What is the GDPR?
The GDPR is the EU General Data Protection Regulation which will be effective from May 25, 2018. It is a law that regulates how companies protect an individual's personal data. You can find out more about the GDPR here.
Is Book Creator compliant with GDPR?
Absolutely. We take security and privacy extremely seriously, building it into Book Creator from the outset. We are fully compliant with the GDPR.
Is Book Creator a Data Processor or a Data Controller?
We are the Data Processor for all content added to books such as text, images, audio, video.
We will be the Data Controller for account information such as the name and profile picture obtained through the Google, Office 365 or other login methods. (This is on the basis that we are the ones who have decided to use these logins as the mechanism to log users in, and it’s information that we use for our own purposes in making sure users can log into the app and use the app.) Additionally if you purchase a Book Creator subscription we will be the controller of payment details such as your VAT number and billing address. This is the only information in relation to which we are the Data Controller.
Does Book Creator have a contract or data processing agreement for schools?
Yes we do. We provide a Data Processing Addendum to our Terms of Service that sets out how Book Creator processes data and meets the requirements of the GDPR.
Where is my data stored?
We store all data in Google Cloud, which is hosted in the US. We have signed EU model contract clauses with Google. This means that Google protects your information in the US as it would be protected in the EU. The model contract clauses are available here.
Additionally, Google Cloud offers world class data security which you can read about at https://cloud.google.com/security.
Finally, to show our workings, and demonstrate that we manage such transfers carefully, we have undertaken and made available a Data Transfer Impact Assessment (TIA) for Book Creator according to the EDPB and ICO recommendations.
Please start by reading our Data Processing Addendum which sets out how we meet the GDPR's requirements.
Should you have any further questions relating to our GDPR compliance, please contact us at [email protected] or alternatively in writing at Tools for Schools, 31 – 34 High Street, Bristol, BS1 2AW, United Kingdom, or by phone on +1 (877) 366-5116.