GDPR Compliance

Committed to Protect Your Data

EducaGate is primarily a data processor, since we offer our cloud-hosted LMS to organizations. Those organizations are data collectors, since they sign up end users and those users enter data into our system. 


To be compliant as a data processor, we do the following:


  1. Follow industry best practices to ensure the security of our system and prevent breaches. 

  2. Provide clear privacy policies.

  3. Provide policy consents for particular account types to our customers.

  4. Allow policies to be versioned (which then requires re-acceptance & reported on.

  5. Allow end users to withdraw their consent from policies if desired.

  6. Allow customers to provide end users with self-service data export for data portability.

  7. Allow customers to provide end users with the ability to self-delete their accounts or request that their accounts are deleted.

  8. Provide end users with a set of privacy settings.

  9. Commit to alert our customers with a timely notification of any serious breach.

  10. Confirm that the third-party services and systems we utilize for the operations of our product are also GDPR compliant.


EducaGate is also secondarily a data controller since we require the person who initially signs up for our service to enter some data such as their name and email address. 


To be compliant as a data collector, we do the following:


  1. Provide clear Terms of service and Privacy Policy.

  2. Provide a method to self-delete their site and all related data.

  3. Use best security practices to protect against data breaches.

  4. Commit to alert our customers within 72 hours of any serious breach.

  5. Provide clear privacy policies.


Prepared for the GDPR


The GDPR’s updated requirements are significant and our team has worked hard to ensure that EducaGate LMS fully meets them. 


Our Security Infrastructure


Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security. All EducaGate LMS communications are encrypted using a highly secure version of SSL/TLS with strong ciphers, resulting in A+ security rating.

Supporting customers’ enhanced rights as data subjects

The rights of our EducaGate LMS customers as data subjects are important to us. We are committed to supporting the new, enhanced under GDPR, data subject rights for all EducaGate LMS customers, regardless of their location or nationality.


  • Breach Notification: We are sending a breach notification likely to “result in a risk for the rights and freedoms of individuals” within 72 hours of first having become aware of the breach. As a data processor we also notify our customers and controllers, “without undue delay” after first becoming aware of a data breach.

  • Right to Access: End-user data is displayed at the respective user profile with the information whether or not personal data concerning them is being processed, where and for what purpose for the data transparency and empowerment of data subjects. In case end users have specific questions about particular data, they may additionally contact us at for any clarification or data they may need at any time. Information will be provided free of charge without undue delay.

  • Right to be Forgotten: Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Please note that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.

  • Right to Rectification: You may access and update your EducaGate LMS account settings at any time to correct or complete your account information through your profile from your account menu. You may also contact EducaGate LMS at any time if you need help to access, correct, amend or delete information that we hold about you, as explained in our Privacy policy.

  • Restriction of Processing: EducaGate LMS supports the right to restriction of processing by providing to the administrator to render any user as “Inactive”. This can also be done for large sets of users by means of following the same procedure for mass deleting users explained in the “Right to Erasure” paragraph and invoking the “Make active/inactive” mass action instead of deleting.

  • Right to Object: If you object to EducaGate LMS notifications, you may deactivate them for yourself. The case where the end user objects to processing for e-learning is covered in the "Right to Erasure" part. In case you object to EducaGate LMS notifications, your administrator can exclude you from notifications.

  • Right of Data Portability: You can export your data and your progress by using the reports feature.

  • No automated individual decision-making: EducaGate LMS by design fully respects the right of its users not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.



 EducaGate LMS enables its customers to explicitly ask for and record users’ consent for using the EducaGate LMS service and obtaining consent from the end-user with respects to data collection and processing. 


We ensure the collection and processing of data is concise, transparent, intelligible and easily accessible. Notices will be clear and in plain language (particularly if addressed to a child). Data collected will also be free of charge. 


Our “Privacy Notice” are in place to address the following: 


  • What information is being collected?

  • Who is collecting it? 

  • How is it collected?

  • Why is it being collected?

  • How will it be used?

  • Who will it be shared with?

  • What will be the effect of this on the individuals concerned?

  • Is the intended use likely to cause individuals to object or complain? 


Our “Terms of Service” consent is to be shown to each end user when he/she first logs in to the system. It is necessary to accept this page in order to continue to the LMS. 


Note that once an end user accepts to provide consent, this is also logged by the EducaGate LMS and appears in the extended timeline of the application, thus making it easy to use it for reporting or compliance purposes if needed. 


If the end-user chooses to withdraw consent for e-learning, this is equivalent to the removal of the user from EducaGate LMS in order to satisfy the data subject’s request and remove the end-user. 


Stay Updated


Fulfilling our privacy and data security commitments is important to us. 


If you have any questions about how EducaGate LMS can help you with compliance, or you have any privacy-related concerns, please reach out by contacting us at:

logo educagate v2-12.png
logo es text-03.png