Students
Data Element | How is data collected and who is the source?
| How this information is used
| The purpose for Classroom Hero collecting this information
| Is Data shared or accessed by a service provider? (or processor)
| Where is this Data element stored or accessed by each third party/service provider that it is shared with or made available to? | Retention schedule
| Any other non-service provider third parties with access
| Technical and Security Measures
| Is Data transferred Outside of the EEA/UK and What are the transfer Mechanisms (or Safeguards)?
| What is the Article 6 lawful basis for processing this personal Data under GDPR
|
Account ID (User) | Provided by user at signup or via SSO; system-generated identifiers. | Authentication, authorization, account management. | Provide and secure access to Classroom Hero services. | Email/SSO providers as configured by the school; infrastructure hosting; support tools as needed. | Application databases; authentication/session storage as configured. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None, unless school-configured SSO provider. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Student (name, parent email, progress, coins, student_hash, parent_code, optional photo) | Provided by teacher/parent; derived during classroom use. | Roster, engagement tracking, rewards, parent linkage. | Enable classroom management and student motivation features. | Infrastructure hosting; push notifications provider if enabled. | Application databases; media storage for images. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (with school) and/or Art. 6(1)(e)/(f) depending on school’s legal basis; parental/guardian authorization where required. |
Class (name, description, teacher/assistants, currency settings, logos/icons) | Created by teachers/school staff. | Classroom management, reward configuration, roster association. | Operate class features and reward systems. | Infrastructure hosting; media storage for class images. | Application databases; media storage. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Attendance (date, status, points_awarded, recorded_by, notes) | Recorded by teachers; optionally configured for points. | Attendance tracking, student engagement, reporting. | Support attendance workflows and incentives. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Assignment (student, due_date, status, notes, timestamps) | Created by parents/guardians. | Deliver lists to students; track overall completion. | Parent-managed task workflows linked to student progress. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Completion (task, assignment, completed_by, status, notes, points_awarded, student_notes) | Submitted by student; reviewed by parent. | Review, approve/reject, and award points. | Evidence tracking and reward attribution. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
StudentQuiz (score, completion, points_earned, submitted_answers JSON) | Submitted by students during quizzes. | Assess performance, award points, generate achievements. | Instructional assessment, feedback, and motivation. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
CompletedAchievement (names/values, class context, timestamps) | Generated by class events (rewards, quizzes). | Student recognition and history. | Motivation, reporting, and audit trail. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Avatar accessories/config, owned items, avatar sets, purchase timestamps | Configured by users; granted via points or purchase. | Personalization and motivation. | Gamification and engagement. | Infrastructure hosting; payment processor for purchases. | Application databases; media storage for accessory assets. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Files (class/student reports, task evidence, tool outputs) | Uploaded by teachers/parents/students or generated by system. | Evidence, reporting, instructional materials. | Support classroom workflows and records. | Object storage / media hosting provider. | Media storage (e.g., class_reports/, student_reports/, action_outputs/, member uploads). | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. Media access is controlled and not public by default. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Did this answer your question?
😞
😐
🤩