1. Scope

E-Learn Design Ltd. (ELD) is a Data Processor registered with the ICO (ref: Z2107917). For the purposes of any contractual agreement, clients are Data Controllers, retaining control of their Moodle data and remaining responsible for their compliance obligations under the Data Protection Legislation, including but not limited to providing any required notices and obtaining any required consents and for the written processing instructions they give to E-Learn Design.

Nature

ELD shall only be considered a processor for the storage of any personal data that has been uploaded to the service.

Any different types of processing of personal data other than storage shall only be in accordance with a request from the Data Controller and be under a separate agreement. It is the Data Controllers’ responsibility to ensure that alternative data processing instructions do not violate any applicable laws defined within the GDPR.

ELD are not under any obligation to identify and report this to the Data Controller themselves, but reserves the right to refuse the Data Controllers’ request if it believes this to be the case.

Purpose

ELD agrees to reasonably assist the Data Controller in respect of any requests and claims in accordance with the GDPR.

Duration

At the point of service termination, all data, personal or otherwise, shall be deleted from the Operating Systems on ELD’s hosting platforms within an appropriate time and in accordance with applicable laws. Data may still be held in off-site backups up to 30 days after this.

2. Types of personal data

The type of personal data to be processed is entirely under the control of the Data Controller and is limited to their defined requirements for the service.

3. Categories of data subject

The categories of data subjects are entirely under the control of the Data Controller and are limited to their defined requirements for the service.

4. Organisational and technical data protection measures

ELD will use its best endeavours to ensure the physical security and capacity of the systems in line with industry standards (such as ISO27001) required for the services to operate; however, it remains the Data Controllers’ sole responsibility to ensure digital protection of any Personal Data that is held on the services.

ELD reserves the right to alter any agreed security measures, provided that any such amendment ensures that the agreed level of protection shall not be materially diminished.

ELD shall ensure that employees and affiliates who may be involved in the provision and operation of the service provided shall act in accordance with this Agreement.

ELD shall inform the Data Controller promptly if it becomes aware of any breaches which affect personal data under the control of the Data Controller.