How Eduysle processes personal data on behalf of your school
Effective Date: May 1, 2026
Last updated: May 1, 2026
This Data Processing Agreement ("DPA") forms part of, and is governed by, the Eduysle Terms of Service between Eduysle and the school or organisation using our services ("you"). For personal data of students, parents, and staff that you provide or that is generated through your use of the platform:
Terms such as "personal data", "processing", "data controller", "data processor", "data subject", and "personal data breach" have the meanings given in the Nigeria Data Protection Act (NDPA) 2023 and, where applicable, the EU General Data Protection Regulation (GDPR).
Subject matter & duration: Processing takes place for the duration of your subscription and the retention periods described in our Privacy Policy.
Nature & purpose: Hosting and operating a school management platform — including computer-based testing, student records, gradebook and reports, fee tracking, and parent/teacher communication.
Types of personal data: Identification and contact details, educational records (grades, attendance, exam results), guardian details, and limited technical/usage data.
Categories of data subjects: Students (typically minors under 18), parents/guardians, teachers, and your administrative staff.
Eduysle will:
You authorise Eduysle to engage the following sub-processors to deliver the service. Each is bound by data protection terms no less protective than this DPA:
We will give you reasonable notice of any new or replacement sub-processor (via the platform or email) before it begins processing personal data, so you have the opportunity to object on reasonable data protection grounds.
Taking into account the nature of the processing, we will assist you — by appropriate technical and organisational measures, and insofar as possible — to respond to requests from data subjects exercising their rights (access, rectification, erasure, restriction, portability, and objection). Where a data subject contacts us directly about data we process for you, we will refer them to you, the controller.
We will notify you without undue delay after becoming aware of a personal data breach affecting your data, and provide the information you reasonably need to meet your own breach-notification obligations (including notifying the NDPC within 72 hours where required). See our Security Practices page for our incident-response approach.
We will provide reasonable assistance with your data protection impact assessments and any prior consultation with the NDPC or a supervisory authority, taking into account the information available to us.
Where personal data is transferred outside Nigeria (for example, to our hosting providers' regions), such transfers rely on the safeguards described in Section 6 of our Privacy Policy — NDPA Section 41 mechanisms and, for EU/EEA data, the GDPR Chapter V safeguards (adequacy or Standard Contractual Clauses) in our providers' agreements.
On termination or expiry of your subscription, we will retain, then delete, your personal data in accordance with the retention schedule in our Privacy Policy (including the post-subscription reinstatement window). You may request export or earlier deletion of your data by contacting us.
We will make available to you the information reasonably necessary to demonstrate compliance with this DPA, and will contribute to audits — including by providing relevant documentation from our sub-processors or supporting a mutually agreed audit on reasonable notice, subject to confidentiality and without compromising the security of other customers.
This DPA forms part of the Terms of Service. In the event of a conflict between this DPA and the Terms of Service regarding the processing of personal data, this DPA prevails. All other terms (including limitations of liability) remain as set out in the Terms of Service.
This DPA is governed by the laws of the Federal Republic of Nigeria, consistent with the Terms of Service.
Email: hello@eduysle.com
Phone: +234 706 172 6605
