The General Data Protection Regulation (GDPR) plays an important role in overseeing the handling of personal information belonging to European Union (EU) citizens. At ScarletApp, we are committed to the core principles of GDPR, which aim to empower individuals by giving them authority over their personal data. Our products are designed to fully comply with the rigorous privacy standards set by the EU.

Exploring the Comprehensive Framework of GDPR

The GDPR consists of 11 chapters containing nearly 100 articles outlining the principles and regulations governing the processing of personal data. Here are notable highlights from this regulatory framework:

Article 5: Guidelines for Personal Data Processing Principles

ScarletApp takes on the responsibility of a reliable guardian of personal data, utilizing customer information exclusively for the delivery of educational services. We explicitly confirm that these data are not sold or used for marketing purposes.

Article 17: Right to Forget

In compliance with GDPR, schools have the authority to remove ScarletApp users at any given time. Additionally, individual users maintain the autonomy to delete their data from ScarletApp, and we promptly erase data from schools that no longer utilize our services.

Article 32: Processing Security

ScarletApp places a high emphasis on securely storing confidential personal information. Our team members strictly adhere to contractual confidentiality agreements, and our comprehensive data security measures include internal policies, data management procedures, restrictions on personal data access, encryption protocols for both inactive data and data transmission, system monitoring, contingency plans, and stringent controls to prevent unauthorized individuals from accessing personal information during data transmission.

Additional GDPR Compliance Highlights

Article 33: Notification of a Breach of Personal Data to the Supervisory Authority

In accordance with GDPR regulations, ScarletApp promptly informs the supervisory authority within the prescribed 72-hour timeframe upon discovering any personal data breach. In the event of such a breach, ScarletApp promptly notifies customers, conducts comprehensive investigations, and swiftly restores the integrity of the affected data systems. We actively cooperate and provide necessary reports to those affected by the breach.

Article 35: Impact Assessment

ScarletApp consistently conducts comprehensive safety assessments of our systems. These evaluations occur at regular intervals, including annual, more frequent, and continuous assessments, ensuring the continual strength and effectiveness of our security protocols.

Article 37: Appointment of a Data Protection Officer

ScarletApp takes pride in having a dedicated Data Protection Officer with the authority to execute security controls and contribute to product development, underscoring our commitment to ensuring the protection of your data.

Article 44: General Principle of Transmission

To ensure the integrity and residence of data within the EU, the Regulation grants the European Commission the authority to assess the adequacy of third countries or territories receiving transmitted data. Recognizing this, ScarletApp designates customers in the EU or UK to an EU data center located in Frankfurt, Germany. This center effectively oversees all essential ScarletApp applications and data servers, ensuring that servers outside this specified area are not utilized for data storage or service provision to EU or UK customers.

At Scarletios, we wholeheartedly embrace and adhere to the robust framework outlined by GDPR, placing a strong emphasis on the privacy and security of your data. Our commitment remains steadfast, and we are dedicated to offering a transparent and reliable environment for our users in full compliance with these regulations.