Common use of Data Categories Clause in Contracts

Data Categories. 12.1 Personal Data from the Controllers Management Information System is processed by the Processor. This is transparent within the Service and includes information such as identifiable student, staff and parent information. The Processor aims to only process the minimum fields for the Controller to perform their functions whilst using the Service. 12.2 The list of fields will vary throughout the Agreement in part due to the Controller selecting their own user defined fields to be processed. The Processor makes the data transfer transparent. Authorised members of the Controller’s Data Protection team or Administrator can inspect and audit these directly through the Service. 12.3 Data such as IP address, log-in data and cookies will be logged for purposes of security and auditing in order for the Processor to maintain expected security measures These will be periodically deleted once those functions have been completed.