DATA SHARING AGREEMENT
Introduction
This Data Sharing Agreement ("Agreement") defines how information is shared, processed, protected, and managed between Infohash Ltd and educational institutions or authorised organisations using our services. Infohash Ltd provides technology solutions including Smart AI Attendance systems and educational integrations that require secure exchange of information with approved third-party platforms such as Xporter.
The purpose of this agreement is to establish transparency regarding data handling practices, responsibilities, security measures, and compliance obligations associated with the integration and processing of educational data.
Purpose of Data Sharing
Infohash Ltd processes and shares data solely to provide educational technology services and system integrations necessary for platform functionality.
Data sharing activities may include:
Student attendance management
Synchronisation of school timetable information
Student profile synchronisation
Staff information synchronisation
School operational reporting
Smart AI Attendance functionality
API-based integration services
Platform performance and service improvements
Data will only be processed where necessary to deliver agreed services.
Third-Party Integration and Data Processing
Infohash Ltd integrates approved third-party systems including Xporter to enable secure transfer of educational data between connected platforms.
Third-party integrations are used for:
Educational data synchronisation
Attendance processing
Student information management
Timetable automation
Secure API communication
All third-party providers are expected to maintain appropriate technical and organisational security controls.
Infohash Ltd does not sell personal information or provide access to unauthorised parties.
Security and Data Protection
Infohash Ltd is committed to protecting shared information through appropriate security measures designed to maintain confidentiality, integrity, and availability of data.
Security controls include:
Secure API communication protocols
Data encryption during transmission
Access management controls
Authentication and authorisation mechanisms
Audit logging and monitoring
Role-based access permissions
Infrastructure security management
Periodic security assessments
Only authorised personnel and systems may access shared information.
Compliance and Legal Obligations
Infohash Ltd processes information in accordance with applicable legal and regulatory requirements.
This includes compliance with:
UK GDPR requirements
Data Protection Act 2018
Educational sector data governance requirements
Applicable contractual obligations
Educational institutions remain responsible for ensuring appropriate permissions and lawful grounds exist for information sharing.
Data Retention
Information will only be retained for the period necessary to provide services, fulfil contractual obligations, and satisfy legal requirements.
Upon termination of services:
Access permissions may be revoked
Information retention schedules will apply
Data deletion procedures may be initiated where appropriate
Legal retention obligations will continue where required
Data Subject Rights
Educational institutions remain responsible for responding to requests relating to personal information.
These rights may include:
Access requests
Data correction requests
Data deletion requests
Processing restriction requests
Data portability requests
Infohash Ltd will provide reasonable assistance where required.
Data Breach Management
Infohash Ltd maintains procedures for identifying, managing, and responding to security incidents.
Where applicable:
Incidents will be investigated promptly
Appropriate remediation measures will be implemented
Notification obligations will be fulfilled in accordance with legal requirements
Agreement Acceptance
By using Infohash Ltd services and integrations, educational institutions acknowledge understanding of this data sharing framework and agree to the secure and lawful processing of information necessary to provide platform functionality.