Read our Child Friendly Privacy Notice for Pupils (PDF 261KB)
Your information is being collected by Ballakermeen High School which is a data controller for the purposes of current Data Protection Legislation as applied in the Isle of Man.
Our websites contain links to other websites which you may find useful; when you follow these links, the websites should have their own privacy policy. Ballakermeen High School cannot accept any responsibility or liability for the content of any personal data provided to them. We advise you to check these policies before you submit any personal data to these websites.
The Headteacher in the name of Ballakermeen High School as Data controller
If you have any questions or comments on this Privacy Notice please contact the Data Controller, namely the Head Teacher at St Catherine's Drive, Douglas, Isle Of Man IM1 4BE.
In addition to the information set out in the Department of Education, Sport and Culture’s (DESC) Privacy Notice, we may also collect the following information about your child as required by the Education Act 2001 and the Registration of Pupils Regulations 2016:
Should you have any enquiries or comments regarding this information, please contact the Data Protection Officer (DPO) for the Department of Education, Sport and Culture. By email DPO-DESC@gov.im or by post to Data Protection Officer, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS or by telephone on (01624) 685828.
Ballakermeen High School may use your information to:
Ballakermeen High School has a statutory obligation to check and verify the data you provide to us on registration documents and on consent forms. This may include checks of publicly available information but in some cases, where it is necessary and relevant, the information you provide may be disclosed or shared with other organisations.
App or Service | Details | Consent Required |
---|---|---|
Adobe |
Data Shared: Sharing Basis: To allow students to use Adobe software for educational purposes. Security Protocols: Adobe provides reasonable administrative, technical and physical security controls to protect the schools’ and students’ personal information and content. Access Conditions: Supervised in class. Teacher Access: Adobe account administration for students is done by GTS Server/Data Location: The main locations where we process your personal information are the US and India, but we also transfer personal information to all other countries in the world where our Services and Software are available. Retention Period: |
No |
Blooket |
Data Shared: Sharing Basis: Blooket is an application that allows a user such as a teacher to create trivia and review games that students can participate in online. Security Protocols: Access Conditions: Teacher Access: Teaching staff are able to access the personal information collected by Blooket in order to monitor student progress. Server/Data Location: Blooket operates both within and outside the European Economic Area (the “EEA”) Retention Period: Blooket store personal information for as long as it is necessary to provide products and Services to their users, including those described above pursuant to our Data Retention Policy. |
No |
BOOST (Dynamic Learning) - Hodder Education |
Data Shared: School email address which includes full name of student / staff member Sharing Basis: MFL - Listening, vocab tests, translations, assessments, ebook on screen. Security Protocols: Access Conditions: Supervised in class. Teacher Access: Yes to monitor/analyse and track progress. Server/Data Location: UK Retention Period: For the duration of the Subscription Period. Personal data will then be held until Licensee requests that it should be deleted. |
Yes |
Cambridge Go |
Data Shared: Identity Data which includes first name, last name, username or similar identifier. Sharing Basis: Online platform to access CAIE subjects – Economics and Business Studies. Students can access course materials and online resources. Security Protocols: Access Conditions: Supervised in class. Teacher Access: Yes, to monitor/analyse and track progress. Server/Data Location: Worldwide Retention Period: |
No |
Canva |
Data Shared: Canva may ask for certain information when you register for an account (such as a username, your first and last names, birthdate, phone number, profession, physical and e-mail address Sharing Basis: To allow students to use the Canva platform for educational purposes. Security Protocols: Access Conditions: Supervised in class. Teacher Access: Teachers can access student work on Canva in order to view work completed Server/Data Location: Information collected through the Service will be stored and processed in a number of countries including United States, Australia, Singapore, European Union, United Kingdom, Philippines and New Zealand. Retention Period: Following termination or deactivation of a user account, Canva will retain an individual’s profile information and User Content for a commercially reasonable time, and for as long as we have a valid purpose to do so. |
Yes |
DESC Attendance |
Data Shared: Name, School, Attendance data if less than 80% Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure access or information sent by email password protected Server/Data Location: EEA Retention Period: As needed while resolving issues |
No |
DHSC Dental Survey |
Data Shared: Child’s name, date of birth Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
DHSC School / Community Nurses |
Data Shared: Child's name, date of birth, current address, previous address, current school and previous school Security Protocols: Information sent password protected with the password sent via an alternative means of communication Server/Data Location: EEA Retention Period: Current year |
Yes |
Doddle |
Data Shared: Student name, school year and classes they are enrolled in. Sharing Basis: To assist in the teaching of MFL. Security Protocols: Technical and organisational measures are used to safeguard each User’s personal data e.g.by storing personal data on secure servers. Access Conditions: Unsupervised Teacher Access: To track the learning progress of students Server/Data Location: EU Retention Period: For as long as we need to for the purposes for which it was collected |
No |
Dr Frost Maths |
Data Shared: Sharing Basis: For the setting and analysis of homework. Security Protocols: Secure UK servers. Access Conditions: Unsupervised (homework) Teacher Access: Yes, setting and monitoring of homework. Server/Data Location: UK Retention Period: Data automatically deleted for Inactive accounts where the user has not logged in over 2 years. |
No |
Dynamic Learning |
Data Shared: Sharing Basis: Dynamic Learning is used to assist with the teaching in a number of subject areas. Security Protocols: Where appropriate, Dynamic Learning anonymise and pseudonymise the data they store. They use appropriate technological and operational security measures to protect data against any unauthorised access or unlawful use. Access Conditions: Unsupervised Teacher Access: Dynamic Learning is used to assist with the teaching in a number of subject areas. Server/Data Location: UK Retention Period: Dynamic Learning retain information for as long as is necessary to provide the services that have been requested. |
Yes |
employed.im |
Data Shared: Name, email, password. Information data subject supplies. Sharing Basis: Public interest + official authority of the DC Access Conditions: Supervised and unsupervised Teacher Access: Limited access to enable placements Server/Data Location: IOM Retention Period: For as long as data subjects wish to use the services |
No |
Empowering Education International Limited (EEIL) |
Data Shared: Sharing Basis: Public interest + official authority of the DC Security Protocols: Access Conditions: No Teacher Access: No Server/Data Location: UK Retention Period: Any personal data provided to EEIL will only be retained for the duration of the EEIL engagement with DESC. |
No |
EverLearner |
Data Shared: Name, password and email address. Sharing Basis: To allow access to the platform and resources Security Protocols: EverLearner has a variety of security measures in place to make sure that the personal information they hold is secure and that it does not become inadvertently available to other organisations or individuals. Access Conditions: Supervised and unsupervised Teacher Access: Yes – for the purposes of viewing work completed etc. Server/Data Location: London, UK Retention Period: 365 days after being archived |
Yes |
Evolve |
Data Shared: Name, contact details, trip information and risk assessments Sharing Basis: Public interest + official authority of the DC Security Protocols: Server/Data Location: UK Retention Period: Current year + 6 years |
No |
|
Data Shared: Photos, names Security Protocols: Password protected, Two-factor authentication. Server/Data Location: Worldwide including the US Retention Period: Current year |
Yes |
GL Assessment |
Data Shared: Sharing Basis: GL Assessments offer a range of assessments that schools can use to generate data that is, in turn, used to support student achievement. Security Protocols: Access Conditions: Supervised. Teacher Access: Yes. Server/Data Location: Personal Data that we collect from Users will not be stored at a destination outside the United Kingdom or the European Economic Area (“Europe”). Retention Period: GL Assessment will keep Personal Data for as long as they need to for the purposes for which it was collected or (if longer) for any period for which they are required to keep Personal Data to comply with their legal and regulatory requirements. |
Yes |
GL Education Group |
Data Shared: Sharing Basis: Security Protocols: Access Conditions: Supervised Teacher Access: Senior staff can directly access the website/data with the calculated results issued to teachers to assist in planning of lessons and educational interventions. Server/Data Location: Within the United Kingdom or the European Economic Area. Retention Period: |
No |
|
Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed Sharing Basis: Public interest + official authority of the DC Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: No Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas Server/Data Location: Worldwide including the US Retention Period: DOB + 21 years or 3 years since the last log on |
Yes |
Integral |
Sharing Basis: Used for KS4 and KS5 mathematics. |
No |
ItsLearning |
Data Shared: Name, class, school work Sharing Basis: Public interest + official authority of the DC Security Protocols: Username and password Access Conditions: No Teacher Access: Yes Server/Data Location: EEA Retention Period: End of Use + 12 months |
No |
Kahoot |
Data Shared: Name, or nickname Sharing Basis: To allow interactive and engaging assessment of learning in a quiz format Security Protocols: Reasonable organizational, technical and administrative measures Access Conditions: Supervised Teacher Access: Yes - e.g. for quick formal assessment of topics etc Server/Data Location: Worldwide Retention Period: End of use + 12 months |
No |
Kerboodle |
Data Shared: Username and email address Sharing Basis: To allow students and teachers to access the Kerboodle platform Security Protocols: Access Conditions: Supervised in class. Access will be unsupervised during private study and home study. Teacher Access: Yes, in order to share resources, set up groups and to view markbooks. Server/Data Location: Personal information may be stored and processed outside of the country where it is collected, including outside of the European Economic Area. Retention Period: Oxford University Press will only keep records of your personal information for as long as is reasonably necessary |
Yes |
Language Gym |
Data Shared: The only data inputted by the user is their login (could be first name/full name/student name of choice) and email. Sharing Basis: To assist in the teaching of MFL. Security Protocols: Any data gathered from users is stored in a highly secure server in Digital Ocean. Access Conditions: Unsupervised. Subscribing as a school will entitle every teacher and student in your educational establishment to have access and use The Language Gym’s resources Teacher Access: Yes, to track the learning progress of students. Server/Data Location: For users in uk.language-gym.com, the servers and data are hosted in UK. For users in language-gym.com, the servers and data are hosted in Singapore Retention Period: After completion of the contract, any necessary data will be stored for the duration of any applicable warranty period. |
No |
MathsPad |
Data Shared: Name, email, school name Sharing Basis: In order to access resources that support learning Security Protocols: In transit, data is secured with SSL/TLS encryption Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: UK Retention Period: Up to 3 years |
Yes |
Microsoft Teams |
Data Shared: Sharing Basis: Public interest to assist with remote education during period of school closures. Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption. Access Conditions: Supervised and unsupervised. Teacher Access: Yes Server/Data Location: EEA Retention Period: August after pupil leaves school |
No |
MyMaths |
Data Shared: Name, email address Sharing Basis: Maths learning activities and homework online Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data Access Conditions: Unsupervised Teacher Access: Yes Server/Data Location: Worldwide Retention Period: End of use + 12 months |
No |
OnShape |
Data Shared: Name, school email address, date of birth and country and parent/carer email address. Sharing Basis: To allow students to learn computer added design. Security Protocols: All Onshape documents are saved on encrypted storage with AES-256 Access Conditions: Supervised and unsupervised Teacher Access: Yes – for the purposes of viewing work completed etc. Server/Data Location: United States Retention Period: For as long as necessary to fulfil the purposes for which it was collected and processed |
Yes |
Parent App |
Data Shared: Pupil record. Sharing Basis: Security Protocols: Secure servers hosted within Government data centre. Parents/carers cannot sign up to the app unless they have parental responsibility recorded on SIMS. Security questions asked and unique credentials provided. Access Conditions: N/A Teacher Access: N/A as this is a parent/carer app. However, as the data is drawn from SIMS and it is ‘pupil record’, teachers have access anyway. Server/Data Location: EEA Retention Period: Data is stored in SIMS DOB +25 years. ParentApp cannot be used to access student data once a student is no longer on roll. |
Yes |
ParentPay |
Data Shared: Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest' Security Protocols: Server/Data Location: UK Retention Period: |
Yes |
Passport Maths |
Data Shared: No personal student data entered into Passport Maths. Sharing Basis: To provide additional online support resources for target numeracy groups in KS3. Access Conditions: Unsupervised Teacher Access: Access to login codes is restricted to BHS Maths Teachers. Retention Period: Likely to be the end of the academic year but will be reviewed over the course of the year . |
No |
Pearson Activelearn (Edexcel) |
Data Shared: Name, Date of Birth, School Email, School, Year Group Sharing Basis: Allow students to access a digital platform to support learning for KS3, KS4 & KS5 Security Protocols: Access Conditions: Unsupervised Teacher Access: Teaching staff access data to monitor student progress. Teaching staff are also responsible for registering students onto the platform and have full access to student Data. Server/Data Location: EEA Retention Period: |
No |
Pobble |
Data Shared: Includes first name, last name, username or similar identifier, date of birth and gender Sharing Basis: To allow students to access the Pobble platform Security Protocols: Pobble uses the latest technology to ensure robust data safety and security Access Conditions: Supervised in class. Teacher Access: Yes Server/Data Location: In most cases your data is stored by us and our processors in the UK or EEA Retention Period: Personal data shall be retained for up to 5 years following the closure of any accounts |
No |
Quesmedia Sites |
Data Shared: Website activity, website form submissions and user content. Sharing Basis: To provide public website services for our school Security Protocols: Access Conditions: None Teacher Access: Limited to data provided within the CMS Server/Data Location: United Kingdom (EEA) Retention Period: Please view the more information link for data retention policies. |
No |
Quizizz |
Data Shared: Optional, Quizizz integrates with Google Classroom to share student names and email addresses. Sharing Basis: AFL Access Conditions: Supervised and unsupervised Teacher Access: Yes, for AFL Server/Data Location: USA, however Quizizz does comply with GDPR for EU users Retention Period: Quiz and student data can be deleted by the teacher at any time |
No |
Reading Cloud |
Data Shared: Student name, tutor group, year group, admission number. Gender & DOB are optional. Optional data can be transferred such as photograph, address, telephone, ethnicity and guardian information. Sharing Basis: Utilised to aid in searching for resources, reporting, loan management of a computerised library management system Security Protocols: CloudFlare security, Microsoft data centre physical security. Access Conditions: - Teacher Access: Support staff – for library loan management Server/Data Location: EEA Retention Period: 3 months |
No |
RIDDOR |
Data Shared: Name, age,gender, school, address, phone number, injury Server/Data Location: IOM Retention Period: DOB +25 years |
No |
Seneca |
Data Shared: Seneca collects a students school email addresses, forename, surname and feedback on tasks relating to their learning. Sharing Basis: Students have access to an online platform that allows them to study various subjects from home. Security Protocols: Access Conditions: Seneca can be accessed by students in two ways: Teacher Access: Teaching staff are able to access the personal information collected by Seneca in order to monitor student progress. Server/Data Location: Data is stored securely within the European Union using 256bit AES encryption (more specifically in Dublin). Retention Period: Within 12 months of their year group no longer using the programme. Or by requesting Seneca to delete a profile. |
Yes |
Sentence Builders |
Data Shared: Student first name and surname or pseudonym. Scores/marks will also be shared with the platform as will teacher names and email addresses Sharing Basis: A learning resource used in Modern Foreign Language subjects. Scores are recorded to monitor progress Security Protocols: Access Conditions: Supervised in class and unsupervised access at home Teacher Access: The teacher can access the data to monitor progress Server/Data Location: UK Retention Period: Data is stored indefinitely. Teachers can delete their own resources and their class lists. Data can be deleted on request by email |
Yes |
SIMS |
Data Shared: Pupil record Sharing Basis: Public interest + official authority of the DC Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only. Server/Data Location: EEA Retention Period: DOB + 25 years |
No |
Socrative |
Data Shared: Name Sharing Basis: Online assessment tool Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology. Access Conditions: Supervised Teacher Access: Yes Server/Data Location: USA Retention Period: Until child leaves school |
No |
Speech Link Multimedia Ltd [speechandlanguage.info] |
Data Shared: Forename and Surname Sharing Basis: Needed for the identification of students where speech and language intervention is required. Security Protocols: Access Conditions: Supervised Teacher Access: Yes, to analyse results and run interventions Server/Data Location: UK Retention Period: Until the August after the student leaves school. |
Yes |
TES Parent Meeting |
Data Shared: Student personal data, processed under instructions from the school, including name, age, gender, timetable and parental details. Sharing Basis: To allow a parent/carer to book a face-to-face or online meeting with a member/members of staff. Security Protocols: Access Conditions: Supervised and unsupervised. Teacher Access: Yes – in order to view appointments, to see questions posed by parents/carer during booking, to add manual bookings and to record attendance to an event/meeting. Server/Data Location: Where possible, will be stored in the United Kingdom (the UK), the European Economic Area (the EEA) or Australia. Retention Period: Personal information associated with the schools account will be deleted as soon as the duration of the contract has expired. Data relating to bookable events that have happened will be deleted by the school after 6 months. |
No |
Tinkercad |
Data Shared: Name, school email address, date of birth and country and parent/carer email address. Sharing Basis: To allow students to learn computer added design. Security Protocols: Tinkercad provide secure communication with their servers, and perform regular security audits and risk assessments to help keep information secure. Access Conditions: Supervised and unsupervised Teacher Access: Yes – for the purposes of viewing work completed etc. Server/Data Location: Autodesk Cloud services are hosted on Amazon Web Services (AWS) Servers in the US-East region and in Europe Retention Period: On request or can be deleted by a moderator at any point |
Yes |
Transition between primary and secondary school |
Data Shared: Transition activities / work done in transition lessons / pupil record Sharing Basis: In the public interest and official authority of the data controller. Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: United Kingdom (EEA) Retention Period: DOB + 21 years or 3 years since the last log on |
No |
|
Data Shared: Photos, names, achievements, event details, location, IP address Server/Data Location: Worldwide Retention Period: Public |
Yes |
Unifrog |
Data Shared: Name, email address, gender and postcode, academic performance information, personal statement / CV Sharing Basis: In the public interest and official authority of the data controller. Security Protocols: Secure servers – technical and organisational measures. Password protection. Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Servers in EEA Retention Period: 4 years after the platform is no longer accessed. |
No |
Wonde |
Data Shared: Sharing Basis: Security Protocols: Access Conditions: System administrator (GTS) Teacher Access: N/A Server/Data Location: Wonde uses Amazon Web Services (AWS). These storage facilities are based in Ireland which keeps all school data within the European Economic Area (EEA). Retention Period: |
Yes |
Youtube |
Data Shared: Image or voice, Name Access Conditions: Supervised and unsupervised Server/Data Location: Worldwide |
Yes |
Zoom |
Data Shared: Sharing Basis: Consent Security Protocols: Access Conditions: Supervised and unsupervised Teacher Access: Yes Server/Data Location: Data routed through servers in China. USA Retention Period: Individual accounts when deleted |
Yes |
For more specific details about retention periods see the Department’s retention schedule
Information obtained or disclosed by third parties will not be used for any other purpose other than supporting the delivery of teaching and learning.
Failure to provide information may impact on support in school, the quality of teaching and learning and in achievement in examinations.
Ballakermeen High School will:
Apps and services that are used in school may require data to be stored on servers outside of the EEA. Information sent to these will be limited and are as detailed above.
You can find out more information including:
Requests for Information, submitted in accordance with Freedom of Information Act 2015. |
The following information is collected for the purpose of meeting a request you have made for information.
|
You may have the following rights in relation to your personal information:
It is worth noting that the benefits afforded by these rights are limited in some circumstances, and may depend on the legal reason why we collected your personal data. If this is the case, we'll explain why.
To exercise any of the rights mentioned, or if you have any questions relating to your rights, please contact the Data Protection Officer. To do this, by email DPO-DESC@gov.im by post to Data Protection Officer, DESC, Thie Slieau Whallian, Foxdale Road, St John's, Isle of Man, IM4 3AS, or by telephone on (01624) 685828.
We take any complaints we receive about the way we process your information very seriously and we would like to hear from you if you have any concerns that our collection or use of your personal data is unfair, misleading or inappropriate. Please bring your concern to our attention by contact the Data Protection Officer, who will work with you to resolve any issues.
If you are unhappy with the way we are using your personal data you have the right to make a complaint to the Information Commissioners Office as the Supervisory Authority for the Isle of Man. Further details can be found at www.inforights.im
From time to time we may amend this privacy notice to reflect changes in legislation, changes in our processing or experience of operating these services, and for other reasons or feedback we receive.
Any significant changes will be advised by a prominent notice on our website so that you can review the change. We will not reduce your rights under this Privacy notice without your consent. This Privacy notice was last updated July 2022.