GDPR Compliance at SSS

SSS is part of Community Brand's best-of-breed solutions for schools K-12. Community Brands has updated its privacy policies across the organization which reflect how and why data is processed. Privacy consent features have been implemented at the product level allowing the user to actively grant consent to process their data. Users have the option to revoke consent at any time using the GDPR functionality within the product. Consent for a minor can and will only be captured from the child’s legal parent or guardian. 

Users of our products also have the option to request their data to be deleted. Community Brands will grant this request with the exception of legal obligations that require the Company to retain the data. Data deletion practices comply with Community Brands' Data Retention and Disposal Policy which states that once data is no longer needed in relation to the purpose it was collected such data will be deleted. When users withdraw consent, data will be disposed of appropriately

Community Brands has appointed a Data Protection Officer (DPO) as well as have executed Data Processing Addendums (DPA) to appropriate parties. Community Brands has implemented data breach protocols as defined in the Company Data Breach Notification Policy. This policy states that as the Data Processor, we will notify the controller with undue delay in any case of a data breach.

At Community Brands, we take compliance and data protection seriously. We are dedicated to closely working with our partners, customers and Data Controllers to ensure we meet our obligations as a Data Processor and data protection advocate. We partner with industry leading privacy and compliance expert to analyze our business processes and applications, and to assist us in determining where we need to make changes. We have made updates to our company documents, including legal documentation, privacy documentation, and security program documentation. We have also made updates to our processes to provide assistance to our Data Controllers when they have an obligation to respond to an individual's exercise of rights. We have updated our security and design protocols to fully integrate the ‘data protection by design' principle. We have also made functional changes to some areas of our product applications to better provide our customer with the tools they need to be compliant.