This statement describes the way the SchoolDrive system developed and operated by Solware Ltd. (address: Gödöllő 2100, Kard u. 10., registration no.: 13 09 125775, tax number: 12384114-2-13) ("Service Provider") handles personal data.
Our information security management system for SchoolDrive complies with the ISO/IEC 27001:2014 standard and the quality management system with the ISO 9001:2015 standard.
It is the primary objective of SchoolDrive to store and manage your personal data safely and with care. The purpose of this statement is to disclose what personal data the system is collecting, how it is used, how you can request to use less data about you and the processes implemented to secure the privacy of personal data.
We only manage the personal data that is required in order to use the system as Data controller:
|Data category||Data items||What do we use it for|
|Personal data||Email, password, user type, nick name, user interface language, last login, change log
For student users: name, phone, address
|Access, customize user interface|
Identification of student users
In addition, users may store additional personal information in the system in order to use it for its intended purpose ("User Data"), which we manage as Data processor. For example:
|School staff||Name, mobile, email|
|Business contact||Name, mobile, email|
SchoolDrive does not use this data, it only provides storage for them. The goal and the legal basis for the data processing is always determined by the school and the contracts concluded with the school, so the school is the data controller. Users can choose to share data with other users. In the case of teachers and business contacts, data is shared with schools voluntarily by entering into an agreement with the school and including the school in their relationships.
In case of school staff and business contacts the data is limited to contact details. For teachers, this range is broader - in which case schools can store and manage additional related data (eg. courses or finance) once the teacher has started teaching with them. During registration, students can request that the system automatically notifies schools that have students with the same email address as the user to give access to their data. In the case of students, this is personal data that can be used to identify which student or students the registered user belongs to.
Data stored and shared by users is stored by the system but not used for any purpose. It is important for users to be aware of what schools and other users do with their personal information after sharing these with them. This is governed by the agreement between the parties. Teachers and business contacts can only share their data with schools through the system after they have reached an agreement (this is when they know the school's connection password). Sharing lasts as long as the school's regulations make it necessary (this duration is set by the school). The content of a specific agreement is beyond the scope of the system - except for the duration of the agreement, because user data is stored as long as the agreement is not terminated.
Agreements with schools usually include a privacy statement. The following web sites contain sample privacy statements (for teachers, business contacts, school staff and students) that describe the personal information that may be stored by the system and how it may be handled. It is worth considering the criteria given in the samples when accepting agreements with schools.
Personal information is collected on the basis of consent, and the use of the system is subject to the acceptance of this privacy statement.
The SchoolDrive system does not share user data with anybody.
Users may choose to share their personal data with each other through the system, subject to agreements between them.
Personal data is stored at least for the duration of the user's agreement with the schools. Thereafter, the system will automatically erase the data if 1 year has elapsed without the user logging in to the system. The system informs the user prior to deletion to provide opportunity for preventing deletion by logging in.
After logging in, users can independently access, modify and export their personal data.
In the case of school staff, you must request deletion of the user data from the school, which can be done by another user with a higher authorization level.
Teachers and business contacts who have shared their data with schools can cancel sharing by deleting the school from their records. This is possible when, according to their agreement with the school, the school no longer need to access their data. If they do not already have a valid agreement with any school, the entire user account can be cancelled.
Student users can delete their own access to a student’s data from a school, or they can request this from the school.
Requests related to these operations can be sent to firstname.lastname@example.org. Requests will be processed within a maximum of 30 days. As a first step, we will identify whether the requesting person is the same person as the person whose data is managed by the system.
If you are not satisfied with how your request is handled, you have the right to file a complaint at the following address:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Should there be changes in our privacy practices you will find a new version of this statement at https://www.schooldrive.net/shared/terms/en/privacy.html and we will highlight the changes. We will also ask for your approval for the changes if that is required by the law.
Last update: Aug 16, 2022