Boarding School Software
  • Home
  • Components
    • Student App
    • Parent App
    • Staff Portal
  • Features
  • Why BSS
  • About Us
  • Contact Us
  • Home
  • Components
    • Student App
    • Parent App
    • Staff Portal
  • Features
  • Why BSS
  • About Us
  • Contact Us
Search
Try for free
Login
  • Home
  • Components
    • Student App
    • Parent App
    • Staff Portal
  • Features
  • Why BSS
  • About Us
  • Contact Us
  • Home
  • Components
    • Student App
    • Parent App
    • Staff Portal
  • Features
  • Why BSS
  • About Us
  • Contact Us
App Store
Google Play
Try for free
Login
  • Privacy Policy

Introduction Boarding School

Your privacy is important to us. This Privacy Policy explains how Go-Liberty Pty Ltd (“Go-Liberty”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you use our platform, including our website, mobile applications, and services we offer to schools, students, and families.

By using our services, you agree to the practices described in this Privacy Policy. If you do not agree with any part of it, please do not use our services.

This Policy applies to:

  • Visitors to our website
  • Students and parents using our platform
  • Schools and school administrators using our services,
  • Any other users or partners engaging with Go-Liberty.

We comply with applicable data protection and privacy laws, including the Australian Privacy Act, the General Data Protection Regulation (GDPR), and other relevant international standards.

If you have questions or requests regarding this Privacy Policy, please contact us at:
General enquiries: policy@go-liberty.com
Data Protection Officer (DPO): dpo@go-liberty.com

Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

  • “Go-Liberty”, “we”, “us”, “our” refers to Go-Liberty Pty Ltd, the provider of the Go-Liberty platform and related services.
  • “Platform” means the Go-Liberty websites, mobile applications, web applications, and all associated tools, systems, or services offered by Go-Liberty.
  • “You”, “User”, or “Client” refers to the individual or institution using the platform, including schools, boarding institutions, staff members, parents, or students, as applicable.
  • “Institution” means any school, boarding facility, organisation, club, or camp that contracts with Go-Liberty to use the platform for managing individuals or student data.
  • “Personal Data” or “Personal Information” means any information relating to an identified or identifiable individual, including but not limited to names, contact details, student records, and digital identifiers.
  • “Processing” means any operation or set of operations performed on personal data, whether by automated means or not, such as collection, storage, use, disclosure, or deletion.
  • “Data Controller” means the natural or legal person who determines the purposes and means of processing personal data. In most cases, this is Go-Liberty Pty Ltd.
  • “Data Processor” means a natural or legal person who processes personal data on behalf of the controller. This may include cloud service providers or technical support partners.
  • “Data Subject” means the individual whose personal data is being processed. This could be a student, parent, staff member, or other individual whose information is managed through the platform.
  • “Service Providers” means third-party companies or individuals engaged by Go-Liberty to facilitate the platform, provide services, or assist in analysing and improving its use.
  • “Applicable Laws” means all privacy and data protection laws and regulations that apply to the processing of personal data under this Privacy Policy, including but not limited to the Australian Privacy Act 1988, the General Data Protection Regulation (GDPR), and other relevant global laws.

Information We Collect & Obligations

Go-Liberty collects and processes personal information to operate the platform, provide services to users, and fulfill our legal and contractual obligations. This section outlines the categories of information we collect and our obligations in handling such information responsibly.

2.1 Categories of Personal Data We Collect

Depending on your role (e.g., student, parent, school staff) and how you interact with our platform, we may collect the following categories of information:

1. a) Personal Identifiers

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Student ID or school-assigned identifiers

1. b) School-Related Information

  • School name and location
  • Enrollment status and academic details
  • Attendance and performance information (if shared by the school)
  • Parent or guardian contact details
  • Student ID or school-assigned identifiers

1. c) Account and Login Information

  • Username and password (securely encrypted and stored)
  • User role and access level

1. d) Communication Data

  • Information you provide in correspondence with us, including support requests and feedback
  • Responses to surveys or forms completed on the platform

1. e) Usage Data and Device Information

  • IP address and approximate location
  • Device type, browser type, and operating system
  • Language preferences and time zone
  • Platform usage activity, such as login timestamps and interaction with features

For more information on how we handle technical usage data and analytics, see Section 9 (Standard Analytics Information).

2.2 Our Obligations in Handling Personal Data

We are committed to processing your personal data lawfully, fairly, and transparently. Our core obligations include:

  • Collecting only the data necessary to provide our services and ensure the security and effectiveness of the platform.
  • Using personal data only for specified, legitimate purposes as described in this Privacy Policy.
  • Protecting data through appropriate technical and organizational measures, as further detailed in Section 4 (Security & Indemnity).
  • Ensuring transparency around data collection, sharing, and retention.
  • Respecting your rights as a data subject under applicable privacy laws (see Section 10: Data Subject Rights).
  • Not selling or commercializing personal data under any circumstances.

In certain cases, we may be required by law or regulatory obligation to collect or retain specific types of data. Where legally required, we will seek your explicit consent before processing any sensitive or special category data.

Three Parties in This Arrangement

To ensure transparency and compliance with applicable data protection laws, it is important to understand the three key parties involved in the use and management of personal data within the Go-Liberty platform:

3.1 Go-Liberty (Data Controller)

Go-Liberty Pty Ltd acts as the Data Controller for the personal information it collects and determines how and why such data is processed. In this role, we are responsible for:

  • Defining the purposes and means of processing personal data.
  • Ensuring that data is collected and processed lawfully, fairly, and transparently.
  • Implementing appropriate technical and organizational safeguards.
  • Notifying relevant supervisory authorities and affected individuals in the event of a data breach.

We have appointed a Data Protection Officer (DPO) to oversee our privacy and data protection practices. You may contact the DPO at dpo@go-liberty.com

Last Updated: 17 March 2026

Introduction

Your privacy is important to us. This Privacy Policy explains how go-liberty Pty Ltd (Australia, ACN 681 835 656), together with its operational entity Boarding School Software (Pty) Ltd (South Africa, Reg No. 2020/074598/07), collects, uses, shares, and protects your personal information when you use our platform, including our website, mobile applications, and services we offer to schools, students, and families.

go-liberty Pty Ltd is the Australian-registered holding company and is ultimately responsible for the platform, its compliance posture, and its data protection obligations. Boarding School Software (Pty) Ltd is the South African-registered operating and marketing entity that delivers the platform and handles day-to-day operations.

Throughout this Policy, the terms “we”, “us”, and “our” refer collectively to go-liberty Pty Ltd and Boarding School Software (Pty) Ltd, as appropriate in context.

By using our services, you agree to the practices described in this Privacy Policy. If you do not agree with any part of it, please do not use our services.

This Policy applies to:

  • Visitors to our website
  • Students and parents using our platform
  • Schools and school administrators using our services
  • Any other users or partners engaging with us

This Policy is designed to align with major global data protection and privacy frameworks, including but not limited to the Australian Privacy Act 1988, the EU and UK General Data Protection Regulation (GDPR), FERPA, COPPA, applicable United States state student privacy laws (including California’s SOPIPA and Vermont’s 9 V.S.A. § 2443), the South African Protection of Personal Information Act (POPIA), Canada’s PIPEDA, and other relevant international standards.

Our global commitments are set out in Sections 1–20 below. Region-specific addendums for the EU/UK (Section 21) and the USA (Section 22) follow at the end of this Policy.

If you have questions or requests regarding this Privacy Policy, please contact us:

  • General enquiries: policy@go-liberty.com
  • Data Protection Officer (DPO): dpo@go-liberty.com

1. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

  • “go-liberty” refers to go-liberty Pty Ltd, the Australian-registered holding company, which is ultimately responsible for the platform, its data protection obligations, and its compliance posture.
  • “Boarding School Software” or “BSS” refers to Boarding School Software (Pty) Ltd, the South African-registered operating and marketing entity.
  • “We”, “us”, “our” refers collectively to go-liberty Pty Ltd and Boarding School Software (Pty) Ltd, as appropriate in context.
  • “Platform” means the websites, mobile applications, web applications, and all associated tools, systems, or services offered under the Boarding School Software and go-liberty brands.
  • “You”, “User”, or “Client” refers to the individual or institution using the platform, including schools, boarding institutions, staff members, parents, or students, as applicable.
  • “Institution” means any school, boarding facility, organisation, club, or camp that contracts with us to use the platform.
  • “Personal Data” or “Personal Information” means any information relating to an identified or identifiable individual, including but not limited to names, contact details, student records, and digital identifiers.
  • “Processing” means any operation or set of operations performed on personal data, whether by automated means or not, such as collection, storage, use, disclosure, or deletion.
  • “Data Controller” means the natural or legal person who determines the purposes and means of processing personal data.
  • “Data Processor” means a natural or legal person who processes personal data on behalf of the controller.
  • “Data Subject” means the individual whose personal data is being processed.
  • “Service Providers” means third-party companies or individuals engaged by us to facilitate the platform.
  • “Applicable Laws” means all privacy and data protection laws and regulations that apply to the processing of personal data under this Privacy Policy.

2. Information We Collect & Obligations

We collect and process personal information to operate the platform, provide services to users, and fulfil our legal and contractual obligations.

2.1 Categories of Personal Data We Collect

Depending on your role and how you interact with our platform, we may collect the following categories of information:

a) Personal Identifiers

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Student ID or school-assigned identifiers

b) School-Related Information

  • School name and location
  • Enrolment status and academic details
  • Attendance and performance information (if shared by the school)
  • Parent or guardian contact details

c) Account and Login Information

  • Username and password (securely encrypted and stored)
  • User role and access level

d) Communication Data

  • Information you provide in correspondence with us, including support requests and feedback
  • Responses to surveys or forms completed on the platform

e) Usage Data and Device Information

  • IP address and approximate location
  • Device type, browser type, and operating system
  • Language preferences and time zone
  • Platform usage activity, such as login timestamps and interaction with features

2.2 Our Obligations in Handling Personal Data

We are committed to processing your personal data lawfully, fairly, and transparently. Our core obligations include:

  • Collecting only the data necessary to provide our services and ensure the security and effectiveness of the platform.
  • Using personal data only for specified, legitimate purposes as described in this Privacy Policy.
  • Protecting data through appropriate technical and organisational measures (see Section 4).
  • Ensuring transparency around data collection, sharing, and retention.
  • Respecting your rights as a data subject under applicable privacy laws (see Section 10).
  • Not selling or commercialising personal data under any circumstances.

In certain cases, we may be required by law or regulatory obligation to collect or retain specific types of data. Where legally required, we will seek your explicit consent before processing any sensitive or special category data.

3. Three Parties in This Arrangement

3.1 Us (Data Controller / Processor)

We act as the Data Controller for personal information we collect directly. For data uploaded by institutions about their students, parents, and staff, we act as a Data Processor on behalf of the institution.

go-liberty Pty Ltd, as the holding company, carries ultimate responsibility for data protection across both entities. In both roles, we are responsible for:

  • Defining or following the purposes and means of processing personal data, as appropriate.
  • Ensuring that data is collected and processed lawfully, fairly, and transparently.
  • Implementing appropriate technical and organisational safeguards.
  • Notifying relevant supervisory authorities and affected individuals in the event of a data breach, in coordination with the institution where applicable.

We have appointed a Data Protection Officer (DPO) to oversee our privacy and data protection practices. You may contact the DPO at dpo@go-liberty.com.

3.2 Our Service Providers & Subprocessors (Data Processors)

To operate our platform, we engage a limited number of carefully selected subprocessors. These entities act as Data Processors, meaning they process personal data on our behalf and only according to our instructions.

Our subprocessors include:

  • Cloud infrastructure providers (Amazon Web Services)
  • Security and delivery services (Cloudflare)
  • Development and support (go-liberty Pty Ltd, as internal provider to Boarding School Software (Pty) Ltd)
  • Communication and analytics providers (Google, Intercom — the latter powering in-app support chat within the Platform)

We require all subprocessors to:

  • Sign data processing agreements with us.
  • Use personal data only for the agreed-upon purposes.
  • Implement robust security measures.
  • Not share or use the data for their own benefit.

A detailed and up-to-date list of subprocessors is available upon request to our Data Protection Officer.

3.3 Our Clients (Schools, Institutions, and Their Representatives)

Our clients — such as schools, boarding institutions, clubs, or camps — typically act as Data Controllers for the data they upload. These institutions are responsible for:

  • Ensuring that the data they submit is accurate and lawfully collected.
  • Managing their own users and staff access to the platform.
  • Obtaining all necessary consents and authorisations, particularly for data relating to children.
  • Informing parents and guardians about the platform and its privacy practices, where appropriate.

We do not directly communicate with students or parents unless explicitly authorised or instructed by the institution.

4. Security & Indemnity

The security and confidentiality of your personal information is a top priority. We implement appropriate technical and organisational measures to protect data against accidental or unlawful access, use, loss, alteration, or disclosure.

4.1 Our Security Measures

We maintain a multi-layered security framework that includes, but is not limited to:

  • Encryption of data in transit and at rest
  • Role-based access controls and authentication procedures
  • Multi-factor authentication (MFA) by default for all users
  • Firewalls, intrusion detection, and threat monitoring tools
  • Regular security testing, vulnerability assessments, and system updates
  • Secure development and deployment practices
  • Ransomware-resilient backups and disaster recovery planning

While we take reasonable steps to protect personal information, no method of transmission over the internet or method of electronic storage is 100% secure. Accordingly, we cannot guarantee the absolute security of your data.

If we become aware of a data breach, we will notify the relevant supervisory authority and affected individuals as required by law. Region-specific breach notification practices are detailed in Sections 21 and 22.

4.2 User Responsibilities

You are responsible for:

  • Keeping your account credentials confidential.
  • Ensuring that any devices used to access our services are secure and protected against unauthorised access.
  • Promptly notifying us of any suspected or actual unauthorised use of your account or data.

4.3 Indemnity

To the extent permitted by law, you agree to indemnify and hold harmless go-liberty Pty Ltd, Boarding School Software (Pty) Ltd, and their respective directors, employees, and service providers from and against any loss, liability, damages, or costs arising out of or related to:

  • Your breach of this Privacy Policy or our Terms of Service.
  • Your misuse of the platform or services.
  • Your failure to comply with applicable privacy or data protection laws, particularly in your capacity as a school, organisation, or administrator managing third-party data.

This section does not limit any statutory rights you may have under applicable consumer protection or privacy laws.

5. School Service Provider

Our core service is a digital platform designed for use by schools, boarding institutions, sports clubs, and other educational or care-based organisations (collectively referred to as “institutions”).

5.1 Data Uploaded by Institutions

Institutions may upload or authorise the upload of personal information to our platform. This may include data about:

  • Students (e.g., name, age, contact details, attendance, wellbeing records)
  • Parents or guardians (e.g., name, relationship to student, emergency contacts)
  • Staff (e.g., assigned duties, internal notes, contact details)

The institution remains responsible for ensuring the accuracy and lawfulness of the data it provides, managing who within their organisation has access to which data, and informing individuals of how their data will be used.

5.2 Use of Data by Us

We do not use, access, or disclose any data provided by institutions except:

  • As necessary to provide and maintain the services.
  • As instructed or authorised by the institution.
  • As required by law or regulatory authorities.
  • As otherwise agreed in our terms and service agreements.

We do not repurpose, sell, or share school-provided personal data for unrelated business activities or advertising purposes.

5.3 Data Processing & Data Privacy Agreements

We will sign a Data Processing Agreement (DPA) or Data Privacy Agreement with institutions upon request. For United States schools, we will sign the Student Data Privacy Consortium (SDPC) National Data Privacy Agreement or applicable state-specific variants. For European and United Kingdom institutions, we will sign GDPR-aligned DPAs incorporating Standard Contractual Clauses where applicable.

5.4 Responsibility for Local Compliance

Institutions are responsible for ensuring that their use of our platform complies with applicable laws, including obligations to obtain appropriate consents for data related to minors or sensitive categories of information.

6. Usage Data

In addition to the personal data actively provided by users or institutions, we automatically collect certain information related to how the platform and services are accessed and used.

6.1 Types of Usage Data We Collect

  • Browser type and version
  • Device type and operating system
  • Internet Protocol (IP) address
  • Date and time of access
  • Referring and exit pages
  • Time spent on pages or in the application
  • Actions taken while using the platform (e.g., clicks, form submissions)
  • Error logs and crash reports
  • Language and region settings
  • App version and updates installed

6.2 How We Use Usage Data

  • Monitor and improve the performance, stability, and security of our systems
  • Diagnose issues and identify bugs
  • Understand how users interact with the platform to improve user experience
  • Ensure compatibility with various devices and browsers
  • Generate aggregated, anonymised insights that help guide development

We do not use Usage Data to serve targeted advertising or marketing communications.

6.3 Optional Tracking & Analytics

We may use analytics tools, including third-party services, to collect and analyse Usage Data. You can manage some tracking preferences through your device or browser settings.

7. How We Use Information We Collect & When We May Share Such Information

7.1 How We Use Personal Information

We use the information we collect for the following purposes:

  • Service delivery: To provide access to our platform and tools, manage user accounts, support institutional workflows, and deliver requested services.
  • User support: To respond to enquiries, troubleshoot issues, and provide technical or administrative support.
  • Security and integrity: To detect, investigate, and prevent fraud, abuse, or security incidents.
  • Platform improvement: To evaluate usage patterns and improve features, content, and overall user experience.
  • Communication: To notify users of system updates, service changes, or new features. We do not send unsolicited marketing communications.
  • Legal compliance: To comply with applicable laws and regulations, including responding to lawful requests from authorities.

7.2 When We May Share Personal Information

  • With service providers: Trusted vendors contractually bound to protect personal data.
  • With institutions: Where data was submitted in the context of a school’s use of the platform.
  • With your consent: Where you provide clear and informed consent.
  • For legal reasons: Where required by law or lawful request from authorities (see Section 15).
  • Business transfers: In the event of a merger, acquisition, or sale of assets (see Section 13).

8. Support Services

To provide a reliable, secure, and responsive service, we may engage external partners who deliver technical and operational support. These providers may assist with hosting infrastructure, database management, system monitoring, user support, software development, communications delivery, and data backup.

Support Service Providers may require access to limited personal data in order to perform their roles. Each provider is required to:

  • Use personal data only for the purpose of delivering their assigned services.
  • Protect data using appropriate technical and organisational safeguards.
  • Refrain from using the data for any independent purposes.
  • Notify us immediately in the event of any suspected data breach or security incident.

9. Data Retention Period

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, contractual, and operational obligations.

9.1 Retention Principles

  • Contractual necessity: Data is retained for the duration of the institution’s or user’s relationship with us and any subsequent period required for administrative or legal follow-up.
  • Legal compliance: Some records must be kept for specified periods under applicable law.
  • Operational needs: We may retain limited usage data for service integrity, system performance tracking, and diagnostics.
  • User rights: Where users or institutions request deletion of data, we assess the request in accordance with applicable laws and our data retention policies.

9.2 Specific Retention Practices

  • User accounts: Data linked to inactive or closed accounts may be retained for up to 12 months to allow reactivation or dispute resolution, unless earlier deletion is requested.
  • Student and staff records: Retained in accordance with the terms agreed upon with the institution.
  • Support interactions and logs: Retained for up to 24 months for quality assurance, audit, and fraud prevention purposes.
  • Backups: System backups may contain residual data and are retained securely for limited periods consistent with our disaster recovery policy.

9.3 Data Deletion

Once the retention period has expired or the data is no longer needed, we will securely delete or anonymise the information. Institutions or users may request data deletion at any time (see Section 10).

10. Data Subject Rights

Depending on your location and the applicable data protection laws, you may have certain rights regarding your personal data. Specific rights under GDPR and United States laws are detailed in Sections 21 and 22.

10.1 Right of Access

You have the right to request confirmation of whether we process your personal data and, where we do, to request a copy.

10.2 Right to Rectification

You may request that we correct or update inaccurate or incomplete data.

10.3 Right to Erasure (“Right to be Forgotten”)

You may request deletion of your personal data in certain circumstances.

10.4 Right to Restriction of Processing

You may ask us to temporarily restrict processing while a correction request is reviewed.

10.5 Right to Data Portability

You may request a copy of your data in a structured, commonly used, machine-readable format.

10.6 Right to Object

You have the right to object to processing based on legitimate interests.

10.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

10.8 Right to Lodge a Complaint

You may lodge a complaint with your local data protection authority.

10.9 How to Exercise Your Rights

To make a request, please contact our Data Protection Officer at dpo@go-liberty.com. We aim to respond to legitimate requests within 30 days and may ask for identity verification.

If your request relates to data managed by your school or institution, we may refer your enquiry to them directly, or assist them in responding.

11. Cookies & Tracking Technologies

Cookies and similar technologies help us improve the quality of our services and enhance the user experience. We do not use cookies for advertising purposes.

11.1 How We Use Cookies

  • Keep you signed in across sessions
  • Save your preferences and settings
  • Enable certain features and platform functionality
  • Monitor platform performance and identify bugs
  • Collect anonymous usage analytics

We do not use cookies to serve targeted advertising or track users across unrelated websites.

11.2 Your Choices

You can manage cookie preferences through your browser or device settings. For detailed information, please refer to our Cookie Policy.

12. Service Providers

For a list of the categories of service providers and named subprocessors we engage — including cloud infrastructure (AWS), security and delivery (Cloudflare), development and support (go-liberty Pty Ltd), and communication and analytics (Google, and Intercom for in-app support chat) — please refer to Section 3.2 above.

A detailed and up-to-date list of subprocessors is available upon request to our Data Protection Officer at dpo@go-liberty.com.

13. Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets affecting either go-liberty Pty Ltd or Boarding School Software (Pty) Ltd, your personal data may be transferred as part of that transaction, subject to confidentiality arrangements and, where required, advance notification.

14. International Transfers of Personal Data

We aim to store and process personal data within the same geographic region where it is collected. Where international transfers are necessary, we ensure that:

  • The recipient country is deemed to have adequate data protection laws, or
  • We enter into legally binding contracts with recipients based on standard contractual clauses or other approved mechanisms.

Region-specific transfer safeguards for the EU/UK and USA are set out in Sections 21 and 22.

15. Compliance with Laws and Law Enforcement

We may disclose personal information where required by law or in response to valid legal requests from public authorities, including to:

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Detect, prevent, or address fraud, security risks, or technical issues
  • Protect the rights, property, or safety of our company, its users, or the public

Where feasible and not prohibited by law, we will notify affected users before disclosing data in response to a legal request.

16. Third-Party Links & Disclaimers

Our platform may contain links to external websites not operated by us. We are not responsible for the privacy practices or content of those third-party sites.

17. Children’s Privacy (Global)

Our platform is designed to support institutions that work with children and young people. We do not provide services directly to children. All access to student data is managed by the institution, which remains responsible for ensuring that appropriate parental or guardian consents are obtained before collecting or submitting student information to our platform.

Region-specific children’s privacy protections (including COPPA in the United States and GDPR Article 8 in the EU/UK) are set out in Sections 21 and 22.

If you believe a child’s personal data has been provided to us in error, please contact us at dpo@go-liberty.com.

18. Data Localisation

We aim to process and store data within the country or region in which it was collected, unless otherwise required by law or necessary for service delivery. Schools select their preferred data-residency region during onboarding. Supported regions include Australia, New Zealand, European Union, United Kingdom, United States, Canada, Asia-Pacific, Africa, and the Middle East.

Where cross-border transfers are necessary, we apply appropriate safeguards as described in Section 14 and the region-specific sections below.

19. Miscellaneous

This Privacy Policy is written in English, which shall prevail over any translated versions. We reserve the right to update this Privacy Policy from time to time. Material changes will be communicated via email or platform notifications where appropriate.

20. Contact Information

Holding Company (Ultimately Responsible)

go-liberty Pty Ltd (Australia)

ACN 681 835 656

10a Cavendish Street, Pimlico 4814

Queensland, Australia

P.O. Box 477, Aitkenvale BC 4814

Queensland, Australia

Operating & Marketing Entity

Boarding School Software (Pty) Ltd (South Africa)

Reg No. 2020/074598/07

No 9 5th Street, Linden, 2195

Postnet Suite 50, Private Bag X7, Parkview, 2122

South Africa

Correspondence

  • General enquiries: policy@go-liberty.com
  • Privacy & Policy matters: privacy@go-liberty.com
  • Data Protection Officer (DPO): dpo@go-liberty.com

Regional Addendums

The following sections describe how we meet the specific legal and regulatory requirements of the European Union / United Kingdom and the United States of America. These addendums supplement — and do not replace — the global commitments in Sections 1–20.

21. European Union & United Kingdom — GDPR Addendum

For institutions and data subjects in the European Economic Area (EEA), the United Kingdom, and Switzerland, we align our practices with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the UK Data Protection Act 2018.

21.1 Lawful Bases for Processing

We process personal data under one or more of the following lawful bases under GDPR Article 6:

  • Contract — processing necessary to deliver the services to institutions and their authorised users.
  • Legal obligation — where processing is required to comply with a legal duty.
  • Legitimate interests — for platform security, service improvement, and fraud prevention, balanced against data subject rights.
  • Consent — where specific consent has been obtained (e.g., optional features or special category data).

21.2 Children’s Data (GDPR Article 8)

For users in the EU/UK, parental consent is required for children under the age of 16 (or the lower age specified by the member state, down to 13). The institution is responsible for obtaining and documenting this consent before uploading child data to the platform.

21.3 International Transfers from the EEA/UK

Where personal data is transferred outside the EEA or UK, we rely on:

  • Adequacy decisions issued by the European Commission or the UK Government, or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, together with the UK International Data Transfer Addendum where applicable, or
  • Other approved transfer mechanisms under GDPR Chapter V.

21.4 Data Subject Rights under GDPR

Data subjects in the EU/UK have the full set of rights described in Section 10, including the right to lodge a complaint with their local supervisory authority (for example, the UK Information Commissioner’s Office or the Irish Data Protection Commission).

21.5 Data Breach Notification

We will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, in accordance with GDPR Article 33. Affected individuals will be notified where required under Article 34.

21.6 Data Processing Agreements

We will sign GDPR-aligned Data Processing Agreements (including SCCs where applicable) with EU/UK institutions on request.

22. United States of America — FERPA, COPPA & State Student Privacy Addendum

For institutions and data subjects in the United States, we align with the primary federal and state laws that govern student data privacy.

22.1 FERPA — Family Educational Rights and Privacy Act

We operate as a “School Official with a legitimate educational interest” under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g and 34 CFR Part 99, when providing services to United States educational institutions. In this role:

  • We perform institutional services that the institution would otherwise use its own employees to perform.
  • The institution retains direct control over personally identifiable information (PII) from education records.
  • We are bound by the same restrictions on the use and redisclosure of PII as the institution itself.
  • We do not use PII from education records for any purpose other than providing the contracted services.
  • PII is not disclosed to third parties except as authorised by the institution, required by law, or as permitted under FERPA.

22.2 COPPA — Children’s Online Privacy Protection Act

For users under the age of 13, we comply with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506. Where the platform is used by a United States PreK-12 institution, that institution may act in loco parentis in providing school-authorised consent on behalf of parents for educational use.

We do not:

  • Collect personal information from children beyond what is necessary for the educational service.
  • Use children’s personal information for targeted advertising or commercial profiling.
  • Disclose children’s personal information to third parties except as necessary to provide the service or as required by law.

22.3 SOPIPA & State Student Privacy Laws (including Vermont)

Many United States states have enacted laws regulating operators of educational technology services, modelled on California’s Student Online Personal Information Protection Act (SOPIPA). A representative example is Vermont’s Student Data Privacy Law, 9 V.S.A. § 2443, which took effect on 1 July 2020. Where we qualify as an ‘operator’ under such a law, we comply with its requirements. In particular, we:

  • Do not engage in targeted advertising to students based on any information acquired through the use of the platform for PreK-12 school purposes.
  • Do not build commercial profiles of students for purposes unrelated to PreK-12 school functions.
  • Do not sell, rent, or barter student covered information.
  • Do not disclose covered student information except as authorised by the institution, required by law, or otherwise permitted under the applicable statute.
  • Delete covered student information on the request of the institution, subject to applicable legal retention requirements.
  • Publish this Privacy Policy and supporting documents describing the collection, use, and disclosure of covered information.

22.4 Data Residency for United States Institutions

Personal data provided by United States institutions is stored in the United States AWS region by default. Cross-border processing will only occur where necessary for service delivery and with appropriate safeguards in place.

22.5 Breach Notification under United States Law

We will comply with applicable United States federal and state breach notification laws (including Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2430 and 2435). Where a breach affects a United States institution’s data, we will support the institution in meeting its own notification obligations.

22.6 Data Privacy Agreements

We will sign the Student Data Privacy Consortium (SDPC) National Data Privacy Agreement or applicable state-specific variants — including the Vermont Student Data Privacy Agreement — with United States school districts and independent schools on request. A draft DPA can be provided on request from institutions evaluating the platform.

End of Privacy Policy.

Boarding School Software
Components​
  • Student App
  • Parents App
  • Staff Portal
Legal​
  • Privacy Policy
  • Terms & Conditions
  • Cookie Policy
  • Security Privacy
  • Incident Response
Resources
  • About
  • Why BSS
  • Blog
  • Faq
  • Contacts
Company
  • 10a Cavendish St, Pimlico 4812, Queensland, Australia
  • No 9 5th Street, Linden, 2195 / Postnet Suite 50, Private Bag X7, Parkview, 2122

info@boardingschoolsoftware.com

Facebook-f Linkedin-in

Copyright © 2026 go-liberty Pty Ltd Australia: Boarding School Software - Pty Ltd South Africa: All rights reserved.

Click here
staff
Staff App
studentApp
Student App
parentsApp
Parent App
foyerApp
Foyer App