Privacy Notice

Animoto

more information

Data Shared: Photographs and location

Sharing Basis: Year after child has left

Security Protocols: Stored on computers that only selected personnel and contractors have access to via password. Obscured URL system

Teacher Access: Yes

Server/Data Location: EEA

Book creator

more information

Data Shared: name, email address, a password and the school name

Security Protocols:
All information collected through Book Creator is stored in Google Cloud.  Reasonable steps to protect personal data when it is transferred to Google Cloud, and Google participates in the EU-U.S. Privacy Shield arrangement. This means it safeguards your personal data appropriately. In addition, Google has entered into model contract clauses with Book Creator which offer further safeguards.

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: US

DESC Attendance

Data Shared: Name, School, Attendance data if less than 80%

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure access or information sent by email password protected

Server/Data Location: EEA

Retention Period: As needed while resolving issues

DHSC Dental Survey

more information

Data Shared: Child’s name, date of birth

Security Protocols: Information sent password protected with the password sent via an alternative means of communication

Server/Data Location: EEA

Retention Period: Current year

DHSC School / Community Nurses

more information

Data Shared: Child's name, date of birth, current address, previous address, current school and previous school

Security Protocols: Information sent password protected with the password sent via an alternative means of communication

Server/Data Location: EEA

Retention Period: Current year

employed.im

more information

Data Shared: Name, email, password. Information data subject supplies.

Sharing Basis: Public interest + official authority of the DC

Access Conditions: Supervised and unsupervised

Teacher Access: Limited access to enable placements

Server/Data Location: IOM

Retention Period: For as long as data subjects wish to use the services

ePraise

more information

Data Shared:
Examples include IP addresses, browser versions, operating systems or pages visited. Student names, teacher emails and parental phone numbers. Data that individuals provide in online forms - examples include the contact or sign up forms. Data that individuals provide via other means - a parent emails ePraise to ask a question about logging in, when a student leaves a note for them on social media about a problem or when a teacher calls ePraise to find out how a certain feature works

Sharing Basis: Public interest + official authority of the DC

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Retention Period: On leaving school + 12 months.

Evolve

more information

Data Shared: Name, contact details, trip information and risk assessments

Sharing Basis: Public interest + official authority of the DC

Security Protocols:
Advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging

Server/Data Location: UK

Retention Period: Current year + 6 years

Facebook

more information

Data Shared: Photos, names

Security Protocols: Password protected,  Two-factor authentication.

Server/Data Location: Worldwide including the US

Retention Period: Current year

Google

Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: No

Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas

Server/Data Location: Worldwide including the US

Retention Period: DOB + 21 years or 3 years since the last log on

Guild

Data Shared: Name, DOB. School information

Retention Period: Public information

ItsLearning

Data Shared: Name, class, school work

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Username and password

Access Conditions: No

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: End of Use + 12 months

Junior Achievement

more information

Data Shared: Name. class, year group

Security Protocols:
Hold your information securely to maintain safety of your personal information. Your information whether public or private will never be sold, exchanged, transferred, or given to another company for any reason whatsoever, other than for the purpose of delivering purchased products or vetting of volunteers

Retention Period: Until after event

Kahoot

Data Shared: Name, Email address, user name, google analytics identifiers

Security Protocols: Reasonable organizational, technical and administrative measures

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: Worldwide

Retention Period: End of use + 12 months

Language link / Speech

more information

Data Shared: Name, DOB. email & telephone number of school

Security Protocols: Encryption, access restriction and physical security

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: 3 years

Lucid - GL Assessment

more information

Data Shared:
Internet protocol (IP) address used to connect your computer to the Internet, login, e-mail address, password, computer and platform. Student information including gender and age. Student information including observations about students’ performance in tests, the
environment during tests and any other relevant information, for example, any illness
of a student prior to or during the testing. Student information including ethnic and socio-economic information.

Security Protocols: The GL Education Group complies fully with the ISO/IEC 270013 (3
ISO/IEC 27001 Certificate Number GB18430)
international standard
regarding data security management, the highest standard in industry specifically for data
security

Server/Data Location: UK and EEA

Retention Period: DOB + 25 years

MyMaths

more information

Data Shared: Name, email address

Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: Worldwide

Retention Period: End of use + 12 months

ParentPay

Data Shared:
ParentPay obtain (either from the Customer and/or from you directly) and process the following information:

Data Subject (Who) Data Category (What) Description
Pupil \ Student Forename This is the forename of the pupil.
Pupil \ Student Surname This is the surname of the pupil.
Pupil \ Student Known as This is the name that the pupil is known as.
Pupil \ Student DOB This is the date of birth of the pupil.
Pupil \ Student Gender This is the pupil’s gender
Pupil \ Student Groups Registration group (if any), year, other groups
Pupil \ Student Salutation This is the pupil’s salutation.
Pupil \ Student Dietary Requirements This is the pupils special dietary requirements
Pupil \ Student Postal Address The student’s postal address
Pupil \ Student Identifiers Roll/Admission number, UPN, management system identifier
Pupil \ Student Meal Selections and spend history This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items, including free school meals
Pupil \ Student Trip information Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport
Parents \ Contacts Title This is the contact’s title (Mr, Mrs, Ms, etc).
Parents \ Contacts Forename This is the contact’s forename.
Parents \ Contacts Surname This is the contact’s surname.
Parents \ Contacts Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Parents \ Contacts Gender The contact’s gender (Salutation)
Parents \ Contacts House Name The text entered as the contact’s house name.
Parents \ Contacts Street The text entered as the contact’s street.
Parents \ Contacts Locality The text entered as the contact’s locality.
Parents \ Contacts Town The text entered as the contact’s town.
Parents \ Contacts Postcode The text entered as the contact’s post code.
Parents \ Contacts Day Telephone The contact’s daytime telephone number.
Parents \ Contacts Home Telephone The contact’s home telephone number.
Parents \ Contacts Mobile Telephone This is the contact’s mobile telephone number used to receive alerts from Parentpay and for school communications
Parents \ Contacts Email This is the contact’s E-mail address used to receive communications from Parentpay and for school communications.
Parents \ Contacts Payment History and balances This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.
Parents \ Contacts Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Parents \ Contacts Other This is the contact’s alternative communication method.
Parents \ Contacts In-app messages Messages sent from parents to school within the ParentPay application
Parents \ Contacts Trouble ticket data When users submit trouble ticket information, this gets stored.
Parents \ Contacts Shop information ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).
Parents \ Contacts Browser Details IP address, cookies, browser information
Parents \ Contacts Scottish UPRN For users in Scotland who sign up via MyGovScot
School Staff Title This is the staff member’s title (Mr, Mrs, Ms, etc.).
School Staff Forename This is the staff member’s forename.
School Staff Surname This is the staff member’s surname.
School Staff Gender The staff member’s gender
Website Access IP Address The network address of your device or internet connection
Website Access Browser Type and Version The type of Web Browser your device is using
Website Access Cookies Special records in your browser to help the website operate
Website Access Web Analytics Generalised information about browsing behaviour and page statistics

Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest'

Security Protocols:
ParentPay use your personal information, and some of their employees have access to such information, only to the extent required to carry out the services for you and on behalf of the Customer.

ParentPay have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.

ParentPay are a Level 1 PCI-DSS certified organisation and are subject to regular and comprehensive security audits. They operate an ISO27001 compliant security programme to help protect your data at all times.

The PPL Products and Services only processes your personal information in the UK.

Some of ParentPay's supporting services (for example ZenDesk), might use cloud platforms that operate from Third Countries outside of the EEA. Where this is the case, they ensure that adequate safeguards are established to protect your data.

Server/Data Location: UK

Retention Period:
ParentPay will only retain information for as long as is necessary to deliver the service safely and securely. They may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.

Pupil data will typically be removed or anonymised when the following rules are met:

The pupil has been archived by the School.
The pupil does not have any meal consumption or attendance data within the last 13 months.
The pupil has not received a payment for any payment item within the last 13 months.
The pupil balance is zero.
Payer (Parent) data will usually be removed or anonymised when the following rules are met:

They have not logged in for 13 months.
They have not topped up or spent within the last 13 months.
Parent balance is 0 (zero), and all pupil balances are 0 (zero).
There are no active pupils associated with the account
Manager Accounts that have been disabled and have not logged in for 13 months, will be removed or anonymised. Other school staff accounts are subject to the same rules as pupils (above)

Message attachments will be removed after 24 months.

File area uploads will be purged after 24 months.

Personal information in trip records will be removed 1 month after trip completion

It should be noted that Schools will still retain a complete finance audit trail for their statutory requirements. In unusual cases where specific personal information needs to be retained, then this can be facilitated upon request.

Quesmedia Sites

more information

Data Shared: Website activity, website form submissions and user content.

Sharing Basis: To provide public website services for our school

Security Protocols:
Sites are served over HTTPS using TLS to provide both secure server–server and server–client communication. Accounts are protected from brute force attacks with rate limiting and automated account locking. Passwords are one-way encrypted using bcrypt before being stored and are required to satisfy strong password rules to ensure high-entropy.

Access Conditions: None

Teacher Access: Limited to data provided within the CMS

Server/Data Location: United Kingdom (EEA)

Retention Period: Please view the more information link for data retention policies.

RIDDOR

more information

Data Shared: Name, age,gender, school, address, phone number, injury

Server/Data Location: IOM

Retention Period: DOB +25 years

Scratch

more information

Data Shared:
During account creation, a username, country, birth month and year, gender, and email address (or a parent or guardian's email address if a person is under 16 years old if set up by parents). A username that does not disclose a real name or other information that could identify a pupil Other users can see the username and country, but not a pupil's age, gender, or email address.

Access Conditions: Supervised and unsupervised

Server/Data Location: US

Retention Period: When requested

SIMS

Data Shared: Pupil record

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only.

Server/Data Location: EEA

Retention Period: DOB + 25 years

Socrative

Data Shared: First name and Class

Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology.

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: USA

Retention Period: Until Childs Leaves school

Twitter

more information

Data Shared: Photos, names, achievements, event details, location, IP address

Server/Data Location: Worldwide

Retention Period: Public

Venture Centre

more information

Data Shared: Name, age, DOB, gender, address, medical info

Server/Data Location: Paper copy

Retention Period: Shredded after visit

Youtube

more information

Data Shared: Image or voice, Name

Access Conditions: Supervised and unsupervised

Server/Data Location: Worldwide