Back to Home

GDPR Compliance

LanguageGems.com

General Data Protection Regulation Compliance

LanguageGems provides educational services to schools and institutions across the UK and EU. This page outlines our GDPR compliance specifically for our B2B educational platform.

Last updated: 8/21/2025

Educational Data Processing

Schools remain the Data Controllers for student data. LanguageGems acts as a Data Processor, processing student data only on behalf of and as instructed by schools.

Our Role Under GDPR

Data Processor

For student data, LanguageGems acts as a Data Processor on behalf of schools (Data Controllers). We process student data only according to documented instructions from schools.

Data Controller

For teacher accounts and direct users, LanguageGems acts as a Data Controller, determining the purposes and means of processing personal data.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract (Article 6(1)(b)): Processing necessary for the performance of our educational services
  • Legitimate Interest (Article 6(1)(f)): For platform improvement, security, and analytics
  • Consent (Article 6(1)(a)): For marketing communications and optional features
  • Legal Obligation (Article 6(1)(c)): When required by law
  • Public Task (Article 6(1)(e)): For educational institutions performing public tasks

Data Subject Rights in Educational Settings

GDPR rights apply differently in educational contexts:

For Teachers & School Staff

Full GDPR rights apply directly. Contact us at privacy@languagegems.com for any requests.

For Students & Parents

Rights requests should typically be made through your school, as they are the Data Controller for student educational data.

Right of Access

Schools can export all student data; parents can request through school

Right to Rectification

Teachers can correct student data; parents can request corrections through school

Right to Erasure

Schools can delete student accounts; parents can request deletion through school

Right to Restrict Processing

Schools can disable features; parents can request restrictions through school

Right to Data Portability

Schools can export student data in standard formats

Right to Object

Schools can opt out of non-essential processing features

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the details below:

Email: privacy@languagegems.com

Subject Line: "GDPR Rights Request"

We will respond to your request within 30 days as required by GDPR.

Data Processing Agreements (DPAs)

For educational institutions, we provide comprehensive Data Processing Agreements that include:

  • Clear definition of processing purposes and categories of data
  • Detailed security measures and technical safeguards
  • Procedures for handling data subject requests
  • Data breach notification protocols
  • International transfer safeguards
  • Sub-processor management and oversight

International Data Transfers

When we transfer personal data outside the UK/EU, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Binding Corporate Rules: For transfers within our corporate group
  • Additional Safeguards: Technical and organizational measures

Data Breach Procedures

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected data subjects without undue delay if high risk
  • Document all breaches and remedial actions taken
  • Conduct thorough investigations and implement preventive measures
  • Cooperate fully with supervisory authority investigations

Privacy by Design & Default

We implement privacy by design and default through:

  • Data minimization - collecting only necessary data
  • Purpose limitation - using data only for specified purposes
  • Storage limitation - retaining data only as long as necessary
  • Privacy-friendly default settings
  • Regular privacy impact assessments
  • Built-in privacy controls and user consent mechanisms

Children's Data Protection

For children under 16 (or the applicable age in your jurisdiction), we:

  • Obtain appropriate consent from parents/guardians or schools
  • Apply enhanced privacy protections
  • Limit data collection to educational necessities
  • Provide clear information about data processing
  • Enable easy withdrawal of consent

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In the UK, this is:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Email: casework@ico.org.uk

Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer:

Email: dpo@languagegems.com

General Contact: privacy@languagegems.com

Company: LanguageGems Ltd