Data Processing Agreement

At Symbio6, we prioritise transparency and privacy. Whenever we process data for our principals, we always establish a processing agreement. This ensures everyone is aligned, responsibilities are clear, and data is handled with the utmost care.

Logo Symbio6

Updated 5 December 2024 2-minute read

What Is a Processing Agreement?

A processing agreement is a formal contract between a principal and a processor (like Symbio6) that defines how data is handled. At the start of an assignment, we outline these agreements in writing to ensure clarity, accountability, and trust.

Our Privacy-First Approach

Compliance with the General Data Protection Regulation (GDPR) requires a processing agreement whenever personal data is handled by third parties. At Symbio6, we go beyond these minimum legal requirements. We create a processing agreement for all data we process - personal or not - because we believe in putting privacy first.

Key Elements of the Agreement

Our processing agreements are designed to provide a clear framework for data handling. They cover:

  • Purpose and methods: Why and how the data will be processed.
  • Timeframes: How long the data will be processed.
  • Responsibilities: Clear roles for both Symbio6 and the principal.
  • Security: How data is safeguarded against unauthorised access.
  • Confidentiality: Ensuring data remains private.
  • Audits: Verifying compliance through regular checks.
  • Breach protocols: Steps to take if an issue arises.
  • Sub-processors: Rules for involving other parties.
  • Data destruction: Safe handling of data after the assignment ends.

With these measures, we ensure every aspect of data processing is handled responsibly.

Keeping Data Minimal

At Symbio6, we believe less is more when it comes to data. We adhere to the principle of data minimisation, which means:

  • Collecting only what's necessary to complete the task.
  • Avoiding the storage of unnecessary or redundant data.

By focusing on just what's needed, we enhance privacy and reduce risks.

Our Incident Response Plan

Although we take every precaution to prevent issues, we are prepared to act swiftly if an incident occurs. Our response plan includes:

  • Immediate containment of the issue.
  • A full assessment of the scope and impact.
  • Timely communication with the principal and authorities (when required).
  • Corrective measures to prevent similar incidents in the future.

This plan ensures minimal disruption and maximum transparency in managing incidents.

Managing Data Retention

Data retention is just as important as data processing. At Symbio6, we:

  • Keep data only for the duration specified in the agreement.
  • Thoroughly and securely delete data after the assignment is complete, unless otherwise required by law.
  • Regularly review retention practices to ensure they align with best practices.

At Symbio6, our goal is to make data processing seamless, secure, and worry-free for our principals. By putting privacy first, we aim to be a trusted partner in all their data processing needs.

Terms and conditions Symbio6 »

Let AI Work for Learning

Take your school forward with hands-on training, coaching, and project support. Let’s make it happen — together.
Explore more ... Let's talk