Privacy Notice

BOOST (Dynamic Learning) - Hodder Education

more information

Data Shared: School email address which includes full name of student / staff member

Sharing Basis: MFL - Listening, vocab tests, translations, assessments, ebook on screen.

Security Protocols:
Password protection.
Multiple levels of security allow elevated levels of control for maintenance personnel without compromising security.
Built-in safeguards to prevent “Denial of Service” (DoS) attacks and ID spoofing are provided by load-balancing devices and services which are managed by the Hachette IT team from the UK.
Annual UK CREST and CHECK certified penetration tests to audit the data security and compliance of Hodders systems and processes.

Access Conditions: Supervised in class.
Unsupervised during private study and home study.

Teacher Access: Yes to monitor/analyse and track progress.

Server/Data Location: UK

Retention Period: For the duration of the Subscription Period. Personal data will then be held until Licensee requests that it should be deleted.

DESC Attendance

Data Shared: Name, School, Attendance data if less than 80%

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure access or information sent by email password protected

Server/Data Location: EEA

Retention Period: As needed while resolving issues

DHSC Dental Survey

more information

Data Shared: Child’s name, date of birth

Security Protocols: Information sent password protected with the password sent via an alternative means of communication

Server/Data Location: EEA

Retention Period: Current year

DHSC School / Community Nurses

more information

Data Shared: Child's name, date of birth, current address, previous address, current school and previous school

Security Protocols: Information sent password protected with the password sent via an alternative means of communication

Server/Data Location: EEA

Retention Period: Current year

Doddle

more information

Data Shared: Student name, school year and classes they are enrolled in.

Sharing Basis: To assist in the teaching of MFL.

Security Protocols: Technical and organisational measures are used to safeguard each User’s personal data e.g.by storing personal data on secure servers.

Access Conditions: Unsupervised

Teacher Access: To track the learning progress of students

Server/Data Location: EU

Retention Period: For as long as we need to for the purposes for which it was collected

Dr Frost Maths

more information

Data Shared:
Students: name, email address, and encrypted password (the original of which is not retrievable by any individual, including administrators), year group (where specified), school name (where specified) and usage data, in terms of questions completed and summative accuracy data. No other personal information beyond name and email address are stored.
Teachers: the above data (in addition to their title), classes he/she administers.

Sharing Basis: For the setting and analysis of homework.

Security Protocols: Secure UK servers.
SSL encryption.

Access Conditions: Unsupervised (homework)

Teacher Access: Yes, setting and monitoring of homework.

Server/Data Location: UK

Retention Period: Data automatically deleted for Inactive accounts where the user has not logged in over 2 years.
Can be deleted sooner by teacher if needed.

employed.im

more information

Data Shared: Name, email, password. Information data subject supplies.

Sharing Basis: Public interest + official authority of the DC

Access Conditions: Supervised and unsupervised

Teacher Access: Limited access to enable placements

Server/Data Location: IOM

Retention Period: For as long as data subjects wish to use the services

Evolve

more information

Data Shared: Name, contact details, trip information and risk assessments

Sharing Basis: Public interest + official authority of the DC

Security Protocols:
Advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging

Server/Data Location: UK

Retention Period: Current year + 6 years

Facebook

more information

Data Shared: Photos, names

Security Protocols: Password protected,  Two-factor authentication.

Server/Data Location: Worldwide including the US

Retention Period: Current year

GL Education Group

more information

Data Shared:
Student personal data, processed under instructions from school, including name, age, gender, unique pupil number, assessment results, observations about students’ performance in tests, the environment during tests and any other relevant information, for example, any illness of a student prior to testing, ethnic and socio-economic information enabling schools to understand particular needs and focus among specific ethnic or socio-economic groups.

Sharing Basis:
For the screening of dyslexia and dyscalculia to highlight and support students with dyslexic tendencies (Lucid), and literacy testing to monitor and maintain reading levels to ensure students can access the curriculum - New Group Reading Test (NGRT). These assessments and data are vital to support teachers seeking to demonstrate progress, close the attainment gap and ensure every student is maximizing their potential.

Security Protocols:
Access is only possible using an account login and password and all access attempted is logged in real time. The platforms’ infrastructure is protected by multiple firewalls that can only be accessed from the GL Education Group’s Technical Development office using a secure login and password made available only to the network administrator and a very small technical team.

Access to each customer account is only possible using the administrator password that is set by the school administrator. A test taker accessing the testing platforms will only be able to take any outstanding tests set for him or her. It is not possible for test takers to view their own test scores or the data and scores of any other test takers. Test taker access codes are created by the system and will be unique to each test taker. No member of the GL Education Group staff can routinely log into an organisation’s or test taker’s account on our platforms.

Access Conditions: Supervised

Teacher Access: Senior staff can directly access the website/data with the calculated results issued to teachers to assist in planning of lessons and educational interventions.

Server/Data Location: Within the United Kingdom or the European Economic Area.

Retention Period:
Data will be accessible for the duration of the current academic year, or the past six months, whichever is longest, at which stage all data is archived from live access.

Archived data will be deleted at regular intervals (typically 24 months) so it will only be held for the minimum time.

Google

Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: No

Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas

Server/Data Location: Worldwide including the US

Retention Period: DOB + 21 years or 3 years since the last log on

Integral

more information

Sharing Basis: Used for KS4 and KS5 mathematics.

ItsLearning

Data Shared: Name, class, school work

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Username and password

Access Conditions: No

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: End of Use + 12 months

Kahoot

Data Shared: Name, or nickname

Sharing Basis: To allow interactive and engaging assessment of learning in a quiz format

Security Protocols: Reasonable organizational, technical and administrative measures

Access Conditions: Supervised

Teacher Access: Yes - e.g. for quick formal assessment of topics etc

Server/Data Location: Worldwide

Retention Period: End of use + 12 months

Microsoft Teams

Data Shared:
Census data: AppName, DeviceModel, OSName, OSVersion, UserLanguage, UserID, DeviceID. Census data DOES NOT contain any information that identifies your organisation or users.

Usage data: includes information such as number of calls made, number of IMs sent or received, number of meetings joined, frequency of features used and stability issues. Usage data DOES NOT contain any information that identifies users.

Anyone in a team can see all members of a team, including guests

Sharing Basis: Public interest to assist with remote education during period of school closures.

Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption.

Access Conditions: Supervised and unsupervised.

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: August after pupil leaves school

MyMaths

more information

Data Shared: Name, email address

Sharing Basis: Maths learning activities and homework online

Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data

Access Conditions: Unsupervised

Teacher Access: Yes

Server/Data Location: Worldwide

Retention Period: End of use + 12 months

ParentPay

Data Shared:
ParentPay obtain (either from the Customer and/or from you directly) and process the following information:

Data Subject (Who) Data Category (What) Description
Pupil Student Forename This is the forename of the pupil.
Pupil Student Surname This is the surname of the pupil.
Pupil Student Known as This is the name that the pupil is known as.
Pupil Student DOB This is the date of birth of the pupil.
Pupil Student Gender This is the pupil’s gender
Pupil Student Groups Registration group (if any), year, other groups
Pupil Student Salutation This is the pupil’s salutation.
Pupil Student Dietary Requirements This is the pupils special dietary requirements
Pupil Student Postal Address The student’s postal address
Pupil Student Identifiers Roll/Admission number, UPN, management system identifier
Pupil Student Meal Selections and spend history This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items, including free school meals
Pupil Student Trip information Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport
Parents Contacts Title This is the contact’s title (Mr, Mrs, Ms, etc).
Parents Contacts Forename This is the contact’s forename.
Parents Contacts Surname This is the contact’s surname.
Parents Contacts Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Parents Contacts Gender The contact’s gender (Salutation)
Parents Contacts House Name The text entered as the contact’s house name.
Parents Contacts Street The text entered as the contact’s street.
Parents Contacts Locality The text entered as the contact’s locality.
Parents Contacts Town The text entered as the contact’s town.
Parents Contacts Postcode The text entered as the contact’s post code.
Parents Contacts Day Telephone The contact’s daytime telephone number.
Parents Contacts Home Telephone The contact’s home telephone number.
Parents Contacts Mobile Telephone This is the contact’s mobile telephone number used to receive alerts from Parentpay and for school communications
Parents Contacts Email This is the contact’s E-mail address used to receive communications from Parentpay and for school communications.
Parents Contacts Payment History and balances This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.
Parents Contacts Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Parents Contacts Other This is the contact’s alternative communication method.
Parents Contacts In-app messages Messages sent from parents to school within the ParentPay application
Parents Contacts Trouble ticket data When users submit trouble ticket information, this gets stored.
Parents Contacts Shop information ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).
Parents Contacts Browser Details IP address, cookies, browser information
Parents Contacts Scottish UPRN For users in Scotland who sign up via MyGovScot
School Staff Title This is the staff member’s title (Mr, Mrs, Ms, etc.).
School Staff Forename This is the staff member’s forename.
School Staff Surname This is the staff member’s surname.
School Staff Gender The staff member’s gender
Website Access IP Address The network address of your device or internet connection
Website Access Browser Type and Version The type of Web Browser your device is using
Website Access Cookies Special records in your browser to help the website operate
Website Access Web Analytics Generalised information about browsing behaviour and page statistics

Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest'

Security Protocols:
ParentPay use your personal information, and some of their employees have access to such information, only to the extent required to carry out the services for you and on behalf of the Customer.

ParentPay have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.

ParentPay are a Level 1 PCI-DSS certified organisation and are subject to regular and comprehensive security audits. They operate an ISO27001 compliant security programme to help protect your data at all times.

The PPL Products and Services only processes your personal information in the UK.

Some of ParentPay's supporting services (for example ZenDesk), might use cloud platforms that operate from Third Countries outside of the EEA. Where this is the case, they ensure that adequate safeguards are established to protect your data.

Server/Data Location: UK

Retention Period:
ParentPay will only retain information for as long as is necessary to deliver the service safely and securely. They may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.

Pupil data will typically be removed or anonymised when the following rules are met:

The pupil has been archived by the School.
The pupil does not have any meal consumption or attendance data within the last 13 months.
The pupil has not received a payment for any payment item within the last 13 months.
The pupil balance is zero.
Payer (Parent) data will usually be removed or anonymised when the following rules are met:

They have not logged in for 13 months.
They have not topped up or spent within the last 13 months.
Parent balance is 0 (zero), and all pupil balances are 0 (zero).
There are no active pupils associated with the account
Manager Accounts that have been disabled and have not logged in for 13 months, will be removed or anonymised. Other school staff accounts are subject to the same rules as pupils (above)

Message attachments will be removed after 24 months.

File area uploads will be purged after 24 months.

Personal information in trip records will be removed 1 month after trip completion

It should be noted that Schools will still retain a complete finance audit trail for their statutory requirements. In unusual cases where specific personal information needs to be retained, then this can be facilitated upon request.

Passport Maths

Data Shared: No personal student data entered into Passport Maths.
Identification of individual is managed via pseudonym-based log-in code.

Sharing Basis: To provide additional online support resources for target numeracy groups in KS3.
Learning tool to support students with significant numeracy issues. Equality & diversity/inclusion compliance.

Access Conditions: Unsupervised

Teacher Access: Access to login codes is restricted to BHS Maths Teachers.
Needed as part of marking and oversight of student scores (using login codes table to identify student results).

Retention Period: Likely to be the end of the academic year but will be reviewed over the course of the year .

Quesmedia Sites

more information

Data Shared: Website activity, website form submissions and user content.

Sharing Basis: To provide public website services for our school

Security Protocols:
Sites are served over HTTPS using TLS to provide both secure server–server and server–client communication. Accounts are protected from brute force attacks with rate limiting and automated account locking. Passwords are one-way encrypted using bcrypt before being stored and are required to satisfy strong password rules to ensure high-entropy.

Access Conditions: None

Teacher Access: Limited to data provided within the CMS

Server/Data Location: United Kingdom (EEA)

Retention Period: Please view the more information link for data retention policies.

Quizizz

more information

Data Shared: Optional, Quizizz integrates with Google Classroom to share student names and email addresses.

Sharing Basis: AFL

Access Conditions: Supervised and unsupervised

Teacher Access: Yes, for AFL

Server/Data Location: USA, however Quizizz does comply with GDPR for EU users

Retention Period: Quiz and student data can be deleted by the teacher at any time

RIDDOR

more information

Data Shared: Name, age,gender, school, address, phone number, injury

Server/Data Location: IOM

Retention Period: DOB +25 years

SIMS

Data Shared: Pupil record

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only.

Server/Data Location: EEA

Retention Period: DOB + 25 years

Socrative

Data Shared: Name

Sharing Basis: Online assessment tool

Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology.

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: USA

Retention Period: Until child leaves school

Speech Link Multimedia Ltd [speechandlanguage.info]

more information

Data Shared: Forename and Surname
Date of birth
SEN status
EAL
Gender
School year
Form group

Sharing Basis: Needed for the identification of students where speech and language intervention is required.

Security Protocols:
All data sent between a web browser and our server is encrypted in transit
All personally identifiable data is encrypted at rest in the database
Web servers reside in highly secure ISO27001 certified data centres
Staff have an up to date enhanced DBS check
Physical security in place at our offices including CCTV and security patrols
Protocols in place to ensure data is handled in an appropriate manner
All staff sign a non‐disclosure agreement relating to their employment and are subject to a duty of confidence.

Access Conditions: Supervised

Teacher Access: Yes, to analyse results and run interventions

Server/Data Location: UK

Retention Period: Until the August after the student leaves school.

Transition between primary and secondary school

Data Shared: Transition activities / work done in transition lessons / pupil record

Sharing Basis: In the public interest and official authority of the data controller.

Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: United Kingdom (EEA)

Retention Period: DOB + 21 years or 3 years since the last log on

Twitter

more information

Data Shared: Photos, names, achievements, event details, location, IP address

Server/Data Location: Worldwide

Retention Period: Public

Unifrog

Data Shared: Name, email address, gender and postcode, academic performance information, personal statement / CV

Sharing Basis: In the public interest and official authority of the data controller.

Security Protocols: Secure servers – technical and organisational measures. Password protection.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: Servers in EEA

Retention Period: 4 years after the platform is no longer accessed.

Youtube

more information

Data Shared: Image or voice, Name

Access Conditions: Supervised and unsupervised

Server/Data Location: Worldwide

Zoom

more information

Data Shared:
Your name, username and email address, or phone number, Cloud recordings, chat / instant messages, files, whiteboards, and other information shared while using the service, voice mails, IP address, MAC address, other device ID (UDID), device type, operating system type and version, client version, type of camera, microphone or speakers, connection type, etc. location, Duration of the meeting / Zoom Phone call, Email address, name, or other information that a participant enters to identify themselves in the meeting, Join and leave time of participants, Name of the meeting, Date / time that meeting was scheduled, Chat status (unless a setting is actively chosen by user), Call data records for Zoom Phone

Sharing Basis: Consent

Security Protocols:
Password protection, encryption – not end-to-end, only participants to meetings to be sent links, updates to be installed. Please note there are currently serious issues and no sensitive information should be shared on this platform. Privacy Shield applies.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: Data routed through servers in China. USA

Retention Period: Individual accounts when deleted