Toddle & GDPR

1. Data Processing Agreement

Toddle offers a Data Processing Agreement to all its users located in the EU/EEA and Switzerland. This Data Processing Agreement is signed at the time of the school’s onboarding with Toddle. You can request a copy of the DPA by writing to privacy@toddleapp.com.

2. How does Toddle comply with GDPR

• Lawfulness, Fairly and Transparency: All data processing that we do is lawful and is clearly called out in our privacy related policies
• Purpose Limitation: We only use your data for the purposes clearly specified in the contract.
• Data Minimisation: We collect minimal data – only data that we need to provide you with services agreed upon in the contract.
• Integrity and confidentiality: We follow industry best practices to ensure that all your data is stored safely and securely. All your data is encrypted at rest and in transit.
• Ownership of data: All the data that you add to Toddle belongs to you and you have full rights over it.
• Parental Consent: For children below the age of 16, school’s should collect explicit parental consent for the usage of Toddle. You can download the parental consent form from Toddle.
• Contact: Toddle’s Data Protection Officer is Misbah Jafary. In case of any questions/ queries, please reach out to privacy@toddleapp.com.
• Right of Access: You can reach out at any time to see your personal data and the ways in which it is processed.
• Right to Rectification: We do our best to ensure that all data on Toddle is accurate, however, if you want to edit, modify, delete or in any other way change any of your personal data, please reach out to privacy@toddleapp.com.
• Right to be forgotten: If you do not wish to use Toddle services any more and want all of your data deleted from our records, please reach out to our team and we will delete all of your information from all of our records.
• Right to data portability: All data that you add to Toddle belongs to you and should you want to receive that data, we will provide you with a machine-readable format of the same within 1 month of receiving such a request.
• Our employees: All our employees get periodically trained in relevant data security practices. All our employees undergo a relevant background check, sign a non- disclosure agreement and immediately lose access to all systems and data when terminated.