DATA PROTECTION POLICY
This document details the data objects and items that are shared, the use, storage, and security of the data that Schools and other institutions share with Earwig Academic Reporting Ltd.
This policy form part of the agreement that we sign with every client. It supports our joint obligation to comply not only with the Data Protection Act 2003 and the Information Commissioner’s Office (ICO) mandate, but also the General Data Protection Regulations (GDPR) which are due to come into effect in May 2018.
All the personal data about school staff, parents or pupils held by Earwig has been supplied by the School. Parent self registrations are individually approved by the School. The School is the Controller of this data for the purpose of the GDPR and Earwig is acting merely as the agent of the School in applying this data for purposes approved by the School. It is therefore the responsibility of the School to ensure that this data is kept secure and accurate. Earwig will do whatever is necessary to ensure compliance with the letter and spirit of the regulations, as follows.
The principles which Earwig applies to the management of personal data are
- That all Earwig data will be held only within the UK.
- That all data will be encrypted during transmission and processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- That Earwig will only hold such personal data as is required to fulfil its obligations under this contract and that once this data is no longer required for this purpose, it will be deleted.
- That Earwig will provide the School with whatever information it requires to fulfil its obligations in terms of data transparency.
- In the event of any breach of the security of the personal data related to the School Earwig will inform the school within 48 hours so that the School may comply with its obligations to keep the affected people informed.
- Earwig will review its security policies and processes at least one a year.
Signature of the Earwig Application form by authorised staff at any educational establishment within the UK indicates the acceptance by that entity of the terms of this agreement.
Below is the list of personal information which Earwig requires to provide the Earwig service. Where appropriate, the data is classified in accordance with the UK Government’s Information Security Design Manual Business Impact Levels.
1. Personal information about pupils who are currently on roll:
- Name, Gender, Age
- Assigned classes, clubs, groups, teams
- Unique Pupil Number
- All special needs, EAL, Pupil Premium, Looked After
- Parental Consent
2. Personal information about Staff currently in the employment of the school:
- Name, Position, Work email address
- Assigned classes, clubs, groups, teams
3. Personal information about Parents
- Name, Address (for product fulfilment only)
- Assigned children
- Email address
4. Information about the school:
- Name, Address, Email address
- Name and contact details of the appointed Earwig Administrators, IT Managers, Business Managers, Accounts Managers and Senior Learning Team including the Head(s) and Deputy Head(s).
We do not collect or retain credit card information.
We do not sell any personal information to third parties. This information is only available to certain employees who have a need to it in the execution of their job.
We may use independent contractors to provide services on our behalf such third parties may have access to personal information in the course of providing services on our behalf. Any personal information that we provide to such third parties is protected under a confidentiality agreement. Such third parties will take commercially reasonable measures to keep your personal information safe, private and secure.
Payments made to Earwig for vouchers designed for use by others at a later date are held separate from the business funds of Earwig until the vouchers are cashed in order to pay for Earwig services. We automatically collect and store: the name of the domain and host from which you access the Internet;
- the Internet protocol (IP) address of the computer
- the date and time of access our sites
- the Internet address of the site from which the user arrived.
We use this information only as anonymous aggregate data to determine the number of visitors to different sections of our sites, to ensure the sites are working properly, and to help us make our sites more useful. We do not use it to track or record information about individuals.
When you use our services as a registered user, we utilize cookies to store information about your visits to make your revisits more efficient for you and us. It is necessary to place the cookie on your computer’s hard drive in order for us to do this. We do not sell or give this information to any outside parties.
We use commercially reasonable measures to provide secure transmission of personal information to us. You should be aware that there is a level of risk involved in transmitting information over the Internet. As a result, we cannot ensure or warrant the security of the information that is transmitted over the Internet, and that you do so at your own risk.
Our website may contain links to other sites for your convenience. In most cases, those sites are not under our control, and they have their own policies regarding privacy, which you should review before using them. We bear no responsibility for linked websites and provide these links solely for your convenience and information.
DATA UPDATE AND SECURITY PROCESSES
It is the responsibility of the School to ensure that the data in Earwig is always current.
If the School cannot implement an automated update process it will assign a person to update data manually through the Earwig website or by sending and data revisions to Earwig customer services in the form of a spreadsheet,
To update data automatically, information is extracted from the school Management Information System (MIS) daily using Groupcall’s industry leading and secure Xporter software. The data is securely uploaded to Earwig using industry standard SSL encryption. A unique identifier configured by EARL in Groupcall Xporter ensures that the information is linked to the correct customer account in Earwig. Groupcall Xporter accesses your school MIS system using credentials that you provide and cannot access it without them.
The information from the School is held inside the Earwig platform, which is hosted on dedicated servers based in England. You can find out more about the security and safety policies that affect your data by looking on the Earwig website or by contacting EARL.
The data held by Earwig is protected from exposure by multiple layers of firewalling, authentication, intrusion detection and physical access control.