.png)
Privacy Policy
Last updated: June 2026
Scope of This Policy — Website Visitors vs. School Users
This Website Privacy Policy governs the personal data that MySchool Limited collects and processes when you visit and interact with https://www.trymyschool.com (the 'Website') — for example, when you submit an enquiry form, subscribe to our newsletter, or become a MySchool customer.
It does not govern the processing of personal data that takes place inside the MySchool Student Information System platform on behalf of a customer school.
If you are a student, parent, guardian, or member of staff at a school that uses the MySchool platform, your personal data within the platform is controlled by your school, not by MySchool. Please refer to your school's own privacy notice for information about how your data is used. MySchool processes that data as a processor acting on your school's instructions, under a written Data Processing Agreement with each school.
If you have a question about data held in the MySchool platform, please contact your school directly in the first instance. If your school directs you to us, or if you have a concern relating to MySchool's role as processor, you may contact our Data Protection Officer at dpo@msm.io.
For all matters related to this Website Privacy Policy, the data controller is MySchool Limited, company registration number C94463, registered address at 9B Midland Warehousing Parks, Triq il-Burmarrad, Naxxar NXR 6345, Malta.
Definitions
Service: The https://www.trymyschool.com website operated by MySchool Ltd.
Personal Data: Any information relating to a living individual who is identified or identifiable, directly or indirectly, from that data.
Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). This may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Cookies: Small pieces of data stored on your device (computer or mobile device).
Data Controller: The natural or legal person who determines the purposes and means of processing personal data. For the purposes of this Website Privacy Policy, MySchool Ltd is the Data Controller.
Data Processor: A natural or legal person who processes personal data on behalf of the Data Controller. We use various service providers in this capacity.
Data Subject: Any living individual who uses our Service and is the subject of Personal Data. For the purposes of this Website Privacy Policy, you are a Data Subject.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
While using our Service, we may ask you to provide us with certain Personal Data which may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City, Country
- Cookies and Usage Data
We do not collect or process special categories of data (e.g. health, ethnicity, religion) as a data controller through this Website, except where strictly necessary for Website security or compliance.
We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you, only if you have opted in to receiving the same. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
We may use and store information about your location if you give us permission to do so. We use this data to provide features of our Service and to improve and customise our Service. You can enable or disable location services at any time through your device settings.
The processing of your Personal Data through Cookies and similar technologies is explained in our Cookie Policy, which you can access at www.trymyschool.com/privacy/cookies.
How and Why We Use Your Data
The table below sets out the categories of Personal Data we process through this Website, the purpose for which we process it, and the legal basis under the GDPR.
|
Category of Personal Data |
Purpose |
Legal Basis |
|
Name, surname, email, phone number, role, country, school website |
To reply directly to enquiries with relevant product or service information. |
Art. 6(1)(b) GDPR — necessary to take steps at the request of the data subject prior to entering into a contract. |
|
Name, surname and email |
To send monthly blog updates or a link to download a PDF guide. |
Art. 6(1)(b) GDPR — necessary to take steps at the request of the data subject prior to entering into a contract and/or for the performance of the contract. |
|
Name, surname, email, country, role, school name |
To provide you with news, special offers, and general information about goods, services and events similar to those you have already purchased or enquired about, unless you have opted out. |
Art. 6(1)(a) GDPR — processing based on your consent. |
|
Name, email, address, city, state, postcode, country; names and contact details of appointed support contact and DPO |
To collect onboarding information when you become a MySchool customer. |
Art. 6(1)(b) GDPR — necessary to take steps at the request of the data subject prior to entering into a contract. |
|
IP address, browser type, browser version, pages visited, timestamps, device identifiers, cookie IDs |
Website analytics, security monitoring, and improving the functionality of the Service. |
Art. 6(1)(a) GDPR — consent, for non-essential analytics and advertising cookies (obtained via cookie banner). Art. 6(1)(f) GDPR — legitimate interests, for aggregate, non-identifying analytics used to improve the Website. Strictly necessary cookies are not consent-dependent. |
Retention of Data
MySchool Ltd retains personal data only for as long as is necessary for the purposes described in this policy, to comply with legal obligations, resolve disputes, and enforce our agreements. The table below sets out specific retention periods for each category of data we collect through this Website.
|
Data Category |
Processing Purpose |
Retention Period |
|
Name, email, phone, role, country, school website |
Responding to website enquiries |
24 months from last meaningful contact, then deleted or anonymised. If an enquiry leads to a customer relationship, contact data is transferred to our customer management records and retained for the duration of that relationship plus 7 years. |
|
Name and email address |
Blog updates and PDF guide delivery |
For as long as you remain subscribed; deleted within 30 days of unsubscription. A suppression record is retained indefinitely to honour your opt-out. |
|
Name, email, country, role, school name |
Consent-based marketing communications |
For as long as consent is valid and you are an active subscriber. Inactive subscribers (no engagement for 24 months) are reviewed and deleted or re-permissioned. Suppression records retained indefinitely. |
|
Name, email, address, city, state, postcode, country; support and DPO contact details |
Customer onboarding |
For the duration of the customer relationship. Contractual and onboarding records retained for 7 years after termination, aligned with statutory limitation and tax/audit obligations. |
|
IP address, browser data, cookies and Usage Data |
Website analytics and security |
Cookie-based tracking data: retained for the lifespan of the cookie (maximum 13 months). Aggregate website analytics: up to 26 months at individual level, longer in anonymised aggregate form. Security logs: 12 months minimum. |
At the end of each retention period, personal data is securely deleted or irreversibly anonymised. You may obtain further information about our retention criteria by contacting dpo@msm.io.
Security of Data
The security of your data is important to us. We use appropriate measures to ensure a level of security appropriate to the risk involved and have implemented contractual, technical, administrative and physical security measures designed to protect Personal Data from unauthorised access, disclosure, use and modification.
MySchool is independently audited and certified compliant with ISO/IEC 27001:2022, the most globally recognised Information Security standard. This includes security measures including, but not limited to, data backup, firewall protection, data encryption, risk management, strict data access policies, and the use of third-party services that maintain strict data protection compliance.
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required under Article 33 GDPR, and will notify affected individuals where required under Article 34 GDPR.
While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Please notify us immediately if you suspect any security incident, by contacting dpo@msm.io.
International Transfers of Personal Data
MySchool Ltd is headquartered in Malta (an EU Member State). Some of the third-party service providers we use to operate this Website are headquartered outside the European Economic Area (EEA), which means your personal data may be transferred to and processed in countries outside the EEA.
Whenever we transfer personal data outside the EEA, we ensure that an appropriate safeguard is in place in accordance with Chapter V of the GDPR. The table below sets out the key transfers arising from the operation of this Website.
|
Recipient |
Country |
Purpose |
Transfer Mechanism |
|
HubSpot, Inc. |
United States |
CRM, email marketing, website analytics, customer onboarding |
Standard Contractual Clauses (EU SCCs, 2021, Module Two). A Transfer Impact Assessment has been carried out. EEA data hosting region selected where available. |
|
Google LLC (Workspace) |
United States |
Email (Gmail), document storage |
Standard Contractual Clauses (EU SCCs, 2021, Module Two). Google Workspace is configured with EEA data residency where available. Transfer Impact Assessment completed. |
Where we rely on Standard Contractual Clauses, these are the clauses approved by the European Commission under Implementing Decision (EU) 2021/914. Copies of our SCCs and Transfer Impact Assessment summaries are available on request by contacting dpo@msm.io.
MySchool does not, and will not, sell any of your Personal Data to any third party.
Sharing Your Information
We share your data with the following categories of companies as an essential part of being able to provide our Service:
- Companies involved in delivering our Service to you, such as payment service providers and hosting providers.
- Professional service providers, such as website hosts and technical support providers, who service us in order to operate our business.
- Credit reference agencies, law enforcement and fraud prevention agencies, to help tackle fraud.
There may be other occasions where we are required to disclose information — for example, pursuant to a court order, to comply with legal requirements, to protect your vital interests, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event.
We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before we do so, we ensure it does not identify you.
When we share data, we do so on the understanding that it is to be used only for the purposes for which we originally collected it.
Automated Decision-Making and Profiling
MySchool Ltd does not carry out automated decision-making, including profiling, that produces legal effects concerning you or that similarly significantly affects you, within the meaning of Article 22 of the GDPR.
We use standard website analytics tools to analyse how visitors use our Website in aggregate. This analysis is used to improve the Website and our marketing communications. It does not result in any automated decision that affects your rights or interests.
If this position changes in the future, we will update this policy to reflect the purpose, logic and significance of any automated processing, and to inform you of your rights in that respect.
Your Data Protection Rights
Under the GDPR, you enjoy the following rights in relation to the personal data we hold about you as a website visitor or customer contact:
Right to be informed. We must be transparent about how we use your personal data. We do this through this Website Privacy Policy, which we keep as up to date as possible.
Right of access. You may request a copy of the personal data we hold about you by contacting privacy@msm.io.
Right to rectification. You have the right to have inaccurate or incomplete personal data corrected. We welcome feedback to keep our records accurate.
Right to erasure. You may ask us to delete your personal data. This is not an absolute right; we may retain data where we are required to do so by law (for example, for VAT reporting) or in connection with the exercise or defence of legal claims. Where we delete your data, we will retain a minimal suppression record to ensure we do not contact you again.
Right to object. You have the right to object to processing based on legitimate interests or carried out for direct marketing purposes.
Right to restriction. You may request that we restrict the processing of your personal data in certain circumstances.
Right to data portability. You have the right to receive a copy of the personal data you have provided to us in a structured, commonly used and machine-readable format, and to request that we transmit it to another controller where technically feasible.
Right to withdraw consent. Where we rely on consent as the legal basis for processing, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, or if you have a complaint or question, please contact us at dpo@msm.io. We may ask you to verify your identity before responding. We will endeavour to respond within one month; complex requests may take up to two months.
You also have the right to lodge a complaint with a supervisory authority. In Malta, the relevant authority is the Information and Data Protection Commissioner (www.idpc.org.mt). You may also contact the supervisory authority in the EU Member State where you live or work.
Children's Privacy
This Website does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18 through this Website.
If you are a parent or guardian and believe that your child has provided us with personal data via this Website, please contact us at dpo@msm.io. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to remove that information from our systems.
Note: The MySchool platform itself is used by schools to process data relating to students of all ages, including minors. That processing is governed by the applicable Data Processing Agreement between MySchool and the school, and by the school's own privacy notices.
Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and, where appropriate, by notifying you by email or by a prominent notice on our Service prior to the change becoming effective.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
- By email: dpo@msm.io