Data Processing Addendum (DPA)
For Schools, NGOs & Partners
1. Parties
This Data Processing Addendum (“DPA”) is between:
Fastlearners Limited (“Processor”)
and
[School/NGO/Partner] (“Controller”)
2. Purpose of Processing
Fastlearners processes personal data to:
- Create student accounts
- Deliver educational content
- Track academic progress
3. Categories of Data Subjects
- Students
- Teachers
- Parents/guardians
- Administrators
4. Types of Data
- Names
- Contact information
- Location
- Class/grade
- Learning analytics
- Login data
5. Processor Obligations (Fastlearners)
Fastlearners shall:
- Process data only on documented instructions
- Maintain confidentiality
- Apply strong technical and organizational security measures
- Assist the controller with data subject requests
- Notify of breaches within 72 hours
- Allow audits or inspections
- Delete or return data at end of contract
6. Sub-processors
Fastlearners may use:
- Cloud hosting
- Analytics services
All sub-processors are bound by GDPR/NDPR-compliant agreements.
7. International Transfers
Permitted only with:
- NDPR-approved safeguards
- GDPR Standard Contractual Clauses
8. Termination
Upon termination:
- All personal data must be deleted or returned
- Backups purged securely within 90 days
9. Governing Law
- NDPR (Nigeria)
- GDPR (European Union)
- Applicable national law of the controller