1. Purpose

This page summarises Wise-Revise processor commitments for school customers. The executed DPA remains the controlling legal document where signed.

2. Roles

• School/customer: Data Controller.
• Wise-Revise operator: Data Processor.

3. Processor obligations

• Process personal data only on documented controller instructions.
• Ensure confidentiality obligations for authorised personnel.
• Implement Article 32 security controls appropriate to risk.
• Support controller obligations for rights requests, DPIAs, and breach response where required.
• Delete or return customer personal data at end of services, subject to legal retention duties.
• Provide evidence of compliance and support reasonable audits.

4. Sub-processors

• Sub-processors are used only with contractual data protection obligations.
• Processor remains accountable for sub-processor performance under DPA terms.

5. Security incidents

Personal data breaches affecting controller data are notified without undue delay after awareness, with available incident detail for controller decision-making.

6. Transfers

International transfers are restricted to lawful mechanisms and appropriate safeguards under UK GDPR.

7. Processing scope summary

• Data subjects: students and school staff users.
• Data types: identity/contact/account data, assignment/quiz interaction data, progress analytics.
• Purpose: delivery, support, security, and reporting for educational service functionality.
• Duration: contract term plus agreed retention period or lawful retention requirement.

8. How to request an executable DPA

Schools that require a signed DPA should request the current execution copy through Wise-Revise support before production deployment.