1. Overview

This statement describes the operational controls Wise-Revise uses to support compliance with UK GDPR and the Data Protection Act 2018.

2. Registration and transparency

• Privacy notices and supporting policy documents are published and maintained.
• Controller/processor distinctions are defined in customer-facing documentation.

3. Leadership and review

• Data protection responsibilities are allocated and reviewed at management level.
• Compliance controls are reviewed periodically with tracked actions.

4. Security baseline

• Secure authentication, role-based access control, and account protection controls.
• Encrypted transport and secure secret/key handling architecture.
• Patch, malware protection, backup, and resilience procedures.
• Access restriction on a least-privilege basis.

5. Processor due diligence

• Key processors are assessed for security and legal suitability.
• Data processing terms are used for processor relationships.
• Where Wise-Revise acts as processor, customer DPAs are supported.

6. Data breach handling

Incident response includes detection, containment, investigation, and lawful notification pathways for affected customers and authorities where required.

7. Data rights handling

Data subject rights requests are handled through a documented process. School-managed users are routed through their controller school where appropriate.

8. International data use

Where international processing occurs, transfer safeguards and processor controls are applied in line with legal requirements.

9. Contact

For compliance assurance queries, use your Wise-Revise support contact route.