The formal basis under UK GDPR Article 28 on which The Arena Hub Ltd processes data on behalf of subscribing practitioners and settings.
Plain English: You — the practitioner or setting — are the Data Controller. We are the Data Processor. Your students' data never leaves your Google Workspace. We provide the software engine; you hold the keys. This agreement makes that relationship legally explicit under UK GDPR.
The subscribing practitioner, AP setting, or academy.
You determine the purposes and means of processing student personal data. You bear full legal responsibility as Data Controller under UK GDPR and the Data Protection Act 2018.
The Arena Hub Ltd
Company No. CH#1708605
Registered in England & Wales
D-U-N-S: 234652645
Tel: 01618702916
Email: compliance@thearenahub.co.uk
This DPA takes effect upon completing the Arena Lite subscription checkout or executing a written agreement with The Arena Hub Ltd.
Subject matter: Provision of Arena Lite — a cloud-based evidence management platform enabling practitioners in Alternative Provision and SEMH settings to capture, organise, and report on student evidence within a forensically structured, UK GDPR-compliant architecture.
Nature of processing: Storage, retrieval, and automated cross-referencing of student educational evidence within your own Google Workspace environment. All student Personally Identifiable Information (PII) is processed and stored exclusively within your Google Workspace tenant. The Arena Hub Ltd's Cloud Run infrastructure (GCP europe-west2, United Kingdom — London) processes only anonymised licence validation handshakes and operational telemetry; no student PII transits or resides on Arena Hub servers during normal operation.
Duration: This DPA remains in force for the duration of your active Arena Lite subscription. Processor obligations on data destruction take effect upon termination as set out in Clause 10.
Personal data is processed for the following educational purposes only:
Students (children and young people) enrolled at the subscribing setting. Secondary data subjects: teaching and support staff whose identity is recorded in practitioner attribution fields.
Student name, Unique Pupil Number, date of birth, year group, cohort, enrolment dates. Staff name, school email, job role, and practitioner attribution within evidence records.
Lawful basis — Standard data: Article 6(1)(e) — public task. Grounded in the Education Act 1996, Children and Families Act 2014, SEND Code of Practice 2015, and DfE Alternative Provision statutory guidance.
Lawful basis — Special category data: Article 9(2)(g) — substantial public interest. DPA 2018 Schedule 1, Part 2 (health or social care) and Part 1, para. 18 (safeguarding children).
The Processor shall process personal data only on the Controller's documented instructions. This DPA and the platform's technical architecture (Sovereign Hybrid v7.0.0) constitute those instructions. Where the Processor considers an instruction to infringe UK GDPR, it shall immediately inform the Controller.
All persons authorised to process personal data under this DPA are bound by confidentiality obligations. Access to Controller data is restricted to personnel with a specific operational requirement, subject to role-based access controls.
The Processor shall implement appropriate technical and organisational measures in accordance with UK GDPR Article 32 (see Clause 8).
By accepting this DPA, the Controller grants general authorisation to engage the sub-processors listed in Clause 7. The Processor shall notify the Controller of any intended changes to the sub-processor schedule no less than 30 days before the change takes effect, giving the Controller the opportunity to object.
The Processor shall assist the Controller in fulfilling data subject rights requests (access, rectification, erasure, portability, restriction, objection). Because all student data resides in the Controller's own Google Workspace, the Controller can action the majority of Subject Access Requests directly. Where technical assistance is required, the Processor shall respond within 48 hours of written request.
The Processor shall make available all information necessary to demonstrate compliance with this DPA. Written responses to compliance questionnaires will be provided within 10 working days. A completed DPIA (ARENA-DPIA-2026-001, v1.1, approved 2 May 2026) is available upon request from compliance@thearenahub.co.uk.
Arena Lite includes AI-assisted components. The following applies to all automated processing:
Evidence Multiplier: Cross-references submitted evidence against adjacent taxonomy criteria. Suggestions include a confidence score and require explicit practitioner approval before being committed to the student's formal record. No AI suggestion enters the statutory record without authenticated human review.
No automated decision-making: No decision producing legal or similarly significant effects on a student is made solely by automated means. The platform is a Decision-Support Infrastructure. The practitioner is the Decision Authority. This is constitutionally enforced under Article VI of the Sovereign Educational Infrastructure Constitution.
| Sub-Processor | Purpose | Data | Transfer Basis |
|---|---|---|---|
| Google LLC Google Workspace |
All student data is stored exclusively in the Controller's own GWS tenant. Google hosts under the Controller's GWS terms. | All student PII (Controller-held). Arena Hub holds no copies. | UK–US Data Privacy Framework |
| Google LLC GCP europe-west2 (London) |
Anonymised telemetry and HMAC-authenticated licence validation. No student PII transits this layer. | Anonymised event logs + practitioner email + licence key only. | UK–US Data Privacy Framework. UK data residency. |
| Twilio Inc. | DSL two-factor authentication (SMS) only. Used solely to verify DSL identity when accessing the Welfare Silo. | DSL mobile number only. Not linked to student data. | UK Standard Contractual Clauses |
| Google Gemini AI | NODE insights: AI-assisted welfare pattern detection for DSL advisory flagging. Stateless — no student data is used for AI training. | Anonymised signal summaries only. No student names or UPNs included. | Google Cloud API Terms. europe-west2 (London). |
All student PII stored exclusively in the Controller's GWS tenant. Arena Hub holds zero copies at rest.
GWS-native permissions govern all access. Managed by the Controller's GWS administrator.
Safeguarding data in a GWS subfolder with inheritance revoked. DSL-exclusive access only. Arena Hub has no access to this silo.
Every edit captured with WHO / WHAT / WHEN / WHERE. Cannot be altered or deleted by any user.
The only data crossing the GWS boundary is a cryptographically signed licence handshake. Contains no student PII.
Welfare Silo access requires GWS OAuth + Twilio SMS 2FA. A compromised GWS credential alone cannot access safeguarding records.
Constitutionally prohibits automated emotional state classification, neurological profiling, and automated risk scoring without human review.
All Gemini AI calls are stateless. No student data retained between calls. No student data used for model training.
The Processor shall:
Zero persistent access: As of version 1.2, the Processor Director holds no persistent editor access to the Controller’s Arena Lite spreadsheet. Access is granted only at the explicit, real-time request of the Controller for a defined support window, and is automatically revoked on expiry.
Arena Lite operates on a Shell-owns-Drive architecture. The Arena Lite Portal Shell — which executes as the accessing user (the Controller) — creates the Arena Lite spreadsheet within the Controller’s Google Workspace during activation. No editor access is granted to the Processor Director during this process. The Arena Engine Library runs as the accessing user for all normal platform operations.
User-initiated temporary support access: If the Controller encounters a technical issue and wishes to grant the Processor Director (j.baguley@thearenahub.co.uk) access for debugging purposes, they may do so via the “Grant Support Access” function in the Arena Lite Portal Dashboard. This mechanism:
SUPPORT_ACCESS_LOG tab within the Controller’s own Arena Lite spreadsheet, recording timestamp, granted account, duration, and action type;Protected ranges: Certain sheet ranges (including the STUDENT_AUDIT_LOG and SUPPORT_ACCESS_LOG tabs) are protected from manual editing via GAS sheet protection. These protections are enforced by the Google Apps Script execution model; no human has manual write access to these protected ranges.
Because all student data resides in your own Google Workspace, you retain unconditional physical control at all times. Upon termination:
The Controller's statutory retention obligations remain in force independently of this DPA: safeguarding records (25 years), student performance records (6 years), audit logs (7 years).
All primary student data processing occurs within the United Kingdom. Arena Hub Ltd's GCP infrastructure operates exclusively in the europe-west2 (London) region. No student PII is transferred outside the UK during normal operation. Sub-processor transfers under US law are governed by the UK–US Data Privacy Framework and UK Standard Contractual Clauses (see Clause 7).
This DPA is governed by the laws of England and Wales. Any dispute shall be subject to the exclusive jurisdiction of the courts of England and Wales. This DPA forms part of the Arena Lite subscription agreement and prevails over the subscription terms in respect of personal data processing where any conflict arises.
For all DPA queries, DPIA requests, audit enquiries, or to exercise Controller rights:
The Arena Hub Ltd · CH#1708605 · Registered in England & Wales
Email: compliance@thearenahub.co.uk
Tel: 01618702916
Response: all DPO queries acknowledged within 48 hours; documentation requests fulfilled within 5 working days.