Doc We Move

On May 25, 2018, the General Data Protection Regulations came into force. Since then, this European privacy regulation imposes new rules on any entity offering goods and services to people in the European Union, or collecting and analyzing their data.

The goal of the GDPR is to protect the personal data of all citizens of the EU, to harmonize all the laws relating to the protection of personal data in Europe, and to empower those involved in the processing of this data.

The question of the retention period of personal data is crucial for the GDPR :

After 36 months (3 years), the organization that holds personal information in its databases must delete it if the persons concerned have been inactive for that period.

Every 13 months, the organization that uses personal data must request the consent of visitors again for the processing of cookies, which retain your information and your browsing preferences.

1 month: this is the maximum period available to the entity that holds the personal data to erase them after any request made by the user.

The education sector is particularly affected by this regulation. It collects a considerable amount of personal data on each pupil in school for many years and retains it for several more years after the students have completed their schooling. The data collected is necessary for the operation of the establishments.

Various changes in data processing have affected the education sector with more supervised procedures concerning :

• the privacy of students : they have the right to access, correct and delete their personal data.
• the policies applied : a transparent policy must clearly notify the collection of data, its processing and how data subjects can exercise their rights.
• notifications : the school must protect the personal data collected as much as possible and report any breach to the competent authority.
• training of staff responsible for data : institutions have an obligation to train their internal and external staff in data processing.

For full transparency, idruide performs a Data Protection Impact Assessment (PIA: Privacy Impact Assessment) at customers’ request.

idruide collects only the data necessary for the proper functioning of its services : name, first name, establishment and class.

Our services are hosted in the European Union, in Belgium. Therefore, our provider responds to the GDPR.

idruide works in collaboration with the Data Protection Officers (DPD or DPO) as well as the CNIL and the CCIN, competent data processing authorities which regulate the GDPR in France and Monaco. These collaborations make it possible to legally describe the rights and duties of each party to define the responsibility of each.

To avoid any loopholes in our GDPR, we regularly carry out audits with external entities and notify our clients of all changes made in our GDPR.

Who can access your GDPR data?
Only the administrators of your school can access your data. idruide can access it if and only if you request it in writing.
Encryption using HTTPS (which guarantees high security) is used to protect data in transit and at rest for all users. All access is protected with access levels and rights.

Where can I find help if I have GDPR related questions ? 
You can find answers about the GDPR on the website of the Ministry of National Education. However, idruide provides you with a document presenting its GDPR with a direct contact email address: [email protected] or [email protected]. 
You can ask any questions there.

How to delete or modify user data ?
To modify or delete user data, the administrator must make a request to our teams in writing.

How is GDPR data used ?
The data collected by idruide are necessary and are used for different purposes : the administration of account information and creation of user profiles ; enrollment of mobile devices ; to control student devices from a teacher console ; to provide an after-sales service platform.