Gradr.ai
HomePrecisionPrivacyPricingAbout usContact us

How We Comply with GDPR

Information for Our Customers about GDPR

The EU General Data Protection Regulation (GDPR), approved by the European Parliament in 2016, is the most significant change in data protection regulation in 20 years. It replaces the Data Protection Directive 95/46/EC and local laws and regulations across the EU/EEA. The new regulation is designed to strengthen individual privacy rights and harmonize data protection laws across Europe.


At Gradr.ai, we work to do our part to ensure that our services and all our customers comply with GDPR. There is great untapped potential in using technology and cloud services to improve teaching practices and learning outcomes. A key to unlocking this potential is winning the trust of teachers, students, and parents. In this context, the increased focus on data protection and privacy due to GDPR is beneficial for all parties.


Gradr.ai's Commitment to GDPR

We fully comply with the requirements for all our services to follow GDPR.


It is important to note that for the cloud services we offer to our customers and their end users, Gradr.ai is defined as a data processor in accordance with both existing and new EU regulations. As a data processor, we do not make decisions about the purpose or legality of data processing; we only process data on behalf of our customers. The GDPR regulation imposes stricter requirements on all data processors.


Our commitment to GDPR requires us to work on:


Ensuring organizational and technical security for all services. Helping you with the documentation needed to demonstrate compliance and inform your users. Providing you with new contract amendments that meet GDPR's requirements for data processing agreements (DPA). Providing necessary support when your users exercise their rights as data subjects. You can find more information on the GDPR Data Request page on our customer support site. Gradr.ai has a Data Protection Officer (DPO) as defined under GDPR. In addition to monitoring our own compliance and providing advice and training to our own staff, our DPO is available to our customers and their data protection officers to discuss privacy-related issues.


GDPR Requirements for Customers

Generally, GDPR requires that you:

  • Document and assess all processing of personal data and the systems used. The purpose and legality of the processing should be defined, and you should ensure that you do not process personal data that is not necessary for the defined purpose.

  • Ensure organizational and technical security for the processing, and be able to demonstrate this. Consider your internal processes for data retention and security, and document it. Ensure that your own technology can provide adequate technical security, and document it.

  • When using third-party services, such as ours, to process personal data, you must ensure that the requirements for data processing comply with GDPR.

  • When acquiring new technology that is likely to pose a high risk to personal data, you must perform a risk analysis - a Data Protection Impact Assessment (DPIA). As an existing customer, our services are not new technology for you. However, doing a DPIA can still be a good idea and will help you document compliance.

  • Users (data subjects) have stronger rights under GDPR. Our customers must have a process in place to handle requests from data subjects, and to assess the validity of the requests.

  • A particularly important right for data subjects is transparency and information. Ensure that the information to your users about everything required under GDPR is easily accessible, including how they can exercise their rights. If your users are young, you should also ensure that this information is available to parents.

  • Review Gradr.ai's Data Processor Agreement, which aims to regulate rights and obligations under European privacy legislation, including GDPR rules, that apply to the Data Controller in connection with the Standard Service Subscription Agreement.