How we accommodate the General Data Protection Regulation (GDPR)

  • ‘The Right to be Informed’
  • ‘The Right to Restrict Processing’
  • ‘The Right to Portability’
  • ‘The Right to Object’
  • ‘The Right of Access’
  • ‘The Right of Rectication’
  • ‘The Right of Erasure’
Download Printable PDF

Lawful Basis and Transparency

We collect very minimal information from parents and teachers. The information relating to children comes from the respective parent and/or teacher and does not extend beyond their name and grade level. We do not need their full name at all and in fact many schools now use a nickname or code.

Collecting data for a purpose

Teacher accounts
Data Teacher’s first name, surname, email

Teacher’s manage their student accounts. Collecting teacher’s email enables Studyladder to communicate with them and offer support when needed.
Data School name

Authorises free access as teachers need to be connected to a school. Enables teachers to utilise whole school tools like sharing classes etc.
Data Grade level of class

To set a default grade for resources.
Parent/supervision accounts
Data Adult’s first name, surname, email

To manage a child’s account. Email addresses enables us to communicate and offer support.
Student accounts (created by teachers)
Data First name, Surname (Surname not required. Most teachers add first names only and many use nicknames or code names) Studyladder does not collect student emails.

To personalise each child’s account and to provide them with usernames and passwords. Enables parents to set tasks, receive reports and manage their childrens’ accounts.
Student accounts (created by parents)
Data First name, Surname (Surname not required)

To personalise each child’s account and to provide students with usernames and passwords. Enables teachers to set tasks, receive reports and manage their student’s accounts.
Data Student results

Results are used in a point system for student rewards, to indicate completion of activities and for reports to teachers and parents.
Access to data

Access to data is allowed only as required with strong directives in our internal policy relating to privacy.
Studyladder does not share personal information with any third party.

How we protect the data

Data encryption
Secure hosting practices and resources provided by Amazon Web Services
Controls on access
Staff training and policies

Erasing Data

Data is deleted when requested by a registered user.

Legal justification for processing of data

Consent for Teacher and parent/supervision accounts

When teachers and parents/guardians register they give consent to the processing of their own personal data by agreeing to terms upon registration.

Consent for Students under 16 years of age

School accounts for students are created by teachers. Parents are prompted to sign up for parent/supervision accounts in order to oversee their child's activities when using outside school hours.

Student home accounts are created by parents/guardians.

Information about data processing clearly provided

Information about data collection and processing is outlined in Studyladder’s Privacy Policy and GDPR policy in a ‘concise, transparent, intelligible and easily accessible form, using clear and plain language’.

Data Security

Data protection by design and default

Data protection, privacy and security are our highest priorities and are taken into account at all stages of development of our site and programs.

Studyladder has an internal security, privacy and data protection policy in place for all staff.

Encrypt, pseudonymise, or anonymise personal data wherever possible

Data is encrypted wherever feasible. Including protection of data while in transit over public networks in web applications and database systems.

Create an internal security policy for team members and build awareness about data protection

Operational security includes:

  • Internal measures and policies that ensures that staff are knowledgeable about data security
  • Confidentiality agreements
  • Data is only accessible to staff that require access – technical employees
  • Staff are uniquely identifiable
  • Password protected devices
  • Two factor authentication to access data

Data protection impact assessments

Studyladder has successfully taken part in the National Education Risk Assessment. The assessment measured technical and business processes regarding data security and privacy.

Processes to notify authorities and data subjects in the event of a data breach

Policies to ensure that users affected are informed in case of a data breach.

Accountability and Governance

Data protection, privacy and confidentiality are important to Studyladder. Because of this importance our Director has direct involvement in data security and privacy (Studyladder has a dedicated Data Security officer that oversees all of Studyladder's security and compliance. For more information email

Studyladder is hosted on Amazon Web Services. Amazon Web Services are one of the largest hosting companies in the world and are certified compliant with a wide range of security and data protection standards. More details here: Studyladder backups and all student result data is encrypted before storage. We use the AES-256 encryption scheme, which is an industry standard, certified, encryption scheme.

GDPR compliance Officer

Data processing agreements between Study Ladder and third parties that process data

N/A – Studyladder does not share personal data with any third party.

Data Protection Officer

Studyladder’s Data Protection Officer can be contacted via the contact us link on our homepage or (attention to ‘Data Protection Officer’).

Privacy Rights

We do not sell or pass on information to any third party.

All of the information Studyladder holds on any user is available for them to see via their account at Studyladder. Parents can create free parent accounts to view all of their child's data.

Most data can be changed by the teacher or parent. For anything that cannot be altered by the user, an email can be sent to and we will investigate and change as required.

Studyladder has a deletion process in place. This will result in a complete deletion of all data.

Users have the right to request and receive the information stored about them

Users can update or correct information stored about them

Users can request their data be deleted

Users can request Studyladder to stop processing data about them

Users can receive a copy of personal data stored about them

Users can object to the processing of data

Users rights are protected by Studyladder

Download Printable PDF