Data processing schedule

A. Scope of processing

A1 Subject matter. Provision of the Care Academy platform and associated onboarding, support, hosting, maintenance, quality assurance, reporting, assessment workflow and related services under the agreement.

A2 Duration. For the Term and any reasonable period needed for secure deletion, return, transition, dispute handling, compliance retention or lawful backup cycle management.

A3 Nature and purpose. Hosting, storing, organising, retrieving, transmitting, analysing, supporting, backing up and otherwise processing Customer Personal Data as needed to provide the Services and comply with law and regulatory obligations.

A4 Data subjects. Customer personnel, employer contacts, learners, Authorised Users, assessors, IQAs, support contacts and other individuals whose personal data is processed through the Services.

A5 Data types. Identity details, contact details, account identifiers, assessment records, training records, learner progress and activity data, communications, audit logs, and where applicable limited special category data relating to learning support, adjustments or safeguarding matters.

B. Mandatory processor terms

B1 Documented instructions. EdgeWorks™ shall process Customer Personal Data only on documented instructions from the Customer unless required to do otherwise by law.

B2 Confidentiality. EdgeWorks™ shall ensure persons authorised to process Customer Personal Data are subject to confidentiality obligations.

B3 Security measures. EdgeWorks™ shall implement and maintain appropriate technical and organisational security measures.

B4 Sub-processors. The Customer grants EdgeWorks™ a general authorisation to use sub-processors, provided EdgeWorks™ remains responsible for their performance of the relevant processing obligations and makes available an appropriate mechanism for the Customer to receive notice of material sub-processor changes.

B5 Assistance. Taking into account the nature of the processing, EdgeWorks™ shall provide reasonable assistance to enable the Customer to respond to data subject requests, personal data breaches, data protection impact assessments and regulatory consultations where required.

B6 Deletion or return. On expiry or termination, EdgeWorks™ shall delete or return Customer Personal Data as provided in clause 15, except where lawfully entitled or required to retain it.

B7 Audit information. EdgeWorks™ shall make available information reasonably necessary to demonstrate compliance with this Schedule and may satisfy audit requirements through policies, reports, questionnaires, certifications or other appropriate evidence, supplemented by reasonable further enquiries where required.

C. Shared and independent controller activity

C1 Independent controller activity. Where EdgeWorks™ processes personal data for its own legal obligations, safeguarding, fraud prevention, complaints handling, service security, regulatory engagement or other purposes for which it determines the means and purposes of processing, EdgeWorks™ acts as independent controller for that specific processing activity.

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None