START TYPING AND PRESS ENTER TO SEARCH
Data Privacy Regulations and Frameworks are laws, regulations, or standards that provide data protections for users of software applications and internet websites.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. Though it was drafted and passed by the European Union (EU), it imposes obligations on organizations anywhere that collect or process personal information from individuals who live in the European Union (EU).
All Symplicity solutions fully comply with GDPR and any other applicable data protection regulations. As a standard part of our partnership with our customers, the customer will always remain the Data Controller, and Symplicity is a processor of all personal data processed on the application(s), on behalf of our clients. All data is stored in the secure cloud, underpinned by Amazon Web Services (AWS).
To understand more about customers' rights under the GDPR, refer to Symplicity's privacy policy in Privacy Policy.
The EU GDPR is an EU Regulation and it no longer applies to the UK. If you operate inside the UK, you need to comply with the Data Protection Act 2018 (DPA 2018). The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. In practice, there is little change to the core data protection principles, rights and obligations. Now the EU has approved adequacy decisions for the UK, most EEA processors will be able to send personal data back to UK controllers with no restrictions.
Symplicity solutions fully comply with UK GDPR. As a standard part of our partnership with our customers, the customer will always remain the Data Controller, and Symplicity is a processor of all personal data processed on the application(s), on behalf of our clients. All data is stored in the secure cloud, underpinned by Amazon Web Services (AWS).
If you’d like a deeper understanding of how Symplicity approaches security, you can read more here, or contact your account team for more details.
LGPD (Lei Geral de Proteção de Dados – Law No. 13.709/2018) is Brazil’s federal data privacy law that governs all personal data processing within the country. Any website, company, or organization that processes personal data within Brazil’s territory must comply with LGPD – even foreign data processors. The law establishes principles and rules for processing personal data, requiring organizations to adopt measures that demonstrate and ensure compliance with personal data protection standards. This includes ensuring that data processing activities are conducted based on a valid legal basis, such as contractual necessity (execução de contrato – Art. 7, V), legitimate interest (interesse legítimo – Art. 7, IX), or legal/regulatory compliance (cumprimento de obrigação legal – Art. 7, II).
The Autoridade Nacional de Proteção de Dados (ANPD) has recently reinforced in its guidance on legitimate interest and data governance that public and private entities must strike a balance between individual privacy rights and the broader societal benefits of data processing. This principle directly applies to educational institutions, which must ensure that students receive essential services—such as career development, disability support, student conduct management, and well-being resources—while also maintaining transparency and accountability in their data processing activities.
As a global EdTech provider, Symplicity is committed to LGPD compliance and follows industry best practices to safeguard personal data. Since our platforms are designed for educational institutions, data processing is performed in partnership with universities, which act as the data controllers responsible for defining the purposes of data collection and providing transparency to students. Symplicity provides nearly 40 different ways for students to customize their notification preferences., as well as the ability for educational institutions to configure which off these options are available to students. To ensure compliance with transparency obligations (Article 9 of LGPD), Symplicity strongly recommends that universities provide students with a privacy notice when accounts are created for these crucial institutional services. This notice should clarify the nature of data processing, its legal basis, and the institutional benefits provided through Symplicity’s platform.
It is also important to emphasize that Symplicity’s platforms do not engage in commercial activities, advertising, or monetization of student data. Our services are strictly educational and administrative in nature, designed to support universities in fulfilling their obligations to students.
To support compliance efforts and data subject rights, Symplicity has appointed a Data Protection Officer (DPO), whose contact details are listed within the Privacy Policy. The DPO serves as the primary point of contact for privacy-related inquiries, regulatory compliance, and data subject requests under LGPD.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law that applies to the collection, use, and disclosure of personal information in the course of commercial activities in all Canadian provinces as supplemented by substantially similar provincial privacy laws in Alberta, British Columbia and Québec. PIPEDA also applies to international and interprovincial transfers of personal information.
Symplicity is in compliance with all legal and regulatory requirements in the Canada region on systems used to support Symplicity clients.
The British Columbia Freedom of Information and Protection of Privacy Act (BC FIPPA) is a provincial law in British Columbia, Canada, that grants individuals the right to access government records and personal information held by public bodies in the province. It also sets out rules for how public bodies can collect, use, and disclose personal information. In addition to PIPEDA, Symplicity complies with BC FIPPA.
Bill 64, also known as Quebec Law 25, is a provincial privacy law in Quebec, Canada, aimed at enhancing the protection of personal information. It governs the collection, use, and disclosure of personal data by organizations operating within the province. Quebec Law 25 reinforces individuals' rights concerning their personal information and imposes obligations on organizations to ensure the proper handling and safeguarding of such data.
Symplicity diligently adheres to all legal and regulatory requirements within the Canada region, including compliance with Quebec Law 25, on systems utilized to support its clients. This commitment encompasses a thorough understanding and implementation of the provisions outlined in Quebec's privacy legislation, thereby ensuring the protection and privacy of personal information collected and processed within the province.
Just as Symplicity complies with PIPEDA at the federal level and BC FIPPA in British Columbia, the company similarly aligns its practices with Quebec Law 25 to uphold the highest standards of data privacy and security for its clients and their stakeholders.
The CCPA gives the residents of California the right to know how businesses are handling their personal information. The new law mandates companies to inform consumers about the data collected or shared while giving them the right to access, control, delete, and opt-out.
Symplicity complies with the California Consumer Privacy Act (CCPA).
The Privacy Act 1988 (Privacy Act) is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage, and disclosure of personal information in the federal public sector and in the private sector.
Symplicity is compliant with its obligations under the Privacy Act.
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. It complements sector-specific legislative and regulatory frameworks such as the Banking Act and Insurance Act. It comprises various requirements governing the collection, use, disclosure and care of personal data in Singapore.
Symplicity complies with the PDPA clauses.
