Teachers
Data Element | How is data collected and who is the source?
| How this information is used
| The purpose for Classroom Hero collecting this information
| Is Data shared or accessed by a service provider? (or processor)
| Where is this Data element stored or accessed by each third party/service provider that it is shared with or made available to? | Retention schedule
| Any other non-service provider third parties with access
| Technical and Security Measures
| Is Data transferred Outside of the EEA/UK and What are the transfer Mechanisms (or Safeguards)?
| What is the Article 6 lawful basis for processing this personal Data under GDPR
|
Account ID (User) | Provided by user at signup or via SSO; system-generated identifiers. | Authentication, authorization, account management. | Provide and secure access to Classroom Hero services. | Email/SSO providers as configured by the school; infrastructure hosting; support tools as needed. | Application databases; authentication/session storage as configured. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None, unless school-configured SSO provider. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Profile (role, points/levels/progress, images, settings) | Entered by user/teacher; generated during use (points, levels); images uploaded by user. | Personalization, gamified progress, subscription/feature gating, avatar settings. | Deliver core classroom engagement features; manage tiers/settings. | Infrastructure hosting; email service (e.g., transactional messaging) if configured. | Application databases; media storage for photos/avatars. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Class (name, description, teacher/assistants, currency settings, logos/icons) | Created by teachers/school staff. | Classroom management, reward configuration, roster association. | Operate class features and reward systems. | Infrastructure hosting; media storage for class images. | Application databases; media storage. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Attendance (date, status, points_awarded, recorded_by, notes) | Recorded by teachers; optionally configured for points. | Attendance tracking, student engagement, reporting. | Support attendance workflows and incentives. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
Quiz content (title, questions, choices, class configuration) | Created by teachers; may be AI-assisted. | In-class assessment and engagement. | Instructional activities and progress monitoring. | Infrastructure hosting; optional AI tooling if used. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
StudentQuiz (score, completion, points_earned, submitted_answers JSON) | Submitted by students during quizzes. | Assess performance, award points, generate achievements. | Instructional assessment, feedback, and motivation. | Infrastructure hosting. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
AI interactions (tool name, input_text, output_text, meta, generated quiz linkage) | Entered by teachers; outputs generated by AI tool. | Generate instructional materials (e.g., Jeopardy boards, quizzes). | Support content creation to aid instruction. | Infrastructure hosting; AI provider as configured. | Application databases; action output files in media storage. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract; Art. 6(1)(f) Legitimate interests (tooling to deliver service). |
Notifications (content, type, meta JSON, read status) and preferences | Generated by system; preferences set by user. | Communicate relevant updates; web/email/push. | Service notifications and user preferences. | Infrastructure hosting; push/email providers if enabled. | Application databases. | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract; Art. 6(1)(a) Consent for optional channels where required. |
Files (class/student reports, task evidence, tool outputs) | Uploaded by teachers/parents/students or generated by system. | Evidence, reporting, instructional materials. | Support classroom workflows and records. | Object storage / media hosting provider. | Media storage (e.g., class_reports/, student_reports/, action_outputs/, member uploads). | Retained for the life of the account/contract or as required by law; deletion upon request or account closure, subject to legal/financial retention. | None. | Access control, encryption in transit (TLS), role-based permissions, audit logs; least-privilege access for support. Media access is controlled and not public by default. | May be processed/stored outside EEA/UK depending on hosting and third parties. Standard Contractual Clauses (SCCs) or equivalent safeguards where applicable. | Art. 6(1)(b) Contract (provide core service); Art. 6(1)(f) Legitimate interests (service improvement, security). |
ย
Did this answer your question?
๐
๐
๐คฉ