Privacy at Symplicity


Our Privacy Center provides an overview of our Data Privacy Program and our approach to data privacy. We also have additional helpful data privacy information on the following pages: 


Symplicity establishes systems and operational requirements that support the achievement of service commitments, relevant laws and regulations, and other security and privacy requirements. Privacy Policies are important because they detail a company’s views and procedures regarding the information collected from users. Symplicity takes our privacy policies and procedures obligations seriously. Symplicity is the global leader in higher education student services applications.  Leading the way among EdTech companies, we’ve worked with outside privacy counsels all over the world to ensure compliance with multiple data privacy frameworks in the regions where we support higher education institutions such as the GDPR/UK-GDPR, PIPEDA, CCPA, The Privacy Act, LGPD, PDPA, and more.

You can learn more about Symplicity's privacy practices in our Privacy Policy


Our Data Privacy Program & Approach 

We care about privacy. We believe that privacy is a fundamental right for all individuals. Our clients entrust us with the personal information of their employees and their users, who are often students. We take the obligations that are attached to this information very seriously. 

Data privacy and security have therefore been long-standing key priorities of Symplicity. The European Union General Data Protection Regulation (GDPR) was an opportunity to further strengthen our existing data privacy practices and formalize them as part of a global data privacy program led by our Global Privacy Officer. 

Our approach to data privacy has always been client-focused. We understand the challenges our clients face. Our Data Privacy Program is designed to help them with their data privacy compliance. 


Cookie Policy

We collect information about your visits to the website and the application when you land on any of our web pages through cookies and similar tracking technology. 

For further information about the types of cookies we use, you can access our Cookie Policy at this link: 


Privacy by design

As it becomes more and more challenging in today’s world for individuals to maintain control over their information, privacy by design and accountability become increasingly important to maintain the trust of individuals, clients, and regulators and to document how an organization complies with the GDPR. Privacy by design is therefore at the heart of our Data Privacy Program. 

  • Ability for clients to provide their own privacy policies
  • Features built within the applications
  • Access Controls (SAML, SSO, etc.) 
  • Ability for clients to enforce their own data retention policies
  • Separate databases to prevent co-mingling of data. 

Data Protection Officer

Symplicity's Data Protection Officer (DPO) is the main point of contact for the data protection authority, responsible for overseeing the company's data protection strategy and its implementation to ensure compliance with GDPR requirements. 


Data transfers 

We have a multi-layered approach to data transfer compliance. This means we address data transfer requirements via multiple avenues to ensure personal information is adequately protected: 

  • Regional hosting: We have a regional hosting strategy with all key products and functionalities hosted in regions (e.g. in the EU for EU clients) to the extent possible. Access to personal information from outside the region (e.g. from outside the EEA) to this regionally hosted personal information may be required to provide the products and services, e.g. for 24/7-support and product maintenance.
  • Standard Contractual Clauses: We use the EU-approved data standard contractual clauses (SCCs) to transfer personal information.
  • Supplementary measures: We use additional contractual, organizational and technical measures to protect transferred personal information. 
  • Onward transfers: Robust contracts are in place with vendors and partners (e.g. Amazon Web Services) to ensure that data transfer requirements (and other data privacy obligations) are passed on to our vendors and partners with access to personal information. 


Data Retention

According to Data Privacy Regulations, Symplicity is typically a data processor.  Most of our clients, mainly schools and universities, are the data controller.  As the data controller, schools and universities can enforce their own data retention policies within their licensed Symplicity Applications.  For our Recruit and CareerHub Central applications, Symplicity takes on the role as the data controller relative to our employer partners' personal information.


Data Privacy Impact Assessment (DPIA)

Symplicity has performed a Data Privacy Impact Assessment (DPIA) on all of our applications and networks.  The DPIA is reviewed and updated annually. 



Symplicity has a regional hosting strategy.  That means that your data will be stored in the data zone where the application was licensed.  For example, if you licensed your application in the United States, your data will ONLY be stored in the United States.