GDPR Compliance
MadarisTech is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).
Our Commitment
As a company serving educational institutions in the European Union, Unibrains Sarl takes data protection seriously. We have implemented comprehensive measures to ensure GDPR compliance across all aspects of the MadarisTech platform.
Your Rights Under GDPR
Right to Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete data.
Right to Erasure
You can request deletion of your personal data (right to be forgotten).
Right to Portability
You can request your data in a machine-readable format.
Right to Object
You can object to processing of your personal data.
Right to Restrict
You can request limitation of processing in certain circumstances.
Legal Basis for Processing
We process personal data under the following legal bases:
- Contract: Processing necessary to provide our services
- Consent: Where you have given explicit consent
- Legal Obligation: To comply with legal requirements
- Legitimate Interest: For improving our services and security
Data Processing Activities
| Activity | Data Types | Legal Basis |
|---|---|---|
| Account Management | Name, Email, Password | Contract |
| Student Records | Personal, Academic Data | Contract, Legal Obligation |
| Analytics | Usage Data (anonymized) | Legitimate Interest |
| Marketing | Email, Preferences | Consent |
Data Protection Measures
- End-to-end encryption for data in transit (TLS 1.3)
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Access controls and role-based permissions
- Data minimization practices
- Regular employee training on data protection
- Incident response procedures
- Data Processing Agreements with all sub-processors
International Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-group transfers
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Retention periods vary based on data type and legal requirements:
- Account data: Duration of service + 30 days
- Student records: As required by education regulations (typically 7+ years)
- Financial records: 10 years (legal requirement)
- Analytics data: 26 months (anonymized)
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact our Data Protection team:
Data Protection Officer
Unibrains Sarl
Fes, Morocco
Email: dpo@unibrains.de
We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days with notification.
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the data protection authority in your country of residence.