DPA and GDPR Compliance

Data Protection Addendum and GDPR Compliance 

Last updated: September 1, 2020

Data Processing Agreement

Please note: If you require a signed copy of the agreement, please request one via email to support@beedle.co 

This Data Processing Agreement (“Agreement”) is an addendum to the Beedle add-in to Microsoft Teams Terms of Use.  The agreement details the rights and obligations of a User of Beedle and the software designer and owner Beedle ehf., (together “the Parties”) with respect to the processing and security of Personal Data, as required for GDPR compliance. 

When a User adds Beedle to their Microsoft Teams account the current Data Processing Agreement on Beedle’s website applies. If a new feature is introduced to Beedle the Data Processing Agreement may be updated and will apply to the User’s use of those new features.


  • The User acts as a Data Controller (the “Controller”).
  • The Controller wishes to add Beedle to his Microsoft Teams account, which implies processing of Personal Data by Beedle ehf., Höfðabakka 9, 110 Reykjavík, Iceland, acting as a Data Processor (the” Processor”).
  • The Parties seek to implement a Data Processing Agreement that complies with the requirements of Art 28 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Both Parties will comply with GDPR and applicable Data Protection Laws and regulations.



  1. Definitions and Interpretation

Unless otherwise defined herein, capitalized terms and expressions used in this agreement shall have the following meaning:

Agreement” means this Data Processing Agreement and Appendices A and B.

Personal Data” means any Personal Data processed by the Processor on behalf of the Controller, pursuant to or in connection with the Processor Terms of Use. 

EEA” means the European Economic Area.

Data Protection Laws” means EU/EEA Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country.

GDPR” means EU General Data Protection Regulation 2016/679.

Sub-processor” means other processors used by Beedle to process Controllers personal data in connection with the Service, for example to storage the personal data.  

Data transfer” means a transfer of Controller Personal Data to the Processor or a transfer of Controllers Personal Data to a Sub-processor.

The terms, “Controller”, “Processor” Data Subject”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.


  1. Processing of Controllers Personal Data

The Processor shall process the Controller’s personal data only on documented instructions from the Controller, unless required to do so by national law to which the Processor is subject. The instructions shall be specified in Appendix A.

  1. Confidentiality

The Processor shall take reasonable steps to ensure the reliability of any employee, agent or any Sub-processor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to access the relevant Personal Data, as strictly necessary for the purposes of the Processor service, and to comply with applicable laws in the context of that individual’s duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

  1. Security of processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) (a-d) of the GDPR. Depending on their relevance, the measures may include the following:

  1. the pseudonymisation and encryption of personal data.
  2. the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  4. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

In assessing the appropriate level of security, Processor shall take into account the risks that are presented by Processing, in particular from a Personal Data Breach.


      1. Use of Sub-processor

The Processor has the Controller’s general authorisation for the engagement of Sub-processors. The processor shall inform in writing the Controller of any intended changes concerning the addition or replacement of Sub-processors at least 21 days in advance, thereby giving the Controller the opportunity to object to such changes. A list of sub-processors already authorised by the Controller can be found in Appendix B.

Where the Processor engages a Sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in the agreement shall be imposed on that Sub-processor by way of an agreement.

      1. Assistance to the Controller

Taking into account the nature of the processing, the Processor shall assist the Controller by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controllers obligations, to respond to requests to exercise Data Subject rights under GDPR and other Data Protection Laws.

      • If the Processor receives a request from a Data Subject to exercise one or more of its rights under the GDPR, it will be forward to the Controller at once.


The Processor shall provide reasonable assistance to the Controller with any Data Protection Impact Assessments (DPIA) and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Controller reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Controllers Personal Data by, and taking into account the nature of, the processing and information available to the Processor.

      1. Notification of Personal Data Breach

The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data Breach affecting the Controller Personal Data. Such notification shall meet the Controller’s obligation to notify the competent Supervisory Authority and the Data Subject if applicable, and include that information a Processor must provide to a Controller under Art 33 (3) of the GDPR to the extent such information is reasonably available to the Processor.  

The Controller shall immediately notify the Processor if he becomes aware of a Personal Data Breach or has any suspicion of a breach in connection with the use of Beedle.

      1. Deletion or return of Personal Data

On termination of the Beedle service the Processor shall, at the choice of the Controller, delete or return all the personal data to the Controller and delete existing copies unless EU/EEA data protection or other state laws requires storage of the personal data. For more information about the process of the returning and deleting the personal data after termination of the service, see Terms of Use.

      1. Audit rights

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and the Agreement, and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

      1. Data Transfer

For Controllers covered by the GDPR the Processor may not transfer or authorize a transfer of Personal Data to countries outside the European Economic Area (EEA) without a prior written consent of the Controller. If Personal Data processed under this Agreement is transferred from a country within the EEA to a country outside the EEA, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.

      1. The rights and obligations of the Controller

The Controller is responsible for ensuring that the processing of personal data takes place in compliance with the GDPR (Art. 24), the applicable national Data Protection Laws and this Agreement.

The Controller has the right and obligation to make decisions about the purposes and means of the processing of personal data.

The Controller shall be responsible for ensuring that the processing of personal data, which the Processor is instructed to perform, has a legal basis.

      1. Notices and updates

All notices and communications given by the Processor under this Agreement must either be in writing, published on the website or sent by email.

The Processor shall be notified by email sent to the address: support@beedle.co

      1. Governing Law

This agreement is governed by Icelandic laws.

      1. Commencement and duration

This agreement becomes effective when Controller adds Beedle in Microsoft Teams.

The Agreement shall apply for the duration of the Personal Data processing by Beedle ehf. on behalf of the Controller.  


Appendix A: Information about Beedle add-in to Microsoft Teams processing

Nature of processing: The data processing performed by Beedle add-in to Microsoft Teams on behalf of the Controller relates to the service of Beedle ehf. Beedle is an add-in dedicated to extending the functionality of Microsoft Teams for teachers and educators. Beedle provides functionality inside of Teams for teachers to store digital lesson resources, organise their daily work and share content with other teachers and students.

Purpose of processing: Enable Beedle Users to create, store and share with fellow teachers and pupils for example lessons plans, class lists and notes regarding students’ behaviour, learning progress and more.

Type of personal data:


      • Pupils: Name, E-mail address, Diary notes, Assessment and Attendance.
      • Teachers/employees: Name and IP address (IP address is only recorded for security reasons).


Categories of Data Subjects:

Students, Teachers and other staff.


Appendix B: Sub-processor

Microsoft Azure Cloud Computing Service

Region: North Europe

Location: Ireland

Description of processing: Storage of Personal Data


Find a dedicated space for plans, evaluations and objectives to build a bank of tried-and tested lesson plans. Integrate, organize and reuse Microsoft Teams Assignments with your planning.


Record attendance for each student in a Team with the option to add comments, schedule future absences and view attendance history.


Gain an overview of scheduled lessons and share plans with students. Move quickly between the calendar and individual plans including objectives and Microsoft Teams Assignments.


Record ad-hoc grades or assess against learning objectives, add average and total columns for a better overview.

Class List

Get a quick and functional overview of your class pupils. Quickly select students at random or create groups of any number. Class or group lists can be easily downloaded or printed.


Define success criteria, learning goals and curriculum statements and link these to Beedle Planning, or record learning progress in Beedle Assessment.


Record notes, comments and feedback against students. Tag comments for reference, share them with teachers or students and easily sort them for download or printing.

Guardian App

Share relevant Beedle data and Microsoft Teams Assignment details with Guardians, ensuring parents are informed in a timely manner.

Powerful New Functionality for Teaching in Microsoft Teams

Beedle adds educational functionality into Microsoft Teams, so you can accomplish all your daily activities without leaving Teams. Immediately after installing Beedle you will be able to install Beedle as tabs for your classes. You can immediately start with planning, organizing your Microsoft Teams Assignments, register comments about students, taking attendance in class, capturing ad-hoc assessment or learning progress and much more…

Learn more →


  • Plan lessons in flexible formats
  • Organize Microsoft Teams Assignments
  • Store and reference digital resources
  • Schedule plans in a shared calendar
  • Reuse plans and assignments next year
  • Link objectives to lessons


  • Record ad-hoc assessment
  • Assess against objectives
  • Manage student groups
  • Record and categorize feedback
  • Reflect and collaborate on lessons
  • Take attendance in class


  • Securely share plans and resources
  • Share learning objectives
  • Provide learning feedback
  • Publish key deadlines
  • Share MS Teams Assignment details

Added value for Guardians

  • Full transparency of Teams Assignments
  • Attendance registration
  • Key deadlines and events
  • Diary comments
  • News and announcements
  • Secure two-way communication

Making learning
transparent for
Guardians / Parents

Education is not a one-way street, but a team sport. With the Beedle Guardian App, parents get access to Beedle and MS Teams functionality so they can take part in the learning progress of their child and follow up on information from their children´s school.

Beedle transforms Microsoft Teams into a Classroom and Learning Management Solution

Beedle makes Microsoft Teams familiar and productive for teachers, while making the IT environment less complex and more robust.

Eliminate duplications of data or synchronization between systems – Beedle works fully with your school setup and data management.

Teachers embrace Microsoft Teams in their daily work

Beedle is built directly in Microsoft Teams and presents a familiar, intuitive environment for planning, teaching, and engaging students and families in the way teachers naturally work. With Beedle and Microsoft Teams teachers find a complete solution for all daily classroom activities.

Shielded behind the Microsoft Cyber Defense Operations

Beedle is securely hosted and run in Microsoft Azure where all data and content is stored, additional documents are saved on your own schools SharePoint environment. Beedle snaps into Microsoft Teams and adopts to your schools Office 365 setup, privacy, and security settings. Student privacy can be assured.

Optimize your Microsoft IT environment

Maintain a single, secure, and manageable technology platform with Beedle as part of your Microsoft Teams environment. With no external system to manage or integrate with, Beedle works with your school setup and data and builds on top; no duplications of data or sync between systems.

Quickly and safely install and try out Beedle, it´s free!

With seamless design, user experience and intuitive workflows; teacher will be enjoying Beedle in a matter of minutes. Get started today by simply installing Beedle directly from your schools Microsoft Teams Apps store.