By adhering to these privacy and security principles, Hero ensures GDPR compliance, safeguarding personal information and maintaining the trust of the individuals it serves.
Principle 1
Lawfulness, Fairness & Transparency
Hero only collects personal information necessary for the school's educational purposes, in compliance with the local government requirements. The collection process is transparent, with the lawful basis communicated to the data subjects (students and caregivers).
Principle 2
Purpose Limitation
Hero's data collection is limited to the purposes defined by the schools in conjunction with the local government. Hero ensures that personal data is not used beyond these specified purposes.
Principle 3
Data Minimisation
Hero ensures that the personal information collected by schools is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Principle 4
Accuracy
Schools are responsible for ensuring that the personal information stored in Hero is accurate and up to date. Any inaccuracies can be corrected upon request by the data subjects.
Principle 5
Storage Limitation
Hero stores personal data for a duration of seven years as required by local governments, ensuring that personal data is not kept longer than necessary.
Principle 6
Integrity and Confidentiality
Hero employs robust security measures such as data replication, daily snapshots, and secure Blob Storage to protect personal data against loss, misuse, or unauthorised access.
Principle 7
Accountability
Linc-Technologies, as the custodian of data in Hero, ensures that the schools can demonstrate compliance with the aforementioned principles and hold responsibility for the data processed.
