own access to a student’s data from a school, or they can request this from the school.

Requests related to these operations can be sent to privacy@schooldrive.net. Requests will be processed within a maximum of 30 days. As a first step, we will identify whether the requesting person is the same person as the person whose data is managed by the system.

If you are not satisfied with how your request is handled, you have the right to file a complaint at the following address:
   Nemzeti Adatvédelmi és Információszabadság Hatóság
   http://naih.hu/uegyfelszolgalat,--kapcsolat.html

Updates to this privacy statement

Should there be changes in our privacy practices you will find a new version of this statement at https://www.schooldrive.net/shared/terms/en/privacy.html and we will highlight the changes. We will also ask for your approval for the changes if that is required by the law.


Last update: Jan 15, 2024