Schoox’s General Data Protection Regulation (GDPR) Portal

Last Updated November 2019

Welcome to Schoox’s portal for information regarding how Schoox supports the General Data Protection Regulation (GDPR). We have provided the following information and supporting links for helping you gain an understanding of the GDPR, your rights afforded by the GDPR, as well as how Schoox protects your personal information and supports the requirements of this regulation. As a European Union (EU) data subject we value your rights, and will work diligently to ensure the safety, security, and privacy of your personal data.

What is the GDPR?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation regarding data protection and privacy for all individuals within the European Union and also addresses the export of personal data outside of the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR contains provisions and requirements pertaining to the processing of Personally Identifiable information of data subjects inside the European Union. Personal data may not be processed unless it is done under a lawful basis specified by the regulation, or the data controller or processor has received explicit, opt-in consent from the data's owner—which may be withdrawn at any time. In simpler terms, the GDPR gives individuals far-reaching rights and privileges regarding their data. To be compliant, business processes that handle personal data must be designed with the principle of privacy by design and by default.

What are your rights under the GDPR?

If you are an EU resident and Schoox is processing, and/or transmitting your personal data, then you - as an “EU data subject” – are afforded the following rights and privileges under the General Data Protection Regulation (GDPR):
  • Right of Access: you have the right to obtain from us, as controllers, confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following personal data and information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations’;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (f) the right to lodge a complaint with a supervisory authority (for a list of supervisory authorities, see;
    • where the personal data are not collected from you, any available information as to their source;
    • the existence of automated decision-making, including profiling, along the lines indicated by Article 22(1) and (4) GDPR, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
  • Right to Rectification: you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to Erasure (“Right to be Forgotten): you have the right to obtain from us the erasure of your personal data without undue delay, and we have the obligation to erase personal data without undue delay when: a) your data are no longer necessary for the purposes for which they were collected; b) you had consented to the processing; c) you have objected to the processing, as per below; d) your personal data had been unlawfully collected; e) your personal data need to be erased as a matter of compliance with a legal obligation.
  • Right to Restriction of Processing: you have the right to obtain from us the restriction of processing if you: a) contest the accuracy of the personal data, until this is verified; b) the processing is unlawful but you don’t want erasure; c) we no longer need the personal data, but you require them to establish, exercise fo defend a legal claim; d) you have objected to processing but there is a need to verify whether our legitimate grounds override your rights to object.
  • Right to Data Portability: where your personal data have been provided on the basis of your consent or for the performance of a contract, and their processing occurs in an automated way, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data– or have directly transmitted - to another controller.
  • Right to Object: you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on a legitimate ground point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, we can no longer process your personal data unless we show that there is a compelling legitimate ground for the processing which override your interests, rights and freedoms or for our establishment, exercise or defense of legal claims.

What is Schoox’s Responsibility and Commitment to Data Security and Data Privacy in support of the GDPR?

Article 32 of the GDPR requires that controllers and processors have adequate levels of security in place for ensuring the confidentiality, integrity, availability, for processing of personal information and other related activities. Specifically, Article 32 requires Schoox to Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. In support of this Schoox has implemented and supports the following processes to ensure the protection of your privacy.
Privacy by Design:  Schoox is dedicated to ensuring the security of your personal data and adhering to compliance with applicable data protection laws. As a summary of how Schoox protects and utilizes your personal data, the organization is committed to ensuring that your personal data is:
  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up-to-date;
  • Allowed for you as the individual to request access to your personal data
  • Kept only as long as necessary for the purposes we have told you about; and
  • Kept securely
  • For further information on the types of information collected and for the purposes it is held please review our Privacy Policy
Schoox’s Privacy Protections: Schoox’s commitment to confidentiality, integrity, and availability – known as the CIA triad of information security, consists of the following initiatives:
  • Third Party Selling or Transfer: Schoox does not transfer or sell any personal client academy data to Third parties and does not transfer to third parties who do not have adequate privacy protections 
  • Encryption: Schoox utilizes industry standard encryption protections for both Transit and at Rest for the Schoox Academy Application.
  • Automated Decision Making: Schoox does not input or enact any automated decision (AI or Machine Learning) on Personal or Client Academy Data at this time.
  • Internal Training: Schoox conducts annual security awareness and privacy protection training for all employees.
  • Internal Controls: Schoox has implemented a comprehensive set of internal controls relating to the protection for storing, processing and/or transmission of personal data for EU data subjects, as well as a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational
  • Annual risk assessment initiatives for assessing relevant risks to the organization and taking necessary action for reducing risk exposure.
  • Monitoring of relevant third-party providers, as necessary for which Schoox has a business relationship with in terms of storing, processing, and/or transmitting personal data for EU residents.
Please view the following information and supporting links below to learn more about Schoox’s commitment to your privacy.

Contact Us:

For any questions or requests concerning the GDPR please contact us at: [email protected]