Back to Compliance Portal

Compliance document

GDPR Compliance Statement

GDPR-oriented guidance for institutions evaluating VerbalCheck data processing.

Status

Published guidance

Effective date

June 2026

Audience

EU/UK privacy reviewers, data protection officers, legal counsel, and procurement teams

Processing roles

For institutional deployments, the institution will typically determine the purposes and means of processing education-related personal data, while VerbalCheck acts as a service provider or processor under the applicable agreement. Exact roles should be confirmed in the Data Processing Addendum.

Data subject rights

  • Access, correction, deletion, restriction, portability, and objection requests should be routed according to the institution contract and applicable law.
  • Where VerbalCheck acts as a processor, requests from students or staff may need to be redirected to the institution as controller.
  • VerbalCheck should support reasonable institution instructions for valid rights requests subject to legal, security, and technical constraints.

Transfers and subprocessors

EU/UK transfer requirements, Standard Contractual Clauses, subprocessor notices, and regional hosting requirements should be reviewed in the Data Processing Addendum and customer agreement before deployment.