GDPR and CCPA Compliance Statement for Graded.pro
Introduction
Graded.pro is dedicated to full compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This statement outlines our adherence to these regulations, ensuring we maintain the privacy and security of the personal information of our users.
GDPR Compliance
- Lawful Basis for Processing: Graded.pro processes personal data under the lawful bases of consent and legitimate interest. This data includes names, email addresses, and temporary storage of student work to provide grading services.
- Data Subject Rights: Users within the European Union have the right to access their personal data, request corrections, demand the deletion of their data, and restrict processing. Users also have the right to data portability and can object to the processing of their personal data.
- Data Protection Measures: We employ robust security measures, including SSL encryption, to protect data during transmission. Personal data is securely stored in our databases and is accessed only for processing purposes. The CASA tier 2 validation by TAC Security further ensures the integrity and security of our data handling processes.
- Data Transfer: Personal data processed by Graded.pro may be transferred to regions outside the European Economic Area, specifically to our servers hosted by Digital Ocean and through the OpenAI API. All data transfers adhere to GDPR compliance standards ensuring adequate levels of data protection.
CCPA Compliance
- Consumer Rights: California residents have specific rights regarding their personal information. These include the rights to request disclosure of the data collected, access their personal information, request the deletion of their personal information, and opt-out of the sale of their personal information. Graded.pro does not sell personal information.
- Data Processing Disclosure: We disclose the categories of personal information we collect and the purposes for which they are used. This information is securely processed and stored, with detailed measures in place to protect it from unauthorized access or disclosure.
- Service Provider Transfers: Any transfer of personal data to third-party service providers, such as Digital Ocean and OpenAI, is conducted with strict adherence to privacy laws. OpenAI does not store or use student work for training purposes.
Contact Information
Users with concerns about their data under GDPR or CCPA can contact us through the provided methods on our website. We are committed to resolving any issues and ensuring the privacy and security of our users' information.
Amendments to This Statement
Graded.pro reserves the right to make changes to this Compliance Statement. Users will be notified of any significant changes, and we encourage regular review of this statement to stay informed about our privacy practices.
For further information regarding our privacy practices and compliance with GDPR and CCPA, you can access our detailed Privacy Policy on our website or contact our Privacy Officer directly. This statement is effective as of 15 April 2024, and will be updated as necessary to reflect changes in our practices or relevant regulations.