Data Processing Agreement

Version: 2.0

Effective Date: August 2025

1. Parties: This Data Processing Agreement (“DPA”) is entered into between Robots For Schools Ltd, a company registered in the UK (address: Brook, Drove Close, Twyford, Winchester, SO21 1QN) (hereinafter the “Processor”), and the participating School (hereinafter the “Controller”).

This DPA is an integral part of the Robyn Robot Terms of Use and governs the processing of personal data in connection with the Robyn Robot hardware, software, and support services provided to the Controller’s school.

Both Parties agree to comply with all applicable UK data protection law, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, and any subordinate legislation. In this DPA, the terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Processing”, and “Personal Data Breach” shall have the meanings given to them in the UK GDPR.

2. Roles and Compliance with Law

For the purposes of data protection law, the School acts as the Data Controller, and Robots for Schools Ltd acts as the Data Processor for personal data processed under the Robyn Robot program. The Controller determines the purposes and means of the processing of personal data, and the Processor will only process such data on the Controller’s behalf and in accordance with the Controller’s instructions.

Each Party shall fulfill its respective obligations under the UK GDPR and Data Protection Act 2018 in relation to the Services. The Controller affirms that it has a valid lawful basis for the processing of personal data in this educational context.

The Parties acknowledge that for state-funded schools, the primary legal basis is likely “Public Task” (UK GDPR Art. 6(1)(e), processing necessary for a task in the public interest – the provision of education), and for independent schools, the likely basis is “Legitimate Interests” (UK GDPR Art. 6(1)(f), balanced against individuals’ rights).

The Controller is responsible for determining and documenting the appropriate lawful basis and for providing any required privacy notices or obtaining consents if necessary. The Controller must ensure that data subjects (students, parents, staff) are informed about the use of Robyn Robot in the school’s privacy notice.

3. Subject Matter and Details of Processing

The Controller hereby instructs the Processor to process personal data solely for the purpose of providing the Robyn Robot educational services during the program. In accordance with UK GDPR Article 28, the details of processing are as follows:

• Subject Matter: The Processor will process personal data as necessary to perform the Robyn Robot pilot program services, which include providing AI-powered teaching assistance through dedicated hardware devices and software in the classroom (e.g. Robyn Robot tablets and associated services). This encompasses the capture and analysis of classroom audio, visual, and text data in order to facilitate lesson transcription, content summarization, and question answering for educational purposes.
• Duration: The processing will occur for the duration of the pilot program (minimum half-term, extendable by agreement) and any continued use of the Robyn Robot service thereafter. Personal data will be retained only for as long as necessary for the purposes described, subject to the specific retention periods defined in this DPA (see Data Retention below). Upon termination of the pilot or the services, data will be returned or deleted as described herein.
• Nature and Purpose of Processing: The nature of the processing includes the collection, recording, analysis, storage, and deletion of audio, image, and text data from classroom interactions. The purpose of processing is strictly limited to providing and improving the Robyn Robot educational tool for the benefit of the Controller’s school. Permitted processing activities include recording classroom audio and transcribing it to text, capturing images of whiteboards or slides for content extraction, analyzing student questions (whether spoken, written, or submitted as images) to provide AI-generated answers, and generating lesson summaries. These activities are performed solely to assist teaching and learning in the classroom. The Processor will not process the personal data for any purpose outside the scope of Robyn Robot’s functionality – in particular, no personal data will be used for commercial purposes, marketing, or profiling unrelated to the educational service, and no data will be shared with unauthorized third parties. (For example, the Processor will not use or monetize school data for its own product development or advertising beyond the anonymized system improvement noted below.) The only exception is that the Processor may process certain technical data in anonymized or aggregate form to debug and improve the Robyn Robot system (e.g. crash logs, performance metrics), as this is a legitimate interest necessary to maintain a stable and secure service. Such improvement data will not identify individual data subjects and will not be used to build profiles of students or staff.
• Type of Personal Data: The following categories of personal data may be processed through the Robyn Robot service (as determined by the Controller’s use of the system):

• Audio Recordings: Voice data of teachers and students captured during lessons (via the Robyn Robot devices’ microphones). These are processed to produce transcripts and understand classroom dialogue.
• Visual Data (Images): Photographs or screenshots of classroom content, such as whiteboard writings or slides, taken through the Robyn Robot teacher app camera, as well as student-submitted photos of their work. These images are analyzed to extract textual content or context for lesson summaries and to answer questions.
• Textual Data: This includes transcripts generated from audio (AI-generated transcriptions of lesson discussions), lesson summaries, and the content of questions and answers. It covers any text that the Robyn Robot system produces or processes based on classroom input.
• Student Questions and Responses: Questions from students, which may be captured via voice (audio), text input, or images (e.g., a photo of a student’s written question) through the Robyn Robot interface, along with the AI-generated answers or explanations provided to those questions.
• Technical and Metadata: Data generated by the system to ensure functionality, such as device identifiers, session IDs, timestamps of interactions, login/authentication tokens, and usage logs. For example, authentication data (like a Google OAuth token for teacher login on the web) and system logs (such as error/crash logs) are processed to maintain secure access and system reliability. This category may also include network and connection data necessary for the service to operate.

The Service is not intended to collect special category personal data such as data revealing racial or ethnic origin, political opinions, health information, biometric identifiers, etc. The Processor does not require or seek any such sensitive data for the provision of the service. Teachers and users are strongly discouraged from inputting or exposing any special category data via Robyn Robot. In particular, lessons that are likely to involve sensitive personal discussions (e.g. certain pastoral care or health topics) should not be recorded using Robyn Robot. The Controller acknowledges that if it chooses to include any special category data in the processing, it is responsible for ensuring all necessary conditions are met to lawfully process that data (such as obtaining explicit consent from data subjects or their parents, if required). Any incidental capture of special category data (for example, a student’s voice which could be considered biometric data, or an unexpected personal remark made in class) will be treated with the same level of protection as other personal data, but the Processor disclaims any liability for processing sensitive data that the Controller introduces in violation of this guidance. The Controller remains solely liable for any special category data it chooses to process through the Service.

• Categories of Data Subjects: The personal data processed pertains to students (pupils) who participate in classrooms where Robyn Robot is used, and teachers and other school staff who interact with the Robyn Robot system (for example, teachers whose voice is recorded or who use the device to capture lesson content). These are the primary data subjects. In addition, if any classroom recording incidentally captures other individuals (e.g. a teaching assistant or a visitor speaking during a recorded session), they would also be data subjects. The Controller is responsible for informing all relevant data subjects (or their parents/guardians, in the case of minors) that their personal data may be processed by this service, as part of the school’s privacy communications.

4. Obligations of the Processor (Robots For Schools Ltd)

As the Processor, Robots For Schools Ltd agrees to the following obligations, in accordance with Article 28 of the UK GDPR and the terms of this DPA:

4.1. Processing on Documented Instructions

The Processor shall only process personal data on the documented instructions of the Controller, unless required to do otherwise by UK law. This DPA, together with the Robyn Robot Terms of Use and any written instructions provided by the Controller, constitute the Controller’s complete and final instructions to the Processor. The Processor will not process personal data for any purposes other than those explicitly instructed by the Controller and described in this Agreement. If the Processor believes any instruction from the Controller infringes UK GDPR or other applicable law, it will promptly inform the Controller of its opinion before acting on such instruction. The Controller may issue additional lawful instructions regarding the processing, but such instructions must remain within the scope of the agreed services and be agreed in writing in advance by both Parties. The Processor will ensure that all its personnel and any sub-processors only process the data as necessary for the specified purposes, and strictly in compliance with the Controller’s instructions.

4.2. Confidentiality and Personnel

The Processor shall treat all personal data as confidential. It will ensure that any person it authorizes to process the personal data (including employees and contractors) is subject to a strict duty of confidentiality (whether by contractual obligation or by statutory duty). Processor personnel will only be permitted access to personal data on a need-to-know basis, and only for the purpose of fulfilling the Processor’s services under this DPA. The Processor has implemented appropriate training for personnel on their data protection responsibilities and will continue to train and bind its staff to confidentiality obligations regarding personal data. If an authorized person no longer needs access to personal data, their credentials will be revoked. These measures ensure that no unauthorized person or unrelated staff have access to the Controller’s data.

4.3. Security Measures

The Processor shall implement and maintain appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, or disclosure, as required by Article 32 UK GDPR. These measures are designed to ensure a level of security appropriate to the risk of the data being processed. At a minimum, the Processor commits to the following security practices (among others):

• Encryption: All personal data is encrypted in transit (using HTTPS/TLS for network communications) and at rest on storage systems. This means that audio, image, and text data captured by Robyn Robot devices are transmitted securely to the cloud, and stored in encrypted form on servers and devices.
• Access Control: Strict access controls are in place to ensure that only authorized personnel and services can access personal data. This includes authentication mechanisms (such as secure login tokens and Google OAuth for teacher web access) and role-based authorization policies. Each school’s data is logically segregated from that of other schools – each school’s data is isolated and not accessible by any other school. The Processor’s systems enforce tenant separation so that data for the Controller’s school remains private to that school.
• Pseudonymization and Data Minimization: Where feasible, the Processor employs pseudonymization or anonymization. For example, the Robyn Robot apps do not collect student names or any direct identifiers in the data they process; user accounts are device-based or use generic school credentials to avoid unnecessary personal identifiers. Only the minimum data necessary for each function is collected and processed.
• Network & System Security: The underlying infrastructure (e.g., Google Firebase and Microsoft Azure) provides adequate network security, including firewalls, DDoS protection, and continuous monitoring. The Processor applies security patches and conducts regular vulnerability assessments on the Robyn Robot platform. Usage of secure cloud services means data benefits from those providers’ security certifications and safeguards.
• Monitoring and Logging: The Processor monitors systems for unusual activity and maintains logs of access to personal data. Security events and potential incidents are detected through automated monitoring systems and third-party security tools. All access to data is logged and traceable to an individual or system process, which aids in auditing and incident investigations.
• Incident Response: The Processor has an incident response plan in place to address any security breach or suspected data breach. This includes procedures to contain and remediate the incident, assess impact, and notify the Controller (and if applicable, authorities) in a timely manner. (Notification procedures are detailed in the Data Breach Notification section below.)
• Organizational Measures: The Processor restricts physical and logical access to systems hosting personal data to authorized individuals. Staff handling the Controller’s data are vetted and trained in data protection, and all team members with such access sign confidentiality agreements. The Processor conducts periodic reviews and audits of its security measures and policies to ensure ongoing compliance and effectiveness.
• Data Backup and Recovery: The Processor employs secure backup mechanisms to maintain data availability and to be able to recover data in the event of a technical issue or disaster. Backups of critical data are encrypted and stored securely. In the event of data loss or corruption, the Processor will be able to restore personal data from these backups.

The Processor will regularly test, assess, and evaluate the effectiveness of its technical and organizational measures to guarantee the security of processing. The Processor shall also assist the Controller in ensuring compliance with these security obligations, by providing relevant information about its measures upon request.

4.4 Assistance with Data Subject Rights and Compliance

Taking into account the nature of the processing and the information available to it, the Processor will assist the Controller in fulfilling the Controller’s obligations to data subjects and regulators. This includes the following:

• Data Subject Rights: The Processor will assist the Controller in responding to any requests from data subjects (or their parents/guardians, if applicable) to exercise their rights under the UK GDPR. If the Controller receives a request for access, rectification, erasure, restriction, data portability, or objection related to personal data processed by Robyn Robot, the Processor shall, upon the Controller’s request, promptly provide any relevant information or data in its possession and take other reasonable actions to help the Controller respond. For example, the Processor can retrieve or delete specific recordings or transcripts pertaining to a request, or provide log information demonstrating how data has been used, as needed. The Processor will direct any data subject who contacts it directly to submit their request to the Controller (school), as the Controller is responsible for the overall handling of the request. However, the Processor will cooperate by providing backend support to ensure the Controller can meet the statutory response deadlines (generally one month for UK GDPR compliance). By default, the Processor’s assistance will enable the Controller to access, correct, or delete personal data within the Robyn Robot system.
• Data Protection Impact Assessments (DPIAs) and Prior Consultation: If the Controller conducts a Data Protection Impact Assessment related to the use of Robyn Robot (for instance, if the school deems the processing to be high risk, or if special category data might be involved), the Processor shall provide all information reasonably required for the DPIA. This includes detailed information about system functionality, data flows, and security measures. If the DPIA indicates that the processing would result in a high risk in the absence of measures, and the Controller seeks consultation with the ICO (Information Commissioner’s Office), the Processor will assist in supplying necessary details to the Controller or directly to the ICO as needed. More generally, the Processor will assist the Controller in ensuring compliance with obligations under Articles 32 to 36 of the UK GDPR (security, breach notification, DPIA, and prior consultation). Any assistance beyond basic information provision (such as significant engineering effort to accommodate a special request) may be at the Controller’s expense, but basic support and documentation shall be provided without additional charge.
• Requests from Regulators: The Processor will promptly inform the Controller if it receives an inquiry or inspection notice from the UK Information Commissioner’s Office (ICO) or other data protection authority that relates to the personal data processed on the Controller’s behalf. The Processor will cooperate with the Controller and the authority in any such inquiry. It will not disclose the Controller’s information to a regulator without giving the Controller prior notice, unless legally compelled to do so.

In summary, the Processor will make available to the Controller all information and cooperation reasonably necessary to demonstrate compliance with this DPA and UK GDPR requirements, and to enable the Controller to meet its obligations to data subjects and authorities.

5. Data Breach Notification

In the event of a personal data breach (a security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data) affecting the Controller’s data, the Processor will notify the Controller without undue delay, and in any case within 24 hours of becoming aware of the breach. Such notice will be sent to the Controller’s designated contact (e.g. the school’s Data Protection Officer or administrator) and will include, to the extent possible at the time of notification, all relevant information about the breach. The Processor’s notification will describe the nature of the breach, the categories and approximate volume of personal data and individuals affected, the likely consequences of the breach, and the measures taken or proposed by the Processor to address the breach and mitigate its possible adverse effects. If complete information is not available within 24 hours, the Processor will provide an initial notice with the information it has and supplement it as further details are obtained.

The Processor will immediately take appropriate action to contain, investigate, and remediate the breach. It will cooperate with the Controller’s own incident response efforts and provide regular updates. The Parties acknowledge that the Controller (as Data Controller) has the responsibility for any notifications to the ICO and/or affected data subjects under UK GDPR Articles 33 and 34; however, the Processor will assist the Controller in meeting these obligations. Specifically, the Processor will provide the Controller with any information about the breach that the Controller may need to properly notify the ICO within 72 hours (when required) and to communicate effectively with affected individuals, if necessary. The Processor will not make any independent public announcement or notice about the breach that identifies the Controller without the Controller’s prior consent, unless required by law.

6. Deletion or Return of Data

Upon termination or expiration of the Robyn Robot services, or at any time upon the Controller’s written request, the Processor will cease processing the personal data and, at the Controller’s choice, either delete all personal data in its possession or return it to the Controller. Unless the Controller requests otherwise, the default action is deletion of personal data. The Processor will complete such deletion as soon as reasonably practicable and within a maximum of 30 days following the end of services or the request. This deletion includes all production data, except to the extent that retention of certain data is required by law (in which case the Processor will notify the Controller and ensure the confidentiality of such data). If the Controller prefers a return of data, the Processor can provide the Controller with an export of available data (in a commonly used format) within the same 30-day timeframe before deletion. The Controller is advised to export or download any desired lesson transcripts or records during the pilot or within 30 days of its conclusion; after that period, the Processor will securely wipe the data from its systems (barring any legal hold).

During the term of the agreement, the Controller can also request deletion of specific data (for instance, a particular day’s recording or a specific student’s question) and the Processor will comply within 30 days of the request. The Processor’s retention already provides for automatic deletion of raw data after certain periods, but the Controller retains the right to demand earlier deletion. Once data is deleted by the Processor, it will be permanently expunged from active systems and from backups within a reasonable period (with all backup deletions completed within a further 30 days). The Processor will, upon request, provide written confirmation of deletion to the Controller.

7. Data Retention

The Processor adheres to the following data retention periods:

• Audio Recordings & Classroom Images: Audio data (voice recordings) and snapshot images of boards/slides captured by the Robyn Robot devices are stored for a short period to allow the transcription and summarization processes. On the local device, raw audio and image files are retained for a maximum of 7 days before automatic deletion. On the secure cloud server, these raw files are retained for up to 90 days before automatic deletion. These limits ensure that raw classroom recordings do not persist longer than necessary for their intended educational use. (In many cases, the useful information from these recordings is extracted into transcripts and summaries, which have a longer retention as noted below.)
• Transcripts, Summaries, and Student Q&A Data: Processed data that results from the service – such as lesson transcripts, AI-generated lesson summaries, and the content of student questions and answers – is retained until deletion is requested by the Controller. In practice, this means that these educational records can remain available to the school for review and reuse (for example, for students to revisit past lessons or for teachers to assess engagement), unless and until the school decides they are no longer needed. The Controller may at any time instruct the Processor to delete specific transcripts, summaries, or Q&A entries, and the Processor will comply promptly (within 30 days as stated above). If no explicit deletion request is made, the data will persist, allowing the school to build a repository of lesson content over the pilot period. However, the school should periodically review what data remains necessary.
• Student Work Photos: Photos of student work (if any are taken via the student app for analysis) are treated similarly to transcripts and are retained on the server until deletion is requested. On devices, such images would be cleared within 7 days as part of the raw data policy.
• Technical Metadata and Logs: Technical data such as device identifiers, session logs, and crash reports are retained for at most 90 days when it comes to crash logs and similar diagnostic information. Routine operational logs may have shorter retention or rolling deletion. Some metadata (e.g., records of when a lesson took place) may be kept as long as the associated transcripts are kept, to maintain linkages, but anything that is no longer needed for functionality or debugging is deleted or anonymized. The Processor ensures that no personal data in logs is kept indefinitely.

All deletions are executed in a secure manner (using industry-standard data sanitization methods) to prevent any possibility of reconstruction of the data. If any alternative retention or deletion needs arise (for instance, if a legal requirement mandates a longer retention for a specific subset of data), the Processor will inform the Controller and obtain written agreement or instruction for that exception.

8. Sub-Processors

The Controller authorizes the Processor to engage the following sub-processors to assist in delivering the Robyn Robot service. These sub-processors are other service providers that handle personal data on behalf of the Processor, strictly for the purposes of providing the Robyn Robot functionality. The Processor has entered into a written agreement with each sub-processor imposing data protection obligations equivalent to those in this DPA, including strict instructions, confidentiality, and security measures. The authorized sub-processors and their roles are:

(Note: Google Authentication or (OAuth) is used for verifying teacher identities via their school Google or Microsoft accounts, but in that case the authentication data (login credentials) is handled by Google or Microsoft under the school’s own Google Workspace or Microsoft agreement. These OAuth providers, are not acting as sub-processors to Robots For Schools Ltd for personal data content, but rather as an identity provider under the school’s control. The Processor does not receive the teachers’ Google passwords or profile details beyond basic identifiers needed for login.)

The above list is exhaustive as of the Effective Date of this DPA. The Processor may engage any additional or replacement sub-processors to process the Controller’s personal data without the Controller’s prior authorization. The Processor will maintain an updated list of sub-processors and make it available to the Controller upon request, as part of demonstrating transparency in its processing.

9. Audit Rights

The Controller has the right to audit the Processor’s compliance with this DPA and applicable data protection laws. The Processor shall allow for and contribute to audits and inspections, conducted by the Controller or an independent auditor mandated by the Controller. To ensure the confidentiality and security of other customers’ data and the Processor’s operations, the following conditions apply to any audit:

• Frequency and Notice: The Controller may perform one audit per calendar year, unless additional audits are required by a supervisory authority or applicable law. The Controller must provide the Processor with at least 60 days’ advance written notice of its intention to audit, including the proposed start date, scope, and duration of the audit. This notice period allows the parties to discuss and agree on a reasonable audit plan and ensures that the audit can be conducted efficiently.
• Confidentiality: The Controller (and any appointed auditor) shall execute a reasonable confidentiality agreement with the Processor prior to commencement of the audit, to ensure that any sensitive information (e.g. about the Processor’s system architecture, security controls, or other customers) obtained during the audit is kept confidential and not disclosed or used outside the context of the audit. The auditor will be bound to not disclose business-sensitive information of the Processor.
• Scope and Method: The audit can encompass the Processor’s systems, policies, procedures, and documentation directly relevant to the processing of the Controller’s personal data. This may include reviewing third-party security certifications or audit reports (e.g., ISO 27001, SOC 2) that the Processor can share to demonstrate compliance. Whenever possible, the Controller agrees to first request relevant audit reports or information from the Processor (which the Processor will provide, if available, to meet the request) before resorting to an on-site inspection. If an on-site visit is deemed necessary, the parties will mutually agree on the date, time, and duration of the visit, and it will take place during regular business hours.
• Minimally Disruptive: The Controller will conduct any audit in a manner that minimizes disruption to the Processor’s operations. The Processor will provide a designated point of contact and cooperation for the audit and will make a good faith effort to address reasonable audit requests. Both parties will cooperate to schedule and conduct the audit in a way that does not interfere unreasonably with business activities.
• Costs: Each party will bear its own costs in relation to the audit. If the Controller’s audit requests are excessive or beyond the scope of what is reasonably required for GDPR compliance (for example, requesting an additional audit within a short time frame without sufficient justification), the Processor may require the Controller to contribute to costs. However, provision of the Processor’s standard compliance documents or certificates will be provided at no charge.

If an audit or inspection identifies any material deficiencies in the Processor’s practices, the Processor will promptly take steps to remediate those deficiencies in agreement with the Controller. The Processor shall provide the Controller with the results or a summary of any third-party audits it performs on its systems upon request, to further demonstrate compliance.

10. Controller Obligations and Responsibilities

This DPA is based on a relationship of mutual responsibility. While the above sections outline the Processor’s duties, the Controller (the School) also has key obligations to ensure that the processing of personal data via Robyn Robot is lawful and transparent. The Controller, by signing up to the Robyn Robot pilot, confirms and warrants that:

• Lawful Basis & Fair Processing: The Controller has determined a valid lawful basis for the processing of personal data through the Robyn Robot system and documented it in accordance with UK GDPR. As noted, for state schools this will typically be that the processing is necessary for the performance of a task in the public interest (education), and for independent schools it may be necessary for the purposes of legitimate interests. The Controller will ensure that this basis is appropriate for all the types of personal data collected (for example, if any special category data might be processed, the Controller will secure explicit consent or rely on another Article 9 condition, as required). The Controller is responsible for carrying out any necessary Legitimate Interests Assessment or other evaluation to ensure compliance when using this technology in classrooms.
• Transparency & Notices: The Controller shall provide clear and accessible information to students, parents, and staff about the use of Robyn Robot in the school. This includes updating the school’s privacy notice or policy to describe what data will be collected (audio recordings, images, etc.), for what purposes, who it will be shared with (Robots For Schools Ltd and its sub-processors), and how individuals can exercise their rights. The Controller does not require individual consent from students or parents to use Robyn Robot for core educational purposes (especially in state schools under public task basis), but it should ensure that the school community is aware and has an opportunity to raise concerns. The Controller will address any inquiries or complaints from data subjects regarding the Robyn Robot processing, with the Processor’s assistance as needed.
• Data Quality and Minimization: The Controller will make reasonable efforts to ensure that any personal data captured via Robyn Robot is adequate, relevant, and limited to what is necessary. For example, teachers should use the system in appropriate lessons and avoid over-capturing data (recording significantly beyond lesson times, or capturing extraneous personal discussions). The Controller should also ensure that any information inputted (such as any text associated with lessons or identifying metadata) is accurate and kept up to date. If the Controller discovers any incorrect data, it will either correct it through the system or ask the Processor for assistance in doing so.
• Use of the Service: The Controller will use the Robyn Robot system in accordance with the agreed Terms of Use and this DPA. This means following the guidelines provided (e.g., positioning the device properly, informing participants that a lesson is being recorded, etc.), and not using the system in a manner that would violate data protection law. The Controller is responsible for the ethical use of the technology in the classroom and ensuring it aligns with educational policies and parental expectations. If the Controller plans to use the system in a way not initially contemplated (for instance, in a counseling session or in extracurricular activities involving different data considerations), it should first consult with the Processor to assess any data protection implications.
• Security at Controller’s End: The Controller will take appropriate measures to maintain security on its premises when using Robyn Robot. This includes keeping the provided tablets and hardware secure, using any PINs/passwords or management features to prevent unauthorized use, and reporting promptly to the Processor if a device is lost or stolen or if misuse is suspected. The school’s IT staff should ensure the network environment provided to the Robyn Robot system is secure (e.g., the WiFi or 4G router is used safely) and that any recommended updates or patches for the Robyn Robot apps are applied in a timely fashion.
• Cooperation and Accountability: The Controller will cooperate with the Processor to resolve any data protection issues. If a data subject inquiry or regulatory inquiry arises concerning Robyn Robot, the Controller will promptly notify the Processor and work jointly in responding. The Controller will also consider conducting a Data Protection Impact Assessment (DPIA) for the use of AI and recording technology in classrooms, especially if required by law or if the school is processing any sensitive data. If the ICO or another authority requires changes to how the processing is done, the Controller and Processor will discuss in good faith how to comply.