1.What personal data does PE Classroom collect?

We collect teacher and pupil names, email addresses, and assessment data (e.g., quiz answers, exam responses). This is necessary for providing our platform services and ensuring pupil progress tracking.

2. Is PE Classroom GDPR compliant?

Yes, PE Classroom complies with the UK GDPR, Data Protection Act 2018, and other relevant data protection laws. We have appropriate safeguards in place to protect all personal data.

We are also registered with the Information Commissioner’s Office (ICO) under registration number ZB259604.

3. Who is the data controller and data processor?

• Schools are the Data Controller as they determine the purpose of data processing (e.g., managing pupil accounts and learning progress).
• GCSE Classroom Ltd (PE Classroom) is the Data Processor, acting on behalf of schools to process personal data strictly for the purpose of delivering educational services.

We use industry-standard encryption, access controls, and secure servers to protect data. Additionally, our staff receive data protection training, and we conduct regular security audits to maintain compliance.

5. Where is personal data stored?

As with most online platforms used by schools, personal data is stored across multiple secure data centres, some of which may be located outside the UK. However, all data transfers comply with Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA) to ensure full GDPR compliance.

6. Do you share personal data with third parties?

Like almost all educational platforms, we work with trusted third-party providers (e.g., hosting services, analytics tools, and payment processors) to deliver our services effectively. All subcontractors comply with GDPR regulations and implement appropriate safeguards. We do not sell or misuse personal data.

7. How long do you retain personal data?

We retain data for 30 days after a membership expires, after which it is securely deleted. Schools can also request earlier deletion if needed.

8. Can teaches or pupils request their data to be deleted?

Yes. Schools, as the Data Controller, can request pupil or teacher data deletion at any time. Individual users (teachers/pupils) should contact their school to request data removal.

9. How does PE Classroom deal with data breaches?

If a data breach occurs, we will:

• Notify the affected school promptly.
• Report it to the Information Commissioner’s Office (ICO) if legally required.
• Take immediate steps to mitigate risks and prevent further breaches.

Yes, we provide a DPA upon request, outlining how we process and protect personal data on behalf of schools.

11. Do you conduct a Data Protection Impact Assessment (DPIA)?

Yes, we have conducted a Data Protection Impact Assessment (DPIA) to assess and mitigate risks related to data processing. If required, we can provide general details about our approach upon request.

12. How do we contact PE Classroom about data protection?

For any GDPR-related inquiries, please contact our Data Protection Officer (DPO):

📧 support@thepeclassroom.com
📞 01789 56901