The Headteacher in the name of St Ninian's High School as Data controller
The Headteacher, in the name of St Ninian's High School, is a data controller for the purposes of the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018. The contact details for the Data Controller are St Ninian's High School of St Ninian's, Douglas, Isle of Man IM2 5RA.
In addition to the information set out in the Isle of Man Privacy Notice, we may also collect the following information about your child as required by the Education Act 2001 and the Registration of Pupils Regulations 2016:
The Data Protection Officer for the Department of Education, Sport and Culture is: Andrew Shipley, Department of Education, Sport and Culture, Hamilton House, Douglas. IM1 5EZ. Tel 01624 685828. Email: DPO-DESC@gov.im.
St Ninian's High School may use your information to:
St Ninian's High School has a statutory obligation to check and verify the data you provide to us on registration documents and on consent forms. This may include checks of publicly available information but in some cases, where it is necessary and relevant, the information you provide may be disclosed or shared with other organisations.
| App or Service | Details | Consent Required |
|---|---|---|
|
Animoto |
Data Shared: Photographs and location Sharing Basis: Year after child has left Security Protocols: Stored on computers that only selected personnel and contractors have access to via password. Obscured URL system Teacher Access: Yes Server/Data Location: EEA |
Yes |
|
Book creator |
Data Shared: name, email address, a password and the school name Security Protocols: All information collected through Book Creator is stored in Google Cloud. Reasonable steps to protect personal data when it is transferred to Google Cloud, and Google participates in the EU-U.S. Privacy Shield arrangement. This means it safeguards your personal data appropriately. In addition, Google has entered into model contract clauses with Book Creator which offer further safeguards. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: US |
Yes |
|
DESC Attendance |
Data Shared: Name, School, Attendance data if less than 80% Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure access or information sent by email password protected Server/Data Location: EEA Retention Period: As needed while resolving issues |
No |
|
DHSC Dental Survey |
Data Shared: Child’s name, date of birth Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
|
DHSC School / Community Nurses |
Data Shared: Child's name, date of birth, current address, previous address, current school and previous school Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
|
employed.im |
Data Shared: Name, email, password. Information data subject supplies. Sharing Basis: Public interest + official authority of the DC Access Conditions: Supervised and unsupervised Teacher Access: Limited access to enable placements Server/Data Location: IOM Retention Period: For as long as data subjects wish to use the services |
No |
|
ePraise |
Data Shared: Examples include IP addresses, browser versions, operating systems or pages visited. Student names, teacher emails and parental phone numbers. Data that individuals provide in online forms - examples include the contact or sign up forms. Data that individuals provide via other means - a parent emails ePraise to ask a question about logging in, when a student leaves a note for them on social media about a problem or when a teacher calls ePraise to find out how a certain feature works Sharing Basis: Public interest + official authority of the DC Access Conditions: Supervised and unsupervised Teacher Access: Yes Retention Period: On leaving school + 12 months. |
No |
|
Evolve |
Data Shared: Name, contact details, trip information and risk assessments Sharing Basis: Public interest + official authority of the DC Security Protocols: Advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging Server/Data Location: UK Retention Period: Current year + 6 years |
No |
|
|
Data Shared: Photos, names Security Protocols: Password protected, Two-factor authentication. Server/Data Location: Worldwide including the US Retention Period: Current year |
Yes |
|
|
Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed Sharing Basis: Public interest + official authority of the DC Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: No Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas Server/Data Location: Worldwide including the US Retention Period: DOB + 21 years or 3 years since the last log on |
No |
|
Guild |
Data Shared: Name, DOB. School information Retention Period: Public information |
Yes |
|
ItsLearning |
Data Shared: Name, class, school work Sharing Basis: Public interest + official authority of the DC Security Protocols: Username and password Access Conditions: No Teacher Access: Yes Server/Data Location: EEA Retention Period: End of Use + 12 months |
No |
|
Junior Achievement |
Data Shared: Name. class, year group Security Protocols: Hold your information securely to maintain safety of your personal information. Your information whether public or private will never be sold, exchanged, transferred, or given to another company for any reason whatsoever, other than for the purpose of delivering purchased products or vetting of volunteers Retention Period: Until after event |
Yes |
|
Kahoot |
Data Shared: Name, Email address, user name, google analytics identifiers Security Protocols: Reasonable organizational, technical and administrative measures Access Conditions: Supervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months |
Yes |
|
Language link / Speech |
Data Shared: Name, DOB. email & telephone number of school Security Protocols: Encryption, access restriction and physical security Teacher Access: Yes Server/Data Location: EEA Retention Period: While child at school |
No |
|
Lucid - GL Assessment |
Data Shared: Internet protocol (IP) address used to connect your computer to the Internet, login, e-mail address, password, computer and platform. Student information including gender and age. Student information including observations about students’ performance in tests, the environment during tests and any other relevant information, for example, any illness of a student prior to or during the testing. Student information including ethnic and socio-economic information. Security Protocols: The GL Education Group complies fully with the ISO/IEC 270013 (3 ISO/IEC 27001 Certificate Number GB18430) international standard regarding data security management, the highest standard in industry specifically for data security Server/Data Location: UK and EEA Retention Period: DOB + 25 years |
Yes |
|
MyMaths |
Data Shared: Name, email address Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data Access Conditions: Supervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months |
Yes |
|
Quesmedia Sites |
Data Shared: Website activity, website form submissions and user content. Sharing Basis: To provide public website services for our school Security Protocols: Sites are served over HTTPS using TLS to provide both secure server–server and server–client communication. Accounts are protected from brute force attacks with rate limiting and automated account locking. Passwords are one-way encrypted using bcrypt before being stored and are required to satisfy strong password rules to ensure high-entropy. Access Conditions: None Teacher Access: Limited to data provided within the CMS Server/Data Location: United Kingdom (EEA) Retention Period: Please view the more information link for data retention policies. |
No |
|
RIDDOR |
Data Shared: Name, age,gender, school, address, phone number, injury Server/Data Location: IOM Retention Period: DOB +25 years |
No |
|
Scratch |
Data Shared: During account creation, a username, country, birth month and year, gender, and email address (or a parent or guardian's email address if a person is under 16 years old if set up by parents). A username that does not disclose a real name or other information that could identify a pupil Other users can see the username and country, but not a pupil's age, gender, or email address. Access Conditions: Supervised and unsupervised Server/Data Location: US Retention Period: When requested |
Yes |
|
SIMS |
Data Shared: Pupil record Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only. Server/Data Location: EEA Retention Period: DOB + 25 years |
No |
|
Socrative |
Data Shared: First name and Class Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: USA Retention Period: Until Childs Leaves school |
Yes |
|
|
Data Shared: Photos, names, achievements, event details, location, IP address Server/Data Location: Worldwide Retention Period: Public |
Yes |
|
Venture Centre |
Data Shared: Name, age, DOB, gender, address, medical info Server/Data Location: Paper copy Retention Period: Shredded after visit |
Yes |
|
Youtube |
Data Shared: Image or voice, Name Access Conditions: Supervised and unsupervised Server/Data Location: Worldwide |
Yes |
For more specific details about retention periods see the Department’s retention schedule
Information obtained or disclosed by third parties will not be used for any other purpose other than supporting the delivery of teaching and learning.
Failure to provide information may impact on support in school, the quality of teaching and learning and in achievement in examinations.
St Ninian's High School will:
Apps and services that are used in school may require data to be stored on servers outside of the EEA. Information sent to these will be limited and are as detailed above.
You can find out more information including:
You have a right to access your personal data to ensure that it is accurate, and to request that it is rectified, blocked, erased or destroyed if it is inaccurate.
To make any request relating to your data held by us, please contact the Data Protection Officer for the Department of Education, Sport and Culture who is: Andrew Shipley, DPO. Hamilton House, Peel Road. Douglas. IM1 5EZ. Tel 685828. Email DPO-DESC@gov.im
If you are not satisfied with the response you receive, you may also complain to the Information Commissioner, whose details can be found on www.inforights.im, or the relevant supervisory authority. You may have a right to other remedies.