Skip to content

Data Protection Addendum

Table of contents

Introduction

This Data Protection Addendum (“DPA”) forms part of the Agreement between Ilmiya (“Processor”) and the Customer (“Controller”) for the provision of services.

This DPA reflects the parties’ agreement with regard to the Processing of Personal Data in accordance with the requirements of Data Protection Laws, including the General Data Protection Regulation (GDPR).

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on Personal Data, whether or not by automated means
  • Data Controller: The entity that determines the purposes and means of Processing Personal Data
  • Data Processor: The entity that Processes Personal Data on behalf of the Controller
  • Data Subject: An identified or identifiable natural person whose Personal Data is Processed
  • Sub-processor: Any third party engaged by the Processor to Process Personal Data

Data Processing

Scope of Processing

Ilmiya will Process Personal Data only:

  • On documented instructions from the Customer
  • To provide the services described in the Agreement
  • As required by applicable law

Nature and Purpose

The nature and purpose of Processing includes:

  • Providing educational technology services
  • User account management
  • Analytics and reporting
  • Customer support

Security Measures

Ilmiya implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Ensuring ongoing confidentiality, integrity, availability of systems
  • Regular testing and evaluation of security measures
  • Access controls and authentication
  • Security incident detection and response procedures

Sub-processors

Authorization

Customer provides general authorization for Ilmiya to engage Sub-processors for Processing Personal Data.

List of Sub-processors

A current list of Sub-processors is available at /processor.

Sub-processor Obligations

Ilmiya ensures that Sub-processors:

  • Are bound by written contracts with data protection obligations
  • Provide sufficient guarantees for appropriate security measures
  • Process Personal Data only as instructed

Data Subject Rights

Ilmiya assists Customer in responding to requests from Data Subjects to exercise their rights under Data Protection Laws, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of Processing
  • Right to data portability
  • Right to object

Data Breach Notification

Ilmiya will notify Customer without undue delay after becoming aware of a Personal Data breach, providing:

  • Description of the nature of the breach
  • Categories and approximate number of Data Subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

Data Transfers

When Personal Data is transferred outside the European Economic Area, Ilmiya ensures appropriate safeguards are in place, such as:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Other approved transfer mechanisms

Audit Rights

Customer may audit Ilmiya’s compliance with this DPA by:

  • Requesting and reviewing relevant documentation
  • Conducting or commissioning audits (with reasonable notice)
  • Reviewing third-party certifications and audit reports

Term and Termination

This DPA will remain in effect for the duration of the Agreement. Upon termination, Ilmiya will delete or return all Personal Data as directed by Customer.

Contact Us

For questions about this Data Protection Addendum, please contact us at: