Last Updated:

Privacy Policy

WHEDU School Management System is committed to protecting your privacy and personal data. This policy outlines how we collect, use, and protect information.

GDPR
Compliant
ISO
27001 Certified
FERPA
Aligned
COPPA
Compliant

Quick Navigation

Privacy Overview Data Collection Your Rights Security

Privacy Policy Overview

Effective:

This Privacy Policy describes how WHEDU ERP ("we", "our", or "us"), a product of WH Solution & Research, collects, uses, and protects personal information when you use our School Management System. We are committed to ensuring that your privacy is protected.

Important Note for Educational Institutions

As a school management system, we process sensitive student data under educational purposes and with appropriate legal bases. Schools remain data controllers for their student data while we act as data processors.

Data We Collect

Categories of Personal Data

Data Category Examples Purpose Legal Basis
Student Information
For enrolled students
 Name, DOB, address, parent info, medical records, academic records Educational administration, reporting, communication Legitimate Interest
Staff Information
Teachers & Administrators
 Name, contact details, qualifications, employment records HR management, payroll, communication Contractual
Parent/Guardian Data
Student guardians
 Contact info, payment details, communication preferences Student updates, fee collection, school communication Consent/Legitimate Interest
System Usage Data
Platform interaction
 IP addresses, device info, login times, feature usage System improvement, security, analytics Legitimate Interest
Financial Data
Payment information
 Bank details, transaction records, invoice history Fee processing, financial reporting Contractual

Special Category Data

We may process special category data (such as medical information, racial or ethnic origin) only when necessary for educational purposes and with explicit consent or other lawful basis under applicable data protection laws.

Special category data receives enhanced protection under GDPR and similar regulations.

Data Protection Principles

Lawfulness, Fairness & Transparency

We process personal data lawfully, fairly, and in a transparent manner. You will always know what data we collect and why.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date.

Data Retention Periods

Student Records

Retained for 7 years after graduation or departure

Financial Records

Retained for 10 years for audit purposes

Staff Records

Retained for 7 years after employment ends

System Logs

Retained for 2 years for security monitoring

Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have the following rights:

Right to Access

You can request copies of your personal data that we hold.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure

You can request deletion of your personal data under certain conditions.

Right to Restrict

You can request restriction of processing your personal data.

Right to Data Portability

You can request transfer of your data to another organization.

Right to Object

You can object to processing of your personal data.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at dpo@whedu.com. We will respond to your request within 30 days.

Cookies Policy

We use cookies and similar tracking technologies to enhance your experience on our platform. Cookies are small text files that are placed on your device when you visit our website.

Cookie Type Purpose Duration Essential
Session Cookies Maintain user session, login state Session Yes
Authentication Cookies Secure user authentication 24 hours Yes
Preference Cookies Remember user preferences 1 year No
Analytics Cookies Track usage patterns 2 years No
Marketing Cookies Personalized advertising 1 year No

Cookie Consent

You can manage your cookie preferences through your browser settings. However, disabling essential cookies may affect the functionality of our platform.

Security Measures

Technical Security

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication for administrative access
  • Regular security updates and patches

Organizational Security

  • Data Protection Officer appointment
  • Employee privacy and security training
  • Strict access controls and role-based permissions
  • Regular data protection impact assessments
  • Incident response and breach notification procedures

Data Breach Notification

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours of becoming aware of the breach, as required by GDPR and other applicable regulations.

Regulatory Compliance

Global Compliance Standards

GDPR (EU) CCPA (California) PIPEDA (Canada) LGPD (Brazil) POPIA (South Africa) FERPA (USA) COPPA (USA) ISO 27001 SOC 2 Type II

Data Processing Agreements

We enter into Data Processing Agreements (DPAs) with all educational institutions using our services to ensure compliance with data protection regulations.

Standard Contractual Clauses

We implement SCCs for international data transfers to ensure adequate protection.

Contact Our Data Protection Officer

Data Protection Officer

WH Solution & Research

Address

123 Education Street, Learning City, ED 12345

Submit a Data Request

Use this form to submit data subject requests, privacy inquiries, or report concerns.

Policy Updates & Version History

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify users of significant changes.

Version Effective Date Changes Status
3.1 Added GDPR compliance details, enhanced data rights section Current
3.0 January 15, 2023 Major update for international compliance standards Previous
2.5 July 20, 2022 Added cookie policy and consent management Archived
2.0 March 10, 2022 Initial comprehensive privacy policy Archived

Notification of Changes

We will notify users of significant changes to this policy via email or through platform notifications at least 30 days before changes take effect. Continued use of our services after changes constitutes acceptance of the updated policy.

Acceptance of Privacy Policy

By using WHEDU School Management System, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services.