Skip to content

GDPR Compliance

Hero Privacy Principles

Our Commitment to GDPR Compliance

By adhering to these privacy and security principles, Hero ensures GDPR compliance, safeguarding personal information and maintaining the trust of the individuals it serves.

Principle 1

Lawfulness, Fairness & Transparency

Hero Logo

Hero only collects personal information necessary for the school's educational purposes, in compliance with the local government requirements. The collection process is transparent, with the lawful basis communicated to the data subjects (students and caregivers).

Principle 2

Purpose Limitation

Hero Logo

Hero's data collection is limited to the purposes defined by the schools in conjunction with the local government. Hero ensures that personal data is not used beyond these specified purposes.

Principle 3

Data Minimisation

Hero Logo

Hero ensures that the personal information collected by schools is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Principle 4


Hero Logo

Schools are responsible for ensuring that the personal information stored in Hero is accurate and up to date. Any inaccuracies can be corrected upon request by the data subjects.

Principle 5

Storage Limitation

Hero Logo

Hero stores personal data for a duration of seven years as required by local governments, ensuring that personal data is not kept longer than necessary.

Principle 6

Integrity and Confidentiality

Hero Logo

Hero employs robust security measures such as data replication, daily snapshots, and secure Blob Storage to protect personal data against loss, misuse, or unauthorised access.

Principle 7


Hero Logo

Linc-Technologies, as the custodian of data in Hero, ensures that the schools can demonstrate compliance with the aforementioned principles and hold responsibility for the data processed.