The Headteacher in the name of Ballakermeen High School as Data controller
The Headteacher, in the name of Ballakermeen High School, is a data controller for the purposes of the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018. The contact details for the Data Controller are Ballakermeen High School of St Catherine's Drive, Douglas, Isle Of Man IM1 4BE.
In addition to the information set out in the Isle of Man Privacy Notice, we may also collect the following information about your child as required by the Education Act 2001 and the Registration of Pupils Regulations 2016:
The Data Protection Officer for the Department of Education, Sport and Culture is: Andrew Shipley, Department of Education, Sport and Culture, Hamilton House, Douglas. IM1 5EZ. Tel 01624 685828. Email: DPO-DESC@gov.im.
Ballakermeen High School may use your information to:
Ballakermeen High School has a statutory obligation to check and verify the data you provide to us on registration documents and on consent forms. This may include checks of publicly available information but in some cases, where it is necessary and relevant, the information you provide may be disclosed or shared with other organisations.
App or Service | Details | Consent Required |
---|---|---|
DESC Attendance |
Data Shared: Name, School, Attendance data if less than 80% Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure access or information sent by email password protected Server/Data Location: EEA Retention Period: As needed while resolving issues |
No |
DHSC Dental Survey |
Data Shared: Child’s name, date of birth Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
DHSC School / Community Nurses |
Data Shared: Child's name, date of birth, current address, previous address, current school and previous school Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
Doddle |
Data Shared: Student name, school year and classes they are enrolled in. Sharing Basis: To assist in the teaching of MFL. Security Protocols: Technical and organisational measures are used to safeguard each User’s personal data e.g.by storing personal data on secure servers. Access Conditions: Unsupervised Teacher Access: To track the learning progress of students Server/Data Location: EU Retention Period: For as long as we need to for the purposes for which it was collected |
No |
Dr Frost Maths |
Data Shared: Sharing Basis: For the setting and analysis of homework. Security Protocols: Secure UK servers. Access Conditions: Unsupervised (homework) Teacher Access: Yes, setting and monitoring of homework. Server/Data Location: UK Retention Period: Data automatically deleted for Inactive accounts where the user has not logged in over 2 years. |
No |
employed.im |
Data Shared: Name, email, password. Information data subject supplies. Sharing Basis: Public interest + official authority of the DC Access Conditions: Supervised and unsupervised Teacher Access: Limited access to enable placements Server/Data Location: IOM Retention Period: For as long as data subjects wish to use the services |
No |
Evolve |
Data Shared: Name, contact details, trip information and risk assessments Sharing Basis: Public interest + official authority of the DC Security Protocols: Server/Data Location: UK Retention Period: Current year + 6 years |
No |
|
Data Shared: Photos, names Security Protocols: Password protected, Two-factor authentication. Server/Data Location: Worldwide including the US Retention Period: Current year |
Yes |
|
Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed Sharing Basis: Public interest + official authority of the DC Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: No Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas Server/Data Location: Worldwide including the US Retention Period: DOB + 21 years or 3 years since the last log on |
Yes |
Integral |
Sharing Basis: Used for KS4 and KS5 mathematics. |
No |
ItsLearning |
Data Shared: Name, class, school work Sharing Basis: Public interest + official authority of the DC Security Protocols: Username and password Access Conditions: No Teacher Access: Yes Server/Data Location: EEA Retention Period: End of Use + 12 months |
No |
Kahoot |
Data Shared: Name, or nickname Sharing Basis: To allow interactive and engaging assessment of learning in a quiz format Security Protocols: Reasonable organizational, technical and administrative measures Access Conditions: Supervised Teacher Access: Yes - e.g. for quick formal assessment of topics etc Server/Data Location: Worldwide Retention Period: End of use + 12 months |
No |
Microsoft Teams |
Data Shared: Sharing Basis: Public interest to assist with remote education during period of school closures. Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption. Access Conditions: Supervised and unsupervised. Teacher Access: Yes Server/Data Location: EEA Retention Period: August after pupil leaves school |
No |
MyMaths |
Data Shared: Name, email address Sharing Basis: Maths learning activities and homework online Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data Access Conditions: Unsupervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months |
No |
ParentPay |
Data Shared: Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest' Security Protocols: Server/Data Location: UK Retention Period: |
Yes |
Passport Maths |
Data Shared: No personal student data entered into Passport Maths. Sharing Basis: To provide additional online support resources for target numeracy groups in KS3. Access Conditions: Unsupervised Teacher Access: Access to login codes is restricted to BHS Maths Teachers. Retention Period: Likely to be the end of the academic year but will be reviewed over the course of the year . |
No |
Quesmedia Sites |
Data Shared: Website activity, website form submissions and user content. Sharing Basis: To provide public website services for our school Security Protocols: Access Conditions: None Teacher Access: Limited to data provided within the CMS Server/Data Location: United Kingdom (EEA) Retention Period: Please view the more information link for data retention policies. |
No |
Quizizz |
Data Shared: Optional, Quizizz integrates with Google Classroom to share student names and email addresses. Sharing Basis: AFL Access Conditions: Supervised and unsupervised Teacher Access: Yes, for AFL Server/Data Location: USA, however Quizizz does comply with GDPR for EU users Retention Period: Quiz and student data can be deleted by the teacher at any time |
No |
RIDDOR |
Data Shared: Name, age,gender, school, address, phone number, injury Server/Data Location: IOM Retention Period: DOB +25 years |
No |
SIMS |
Data Shared: Pupil record Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only. Server/Data Location: EEA Retention Period: DOB + 25 years |
No |
Socrative |
Data Shared: Name Sharing Basis: Online assessment tool Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: USA Retention Period: Until child leaves school |
No |
Speech Link Multimedia Ltd [speechandlanguage.info] |
Data Shared: Forename and Surname Sharing Basis: Needed for the identification of students where speech and language intervention is required. Security Protocols: Access Conditions: Supervised Teacher Access: Yes, to analyse results and run interventions Server/Data Location: UK Retention Period: Until the August after the student leaves school. |
Yes |
Transition between primary and secondary school |
Data Shared: Transition activities / work done in transition lessons / pupil record Sharing Basis: In the public interest and official authority of the data controller. Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: United Kingdom (EEA) Retention Period: DOB + 21 years or 3 years since the last log on |
No |
|
Data Shared: Photos, names, achievements, event details, location, IP address Server/Data Location: Worldwide Retention Period: Public |
Yes |
Unifrog |
Data Shared: Name, email address, gender and postcode, academic performance information, personal statement / CV Sharing Basis: In the public interest and official authority of the data controller. Security Protocols: Secure servers – technical and organisational measures. Password protection. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Servers in EEA Retention Period: 4 years after the platform is no longer accessed. |
No |
Youtube |
Data Shared: Image or voice, Name Access Conditions: Supervised and unsupervised Server/Data Location: Worldwide |
Yes |
Zoom |
Data Shared: Sharing Basis: Consent Security Protocols: Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Data routed through servers in China. USA Retention Period: Individual accounts when deleted |
Yes |
For more specific details about retention periods see the Department’s retention schedule
Information obtained or disclosed by third parties will not be used for any other purpose other than supporting the delivery of teaching and learning.
Failure to provide information may impact on support in school, the quality of teaching and learning and in achievement in examinations.
Ballakermeen High School will:
Apps and services that are used in school may require data to be stored on servers outside of the EEA. Information sent to these will be limited and are as detailed above.
You can find out more information including:
You have a right to access your personal data to ensure that it is accurate, and to request that it is rectified, blocked, erased or destroyed if it is inaccurate.
To make any request relating to your data held by us, please contact the Data Protection Officer for the Department of Education, Sport and Culture who is: Andrew Shipley, DPO. Hamilton House, Peel Road. Douglas. IM1 5EZ. Tel 685828. Email DPO-DESC@gov.im
If you are not satisfied with the response you receive, you may also complain to the Information Commissioner, whose details can be found on www.inforights.im, or the relevant supervisory authority. You may have a right to other remedies.