Seesaw and GDPR

 

WHAT IS THE GDPR?

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) went into effect in all EU Member States. The GDPR strengthens the rights that individuals have regarding personal data relating to them and creates consistent data protection rules across Europe. Seesaw is compliant with GDPR.

 

WHAT IS SEESAW DOING TO COMPLY WITH THE GDPR?

The principles of privacy by design and privacy by default outlined in the GDPR have been core to the Seesaw mission, experience, and product development process from the beginning. We have a number of tools and options in place today to protect the integrity of administrators, teachers, students, and families’ information globally.

  • We also strive to have transparent and understandable policies so you know what is happening with your data. 

    • Our Privacy Policy describes what data we collect and how we use it.

    • Our longstanding Privacy Principles summarize our privacy commitments to you.

    • See here for more information on how we help keep your data safe.

    • If we make any material changes with our data practices, we’ll let you know.

 

WHO ARE SEESAW’S SUBPROCESSORS?

Seesaw uses a handful of third-party subprocessors - other companies that provide software services that help us do business. A list of our subprocessors can be found here.

 

DOES THE GDPR REQUIRE STORAGE OF PERSONAL DATA IN THE EU?

No, the GDPR does not require storage of personal data in the EU. The GDPR does have specific requirements regarding the transfer of data out of the EU, UK, and Switzerland and Seesaw complies with those requirements through a variety of legal means.

Seesaw utilizes Standard Contractual Clauses (“SCCs”) for transfers of personal data out of the EU, UK, and Switzerland, which are a data transfer mechanism favored by the Court of Justice of the European Union. 

Seesaw also offers an optional service for Seesaw for Schools customers to have data stored outside the United States in Australia, Europe, United Kingdom, or Canada. Find more information about Seesaw for Schools here.

WHAT ARE YOUR RESPONSIBILITIES AS A TEACHER OR SCHOOL?

Under GDPR, there are multiple bases that allow for processing of personal data. We recommend that you conduct a GDPR data protection impact assessment to determine the appropriate basis for your school. These are two of the common bases schools use to allow the processing of student data:

  • Parental consent: Because we don't always have a direct relationship with parents, we ask that teachers and schools obtain parental consent either as part of a school wide consent that includes Seesaw, or through this sample consent form

  • Legitimate Interest: Your Data Protection Officer may determine that legitimate interest is the legal basis that permits you to collect and transfer student data to Seesaw to process and provide the service.

In addition, please sign our Data Processing Agreement.

PRIVACY SHIELD

Seesaw has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.