Toddle & HKPDPO
Hong Kong Personal Data (Privacy) Ordinance
- Products
Toddle at a glance
From curriculum maps to lesson plans
From curriculum maps to lesson plans
All your assessment needs in one place
Your assessment cycle in one place
Make learning visible
Build customised progress reports
Build customized report cards
Keep your entire community in sync
Track and report student well-being
Attendance, timetable, calendar
Be accreditation-ready at all times
Save time & elevate practices with your personal teaching assistant
Integrate with your favourite tools
Secure your school’s data
- Explore Toddle for your school
- Solutions
Under the PDPO, there are 6 Data Protection Principles (DPPs) that set out the baseline requirements for personal data privacy protection in Hong Kong:
- DPP 1: Purpose and manner of collection of personal data
- DPP 2: Accuracy and retention of personal data
- DPP 3: Use of personal data
- DPP 4: Security of personal data
- DPP 5: Information to be generally available
- DPP 6: Access to personal data
Below, we detail how Toddle ensures compliance with each of these principles.
DPP1 – Purpose and Manner of Collection of Personal Data
Toddle collects personal data in a fair and lawful manner, and only when it is necessary for us to provide our services effectively. The types of data we collect, and the purposes for which they are used, are clearly explained in our Privacy Policy.
DPP2 – Accuracy and Retention of Personal Data
Toddle ensures the accuracy and proper retention of personal data. All personal data is added directly by schools using the platform, and Toddle does not independently input or modify any user information. If users identify inaccuracies or require corrections, they can easily update their data directly via their Toddle accounts. If they find any inconsistencies, they can email us at privacy@toddleapp.com. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
DPP3 – Use of Personal Data
Toddle ensures that personal data is used strictly for the purposes explicitly outlined in the contract with schools. Any changes to our data usage practices or Privacy Policy that materially affect users’ privacy rights are communicated to users at least 30 days in advance, ensuring transparency and providing sufficient time for review. Users who have concerns or questions about these changes can contact us directly at privacy@toddleapp.com. Toddle does not sell or share user data with external marketing agencies and limits data sharing to trusted sub-processors as required for delivering services, in strict compliance with the agreed terms.
DPP4 – Security of Personal Data
Toddle is committed to safeguarding personal data against unauthorized or accidental access, processing, or erasure. We adhere to internationally recognized security standards, holding certifications such as ISO/IEC 27001:2022, ISO/IEC 27017:2015, ISO/IEC 27018:2019, and ISO/IEC 27701:2019. Additionally, Toddle has successfully completed a SOC 2 Type II audit, demonstrating our strict control environment for data security, availability, and confidentiality.
Our platform complies with key regulations, including COPPA (Children’s Online Privacy Protection Act), FERPA (Family Educational Rights and Privacy Act), and GDPR (General Data Protection Regulation), ensuring robust privacy protections for users worldwide. Personal data is encrypted both in transit and at rest and is stored securely on Amazon Web Services (AWS) servers.
Toddle’s personnel undergo comprehensive data security training to ensure the highest standards of data protection. In the event of a data breach, we will promptly act to contain the issue, notify affected users, and inform relevant authorities, as required by applicable laws and regulations.
DPP5 – Information to Be Generally Available
Toddle adopts a very transparent approach towards its Privacy Practices. The Privacy Policy, Terms of Use and Terms of Service are all hosted on its website www.toddleapp.com. Toddle also has a designated Data Protection Officer, Anshul Chauhan and he can be contacted at privacy@toddleapp.com.
DPP6 – Access to and Correction of Personal Data
Toddle respects users’ rights to request access to and correction of their personal data. Upon receiving a valid request, we provide a summary of the personal data we process and how it is used, typically within 30 days. If any information is inaccurate, incomplete, or out of date, users may request corrections by emailing privacy@toddleapp.com or directly through their Toddle accounts. We also honor requests for data deletion unless we are legally required to retain certain information.
