The specific information to be provided to the data subject shall include at least the following: the personal data processed relate to the following types and categories of data, including special categories of data: the purposes of the processing for which the personal data are intended and the legal basis for the processing; Personal data must be stored in a form in which the data subject can only be identified for the time necessary for processing. Transparent – Articles 12, 13 and 14 of the GDPR contain rules on the disclosure of data protection information to data subjects. These are detailed and specific and attach great importance to making data protection information understandable and accessible. The information must be communicated to the data subject in an intelligible form in clear and simple language. Compliance with data protection laws is the responsibility of all wonde Ltd employees who process personal data. 6.3 By entering into this Data Processing Agreement, the Customer acknowledges that the Processor relies on the Customer to see to what extent the Customer is authorized to use and process the Personal Data under this Data Processing Agreement and the Software Agreement. Customer shall therefore indemnify the Processor against any action, proceeding, liability, effort, liability, claim, loss, expense (including reasonable attorneys` fees and payments on the basis of an attorney and the Customer) and claims of the Processor arising directly from or in connection with the data processing activities subject to this Agreement and all Software Agreements. Child – The GDPR defines a child as anyone under the age of 16 [A1], although this can be reduced to 13 by member state law. The processing of a child`s personal data is only lawful if the consent of the parent or guardian has been obtained. The controller shall make reasonable efforts to verify, in such cases, whether the holder of parental responsibility for the child has given or authorised his or her consent.

These controls have been selected on the basis of the risks identified for the personal data and the potential for harm or distress to the persons whose data are processed. Assessment of adequacy by the controller When assessing adequacy, the uk-based implementing controller should take into account the following factors: the nature of the information provided; the country or territory of origin and the final destination of the information; how the information is used and for how long; the laws and practices of the transferee`s country, including relevant codes of conduct and international obligations; and the security measures to be taken with regard to the data on the site abroad. If any type of processing, in particular by using new technologies and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, Wonde Ltd will carry out an FDFA prior to processing of the impact of the planned processing operations on the protection of personal data. A single DFA can handle a number of similar processing operations that present similar risks. The parties have agreed to enter into this Agreement in order to ensure compliance with the aforementioned provisions of applicable data protection legislation (“Data Protection Legislation”) with respect to the processing of personal data in connection with any processing of personal data by the Processor for the Customer in performance of its obligations under the Software Agreement. To comply with the GDPR, all schools must have a clear understanding of their supplier processes and take control of their school data. Wonde provides the tools to ensure that schools have complete control and clarity over the data to the data that third parties access. .