GDPR Compliance & EU Data

Data Processing Agreement (DPA)

Acadesx complies with the General Data Protection Regulation (GDPR) regarding the collection, use, and retention of personal information from European Union member countries.

As a SaaS provider, we primarily act as a Data Processor on behalf of our educational institution clients (who act as the Data Controllers). We process personal data only according to the documented instructions of the Data Controller.

Individual Rights

Under GDPR, individuals have certain rights regarding their personal data. We provide tools within the Acadesx platform to assist Data Controllers in honoring these rights, including:

• Right of Access: Exporting an individual's complete data record.
• Right to Rectification: Updating inaccurate or incomplete data directly within the SIS module.
• Right to Erasure ("Right to be Forgotten"): Permanently deleting a student or staff record from the active database and backups.
• Right to Data Portability: Exporting data in structured, machine-readable formats (e.g., CSV, JSON).

Sub-processors

To provide our services, we use third-party sub-processors (e.g., cloud hosting providers). All sub-processors are carefully vetted for GDPR compliance and are bound by strict Data Processing Agreements.