Data Protection Policy & GDPR Compliance

DATAPROTECTION AND GDPR COMPLIANCE

DEFINITIONS – See Earwig School Terms and Conditions

This agreement supports the joint obligation between EarwigClient  Schools and Earwig AcademicReporting Ltd to comply not only with the Data Protection Act 2003 and theInformation Commissioner’s Office (ICO) mandate, but also the General DataProtection Regulations (GDPR) in force from May 2018. It details the dataobjects and items that are shared, and the use, storage, and security of thedata that Schools share with Earwig Academic Reporting Ltd (Earwig).

All the personal data about school staff or pupils held byEarwig has been supplied by the School. The School is the Controller of thisdata for the purpose of the GDPR and Earwig is acting merely as the agent ofthe School in applying this data for purposes approved by the School. It istherefore the responsibility of the School to ensure that this data is keptsecure and accurate. Earwig will do whatever is necessary to ensure compliancewith the letter and spirit of the regulations, as follows.

The principles which Earwig applies to the management ofpersonal data are

  1. That all Earwig data will be held only within the UK.
  2. That all data will be encrypted using 128 bit AES both during transmission and at rest and processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  3. That Earwig will only hold such personal data as is required to fulfil its obligations under this contract and that once this data is no longer     required for this purpose, it will be deleted.
  4. That Earwig will provide the School with whatever information it requires to fulfil its obligations in terms of data transparency.
  5. That Earwig requires high security passwords and multi-factor authentication for schools that require this for Cyber Essentials certification.
  6. In the event of any breach of the security of the personal data related to the School Earwig will inform the school within 48 hours so that the     School may comply with its obligations to keep the affected people informed.

Use of the Earwig software by any authorised staff at any educational establishment which has an account with Earwig or payment of an Earwig invoice indicates acceptance by that entity of these terms.

 

PERSONAL INFORMATION

Below is the list of personal information which Earwig requires in order to provide the Earwig service.  Where appropriate, the data is classified in accordance with the UK Government’s Information Security DesignManual Business Impact Levels.

1.     PERSONAL INFORMATION ABOUT PUPILS WHO ARECURRENTLY ON ROLL:

  • Name
  • Assigned     classes or groups
  • Official     school photo
  • Parents     names

2.     PERSONAL INFORMATION ABOUT STAFF CURRENTLYIN THE EMPLOYMENT OF THE SCHOOL:

  • Name,     Position
  • Work     email address
  • Assigned     classes or groups

3.     INFORMATION ABOUT THE SCHOOL:

  • Name,     Address, Email address
  • Name     and contact details of the appointed
  • Headteacher
  • Earwig     Administrator
  • Data     Controller
  • Business     Manager
  • IT     support

4.     INFORMATION ABOUT PARENTS:

  • Name,     Email address, relevant children.

INFORMATION MANAGEMENT

We do not collect or retain credit card information.

We do not  provide or sell any personal information tothird parties. This information is only available to the relevant client schooland certain employees and contractors who have a need for it in the executionof their job.  All Earwig employees and contractors with access to thisinformation hold current DBS certificates.

We may use independent contractors to provide technologyservices on our behalf. Such third parties may have access to personalinformation in the course of providing services on our behalf. Any personalinformation that we provide to such third parties is protected under aconfidentiality agreement. Such third parties will have current DBScertificates and take commercially reasonable measures to keep your personalinformation safe, private and secure.

We automatically collect and store:

  • the     name of the domain and host from which you access the internet.
  • the     Internet protocol (IP) address of the computer.
  • the     date and time of access our site.
  • the     Internet address of the site from which the user arrived.

We use this information only as anonymous aggregate data todetermine the number of visitors to different sections of our sites, to ensurethe sites are working properly, and to help us make our sites more useful. Wedo not use it to track or record information about individuals.

When you use our services as a registered user, we utilizecookies to store information about your visits to make your revisits moreefficient for you and us. It is necessary to place the cookie on yourcomputer’s hard drive in order for us to do this. We do not sell or give thisinformation to any outside parties.

We use commercially reasonable measures to provide securetransmission of personal information to us. You should be aware that there is alevel of risk involved in transmitting information over the Internet. As aresult, we cannot ensure or warrant the security of the information that istransmitted over the Internet, and that you do so at your own risk.

Earwig does not host any advertisements on our operationalsite.

Our operational website does not contain links to othersites other than those managed by Earwig.

DATA UPDATE AND SECURITY PROCESSES

It is the responsibility of the School to ensure that thedata in Earwig is always current.

If the School cannot implement an automated update processit will assign a person to update data manually through the Earwig website orby sending and data revisions to Earwig customer services in the form of aspreadsheet,

The data held by Earwig is protected from exposure by insitu encryption, multiple layers of firewalling, authentication, intrusiondetection and physical access control.

OTHER DATA SECURITY INFORMATION

Earwig is registered with the UK ICO.  CertificateNo. ZB450961.

The Earwig Data Controller is Mark Hindmarsh – CustomerServices Director.

Earwig access controls satisfy Cyber Essentialsrequirements.

DATA RETENTION

Under current legislation, each client school may determinethe length of time that data about individuals is held in Earwig after thatindividual ceases to have a day-to-day relationship with the school.

By default, in order to fulfil its obligations for historicdata an performance analysis under its contract with schools, Earwig willretain all media and associated metadata for five years after the last Usertagged to that media has been Archived. Then it will be deleted.  However,any client school may change the retention period for that school by requestinga different retention period  in writing.

EARWIG AND CYBER ESSENTIALS

Cyber Essentials is a UK Government sponsored scheme to provide the users of commercial software packages that the software they are using is protected, as far as possible, from cyber attack. School data coordinators are now required to seek Cyber Essentials certification to ensure that their networks are as secure as possible.

To achieve this certification, they need to ensure that the software used by staff provides secure access procedures. Earwig does this by offering twelve digit password protection and multi-factor authentication.

 

Which earwig is right for your school?Book a free, no-commitment online demo
About Us
FAQsAwards & TestimonialsDepartment for EducationCareersContact Us
Small Print
Data Protection GDPRChild Protection PolicySecurity AssessmentT&Cs for SchoolsT&Cs for Parents
Useful Links
Getting startedRequest a demo
Socials
info@earwigacademic.com0333 6666 166
© 2015 earwig