Data Protection Information

Information about privacy, data protection, and professional review status.

Professional review notice

This page is informational and is under professional review. It is not a final DPA/AVV or legal compliance statement. Schools should not rely on this page for procurement or data protection approval until reviewed privacy and data processing documents are complete.

1. Overview

The General Data Protection Regulation (GDPR) sets a high standard for data protection. This page summarises the intended data protection position for The Exam Factory while formal privacy and DPA/AVV documents are being reviewed.

2. Data Roles

For school use cases, the intended role split is:

  • Data Controller: The school is expected to remain controller for the student data it uploads and decides how that data is used. This must be confirmed in final contract and DPA/AVV wording.
  • Data Processor: The Exam Factory is intended to act as processor for school-controlled exam data when providing the exam management service. This role statement requires professional review and a final DPA/AVV before customer reliance.

3. Privacy and DPA Documents Under Professional Review

A final Data Processing Agreement or AVV has not been published on this page. The intended documents should cover:

  • Processing data only on documented instructions from the controller.
  • Ensuring persons authorised to process data have committed to confidentiality.
  • Implementing appropriate technical and organisational measures to ensure security.

4. Sub-processors

The app uses or is expected to use the following third-party provider for hosted services:

  • Google Firebase (Google Cloud Platform): For cloud hosting, database storage, and authentication. Data location, transfer terms, and security certification wording must be verified before customer reliance. Google publishes cloud security and compliance information separately.

5. Data Subject Rights

We provide tools to help you fulfill data subject requests:

  • Right of Access: You can view all data for a student within their profile.
  • Right to Rectification: You can edit any student or exam record directly.
  • Right to Erasure: You can delete student records or entire exam sessions permanently.
  • Right to Portability: You can export your full dataset as a JSON file at any time.

6. Security Measures

Visible technical measures in the app include:

  • HTTPS on Firebase Hosting for browser traffic.
  • Firebase Auth and per-account access controls visible in the repository.
  • Repository validation scripts and Firebase rules maintained alongside the source code.

7. Privacy Contact

For privacy and data protection enquiries while final documents are under review, contact:

  • Email: info@theexamfactory.com