Bounce Together and GDPR Compliance

Last Updated: 1st March 2020
Bounce Together Ltd. is committed to protecting your data.

Bounce Together Ltd have standardised policies and procedures that ensure the data we are processing on behalf of our customers is protected. These policies are maintained by using our inherent knowledge of schools and decades of experience in the education, as well as our data protection compliance through our ICO registration.

Bounce Together have robust plans and policies that help us achieve our continual GDPR compliance. We:

  • Conduct reviews around the legal basis for all personal data processing to make sure that have any appropriate consent in place
  • Embed data protection by design/default into our business practices
  • Define and execute a schedule for reviewing our policies and procedures to ensure that we are complaint with all rights for individuals under GDPR
  • Implement training schedules for staff to ensure knowledge of cyber security, data protection and UK law is kept up to date
Controllers, Processors and Personal Data

GDPR requires Data Controllers (schools using Bounce Together) and Data Processors (suppliers such as Bounce Together) to ensure that processes and technologies meet specified requirements.


Personal Data is any type of data that can be used to directly or indirectly identify an individual. Some examples include a name, address, as well as IP address or user name.

Data Controller is a person, company or other entity that determines the purpose and means of processing personal data.

A Data Processor is a person, company or other entity which processes personal data on the data controller's behalf

The data controller is the person or organisation who determines what data is extracted, what purpose it is used for and who is allowed to process the data. In this context, the school is the data controller.

Bounce Together Ltd is the data processor of the data made available in our software products purchased by the school. We are trusted with this personal data but do not control it.

What measures do Bounce Together Ltd employ, to protect personal data?

The information from your school is held inside the BounceTogether platform, which is hosted within the United Kingdom. It never leaves the European Economic Area (EEA).

Every effort is made to ensure the data held by Bounce is secure and our reputable hosting provider (Microsoft Azure) apply a number of robust techniques to ensure the data is kept safe. Many techniques are used to ensure the data is kept safe and secure at the application level (such as industry standard encryption and firewalls) as well as a plethora of techniques that ensure the data is physically secured in their data centres. You can find out more about Microsoft's procedures in their technical documentation.

You can find more detailed information in our Terms and Conditions and Privacy Policy.

Subject Access Requests and The Right to be Forgotten

The right of access (commonly referred to as "subject access") gives an individual the right to obtain a copy of their personal data to help them understand how and why you are using their data. In a product provided by Bounce Together Ltd, we provide a means of authorised individuals to supply this directly. For any assistance concerning a Subject Access Request, please get in touch.

The Right to be Forgotten (also known as the "right to erasure") is a right given to an individual under the GDPR to have their personal data erased upon request. If you require assistance with a right to erasure request that concerns Bounce Together, please get in touch.

Can we help further?

If we can assist you further with GDPR compliance surrounding a Bounce Together Ltd product, please contact the team so we can help.

Teach Secondary awardTeach Primary Shortlist 2020