Data Protection Impact Assessment (DPIA)

Hoping someone from SketchUp can help with this as I’ve emailed support but not had a reply back.

We are a MAT Trust responsible for a UK secondary school looking to enable access to SketchUp for Schools using our Microsoft 365 accounts.

As part of our internal approval process, we are required to complete a Data Protection Impact Assessment (DPIA). We would be grateful if you could provide clarification on the following points:

1. What personal data is collected by the product/service?
   (For example: first name, surname, age, address, year group, medical information, etc.)

2. Does the product process any “special category” data?
   (For example: biometric data, health data, racial or ethnic origin.)

3. How is the data stored (including data location and security measures)?

4. What is the data retention period?

5. Who has access to the data (including any sub-processors)?

6. Is any data shared with third parties? If so, please provide details.

7. Are you compliant with applicable data protection legislation (e.g. UK GDPR)?
   If so, could you provide evidence (e.g. privacy policy, data processing agreement, certifications)?

Thank you in advance for your assistance. We look forward to your response.

I imagine most of these (if not all) are documented here

https://help.sketchup.com/en/sketchup-education/legal-statements

The crux of many of these answers is that your agreement is actually with Microsoft - for example these docs actually state that Trimble do not store ANY CPI.