Privacy Notice

Video creating software

more information

Data Shared: Photographs and location

Security Protocols: Stored on computers that only selected personnel and contractors have access to via password. Obscured URL system

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: Year after child has left

Management Information System

more information

Data Shared: Pupil record

Sharing Basis: Public interest + official authority of the DC

Security Protocols:
Arbor uses bank-grade, end-to-end, 256bit SSL encryption to ensure only the authorised user can see school data. Student data is NEVER shared with third parties without a schools’ consent.  Each user is issued with a unique and secure password, with permission-based access ensuring that they can only view the data relevant to them. No data is stored on any device, and Arbor automatically logs out after a period of inactivity.  Arbor is a Data Processor and abides by all of the terms of the Data Protection Act 1998. Arbor are also registered with the UK Government on the G-Cloud VII framework, a Government framework which audits the security of cloud-based providers to ensure they meet government standards. Arbor products have also been approved by the Department for Education list for cloud suppliers.

Server/Data Location: EEA

Retention Period: DOB + 25 years

DESC Attendance

Data Shared: Name, School, Attendance data if less than 80%

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure access or information sent by email password protected

Server/Data Location: EEA

Retention Period: As needed while resolving issues

DHSC Dental Survey

more information

Data Shared: Child’s name, date of birth

Security Protocols: Information sent password protected with the password sent via an alternative means of communication

Server/Data Location: EEA

Retention Period: Current year

DHSC School / Community Nurses

more information

Data Shared: Child's name, date of birth, current address, previous address, current school and previous school

Security Protocols: Information sent password protected with the password sent via an alternative means of communication

Server/Data Location: EEA

Retention Period: Current year

e-learning platform

more information

Data Shared: Forename and surname, including title (compulsory)
Email address (compulsory)

Security Protocols:
All personal data stored in one location only in fully encrypted format. Personal data only accessible by trained personnel at theeverlearner.com (see training policy). All hard copies of personal data destroyed after use. Personal data of children deleted in accordance with their deletion policy. All registrants declare age at signup.
All registrants less than 14 years must forward registration process to parent/guardian as set out in sign up process.
No data is collected until parent/guardian consents. Messenger service only available between student and teacher and tutor.
Messenger service unavailable between students or between students and teachers registered with another school.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: The EverLearner Ltd holds this data solely in the database of theeverlearner.com which is physically housed on two OVH SP-64 servers in London UK. Detailed information on the servers can be found at https://www.ovh.co.uk/

Retention Period:
The EverLearner Ltd has a robust and automated policy to achieve this:
All users on theeverlearner.com have the right and capability to permanently delete their personal data from the database at any time.
The EverLearner Ltd automatically deletes all personal data for a user when the user becomes “inactive”.
Inactivity is defined as time since last login.
The EverLearner Ltd guarantees to permanently delete personal data exactly 730 days after last activity unless the point that follows happens sooner.
School administrators and Heads of department can archive but cannot delete user data. User data is permanently deleted by The EverLearner Ltd exactly 365 days of archive.
Deletion is permanent and complete. After deletion, The EverLearner Ltd retains no personal data for the user.

Risk assessment management tool for Educational Visits

more information

Data Shared: Name, contact details, trip information and risk assessments

Sharing Basis: Public interest + official authority of the DC

Security Protocols:
Advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging

Server/Data Location: UK

Retention Period: Current year + 6 years

Google

Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: No

Teacher Access: Limited to areas set up by staff such as Google Classrooms and shared areas

Server/Data Location: Worldwide including the US

Retention Period: DOB + 21 years or 3 years since the last log on

Guild

Data Shared: Name, DOB. School information

Retention Period: Public information

Programming software

more information

Data Shared: name, email address

Security Protocols: Physical, technical, and procedural security measures to safeguard all information collected.  Not covered by Privacy Shield or Standard Contractual clauses.

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: US

Retention Period: Until account no longer being used

Learning Management System

Data Shared: Name, class, school work

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Username and password

Access Conditions: No

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: End of Use + 12 months

Junior Achievement

more information

Data Shared: Name. class, year group

Security Protocols:
Hold your information securely to maintain safety of your personal information. Your information whether public or private will never be sold, exchanged, transferred, or given to another company for any reason whatsoever, other than for the purpose of delivering purchased products or vetting of volunteers

Retention Period: Until after event

Game-based learning platform

Data Shared: Name, Email address, user name, google analytics identifiers

Security Protocols: Reasonable organizational, technical and administrative measures

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: Worldwide

Retention Period: End of use + 12 months

Learning resources and digital books.

Data Shared: Name, username, password, student ID, email address, work undertaken, marks, courses being undertaken

Sharing Basis: In the public interest and official authority of the data controller.

Security Protocols: Appropriate and suitable safeguards and technical measures

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: Servers worldwide, both inside and outside the EEA.

Retention Period: 4 years after the platform is no longer accessed

Assessments and intervention

more information

Data Shared: Name, DOB. email & telephone number of school

Security Protocols: Encryption, access restriction and physical security

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: 3 years

Assessment software

more information

Data Shared:
Internet protocol (IP) address used to connect your computer to the Internet, login, e-mail address, password, computer and platform. Student information including gender and age. Student information including observations about students’ performance in tests, the
environment during tests and any other relevant information, for example, any illness
of a student prior to or during the testing. Student information including ethnic and socio-economic information.

Security Protocols: The GL Education Group complies fully with the ISO/IEC 270013 (3
ISO/IEC 27001 Certificate Number GB18430)
international standard
regarding data security management, the highest standard in industry specifically for data
security

Server/Data Location: UK and EEA

Retention Period: DOB + 25 years

Manx Timing Solutions (for Cross country competition)

more information

Data Shared: Names, sex, school

Teacher Access: Public

Server/Data Location: EEA

Retention Period: Public information

Microsoft Teams

Data Shared:
Census data: AppName, DeviceModel, OSName, OSVersion, UserLanguage, UserID, DeviceID. Census data DOES NOT contain any information that identifies your organisation or users.

Usage data: includes information such as number of calls made, number of IMs sent or received, number of meetings joined, frequency of features used and stability issues. Usage data DOES NOT contain any information that identifies users.

Anyone in a team can see all members of a team, including guests

Sharing Basis: Public interest to assist with remote education during period of school closures.

Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption.

Access Conditions: Supervised and unsupervised.

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: August after pupil leaves school

Interactive online teaching

more information

Data Shared: Name, email address

Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: Worldwide

Retention Period: End of use + 12 months

Literacy support software

Security Protocols: Password protected Admin & Reports portal.  Physical, electronic, and managerial procedures to safeguard data and prevent unauthorised access or use of the information collected online.

Access Conditions: Supervised

Curriculum resources

more information

Data Shared: Name, age, DOB, gender

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: Child leaves school

Collaboration software

Data Shared: Anonymous

Security Protocols: Account information is protected by a password for privacy and security — teacher info.

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: US

Retention Period: At end of session

Online payment system

Data Shared:
ParentPay obtain (either from the Customer and/or from you directly) and process the following information:

Data Subject (Who) Data Category (What) Description
Pupil Student Forename This is the forename of the pupil.
Pupil Student Surname This is the surname of the pupil.
Pupil Student Known as This is the name that the pupil is known as.
Pupil Student DOB This is the date of birth of the pupil.
Pupil Student Gender This is the pupil’s gender
Pupil Student Groups Registration group (if any), year, other groups
Pupil Student Salutation This is the pupil’s salutation.
Pupil Student Dietary Requirements This is the pupils special dietary requirements
Pupil Student Postal Address The student’s postal address
Pupil Student Identifiers Roll/Admission number, UPN, management system identifier
Pupil Student Meal Selections and spend history This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items, including free school meals
Pupil Student Trip information Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport
Parents Contacts Title This is the contact’s title (Mr, Mrs, Ms, etc).
Parents Contacts Forename This is the contact’s forename.
Parents Contacts Surname This is the contact’s surname.
Parents Contacts Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Parents Contacts Gender The contact’s gender (Salutation)
Parents Contacts House Name The text entered as the contact’s house name.
Parents Contacts Street The text entered as the contact’s street.
Parents Contacts Locality The text entered as the contact’s locality.
Parents Contacts Town The text entered as the contact’s town.
Parents Contacts Postcode The text entered as the contact’s post code.
Parents Contacts Day Telephone The contact’s daytime telephone number.
Parents Contacts Home Telephone The contact’s home telephone number.
Parents Contacts Mobile Telephone This is the contact’s mobile telephone number used to receive alerts from Parentpay and for school communications
Parents Contacts Email This is the contact’s E-mail address used to receive communications from Parentpay and for school communications.
Parents Contacts Payment History and balances This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.
Parents Contacts Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Parents Contacts Other This is the contact’s alternative communication method.
Parents Contacts In-app messages Messages sent from parents to school within the ParentPay application
Parents Contacts Trouble ticket data When users submit trouble ticket information, this gets stored.
Parents Contacts Shop information ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).
Parents Contacts Browser Details IP address, cookies, browser information
Parents Contacts Scottish UPRN For users in Scotland who sign up via MyGovScot
School Staff Title This is the staff member’s title (Mr, Mrs, Ms, etc.).
School Staff Forename This is the staff member’s forename.
School Staff Surname This is the staff member’s surname.
School Staff Gender The staff member’s gender
Website Access IP Address The network address of your device or internet connection
Website Access Browser Type and Version The type of Web Browser your device is using
Website Access Cookies Special records in your browser to help the website operate
Website Access Web Analytics Generalised information about browsing behaviour and page statistics

Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest'

Security Protocols:
ParentPay use your personal information, and some of their employees have access to such information, only to the extent required to carry out the services for you and on behalf of the Customer.

ParentPay have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.

ParentPay are a Level 1 PCI-DSS certified organisation and are subject to regular and comprehensive security audits. They operate an ISO27001 compliant security programme to help protect your data at all times.

The PPL Products and Services only processes your personal information in the UK.

Some of ParentPay's supporting services (for example ZenDesk), might use cloud platforms that operate from Third Countries outside of the EEA. Where this is the case, they ensure that adequate safeguards are established to protect your data.

Server/Data Location: UK

Retention Period:
ParentPay will only retain information for as long as is necessary to deliver the service safely and securely. They may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.

Pupil data will typically be removed or anonymised when the following rules are met:

The pupil has been archived by the School.
The pupil does not have any meal consumption or attendance data within the last 13 months.
The pupil has not received a payment for any payment item within the last 13 months.
The pupil balance is zero.
Payer (Parent) data will usually be removed or anonymised when the following rules are met:

They have not logged in for 13 months.
They have not topped up or spent within the last 13 months.
Parent balance is 0 (zero), and all pupil balances are 0 (zero).
There are no active pupils associated with the account
Manager Accounts that have been disabled and have not logged in for 13 months, will be removed or anonymised. Other school staff accounts are subject to the same rules as pupils (above)

Message attachments will be removed after 24 months.

File area uploads will be purged after 24 months.

Personal information in trip records will be removed 1 month after trip completion

It should be noted that Schools will still retain a complete finance audit trail for their statutory requirements. In unusual cases where specific personal information needs to be retained, then this can be facilitated upon request.

Website provider

more information

Data Shared: Website activity, website form submissions and user content.

Sharing Basis: To provide public website services for our school

Security Protocols:
Sites are served over HTTPS using TLS to provide both secure server–server and server–client communication. Accounts are protected from brute force attacks with rate limiting and automated account locking. Passwords are one-way encrypted using bcrypt before being stored and are required to satisfy strong password rules to ensure high-entropy.

Access Conditions: None

Teacher Access: Limited to data provided within the CMS

Server/Data Location: United Kingdom (EEA)

Retention Period: Please view the more information link for data retention policies.

Ramsey Commissioners Daffodil competition

Data Shared: Name, school, class

Security Protocols: Email to Commissioners

Retention Period: Winners info published in press

Incident reporting

more information

Data Shared: Name, age,gender, school, address, phone number, injury

Server/Data Location: IOM

Retention Period: DOB +25 years

Learning software

more information

Data Shared: Name and class, times table performance data

Access Conditions: Supervised

Server/Data Location: EU

Retention Period: Upon leaving school

Rotary Club

Data Shared: Name, class, year group.

Security Protocols: Email to Rotary Club

Retention Period: After being used

Programming software

more information

Data Shared:
During account creation, a username, country, birth month and year, gender, and email address (or a parent or guardian's email address if a person is under 16 years old if set up by parents). A username that does not disclose a real name or other information that could identify a pupil Other users can see the username and country, but not a pupil's age, gender, or email address.

Access Conditions: Supervised and unsupervised

Server/Data Location: US

Retention Period: When requested

Seneca

more information

Data Shared: First name, Surname, email address, school attended

Sharing Basis: Data is collected for login purposes. The app is required to support student, this may be inside school or in a home environment

Security Protocols: email and password required to log into site

Access Conditions: supervised within lessons, unsupervised at home.
Staff can track interaction with the site once they log on to their classrooms

Teacher Access: Students can give access to teachers through enrolling into their classes. This will allow teachers to review their learning and progress.

Server/Data Location: Dublin, Ireland

Retention Period: 6 years after the account has not been used. However an account can be deleted via the GDPR page on the website, personal details and the account will then be deleted within 30 days of deactivation.

Management Information System

Data Shared: Pupil record

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure servers hosted within Government data centre. Secure connections from within approved areas of Government. Teachers access via secure VPN from approved device only.

Server/Data Location: EEA

Retention Period: DOB + 25 years

Quick quiz/poll software

Data Shared: First name and Class

Security Protocols: We protect your login information and the transmission of data using Secure Socket Layer (SSL) technology.

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: USA

Retention Period: Until Childs Leaves school

Sparx online Maths learning platform

more information

Data Shared: Name, DOB,Class, School

Sharing Basis:
Sparx conduct due diligence to ensure that they will keep your data safe and we have binding written UK GDPR-compliant data processing contracts with each of our support companies. It is Sparx's responsibility to ensure our sub-processors comply with data privacy legislation. To aid transparency, our Support Companies page lists the companies that help us, what types of data we share with them (student, teacher, parent), what service they provide and a copy of our data handling agreement plus each company’s security information.

Security Protocols:
Sparx Limited (company number 07907042) (Sparx) is the entity responsible for the collection and use of personal
information by Sparx Maths Homework, Sparx Reader, Sparx Science and/or Sparx Assessments (together referred to as
the Sparx Products and each a Sparx Product). Sparx is registered as a data controller with the Information Commission
(IC) with registration number ZA006725.
This Privacy Notice is for:
● students;
● teachers and other school staff (teachers); and
● (where applicable) parents,
who use a Sparx Product. This notice gives you information about how Sparx collects, uses and protects personal data to
deliver the Sparx Product. It is important that you read this Privacy Notice.
This version of our Privacy Notice for Schools was published in September 2025 and applies to the collection and
use of personal data by Sparx from then. It aligns with the requirements of The General Data Protection Regulation
(as adopted into UK law and tailored by the Data Protection Act 2018) (UK GDPR) as well as any incoming
amendments under the Data Use and Access Act (DUAA). Any changes we may make to our Privacy Notice in the
future will be posted on this page, so you will always know what personal data Sparx collects, the purposes we use it for
and to whom we might disclose it.
Students, teachers and parents may choose to contact Sparx via our websites or social media channels. Personal data
may be shared in this way with schools or other third parties as necessary. We may also monitor social media to protect
our intellectual property. If you would like more information about how Sparx uses personal data that you provide directly
to us, including through our websites or our social media channels, please refer to our website privacy information which
can be found here.

sparx-learning.com

Sparx Privacy Notice for Schools

Access Conditions: Unsupervised- set as student independent learning platform

Teacher Access:
What Teacher Data is collected by the Sparx Product?
● School data: In order to create and administer teacher user accounts, Sparx processes school data relating to
teachers, including their name, role, school email address and teaching classes (Teacher School Data). Teacher
School Data is manually entered into the teacher portal within the Sparx Product by each school.
● Usage Data: Sparx gathers data about teacher activity when they use the Sparx Product (Teacher Usage Data) in
order to gauge usage of Sparx platforms. This includes how, when and the time spent by each teacher using
Sparx and actions and interventions taken by each teacher. Sparx also collects data:
○ generated from teacher interactions with emails sent by Sparx, including when emails were opened,
links clicked and other related activity;
○ about how and when the Sparx Product is accessed by each teacher; and
○ from product feedback (for example, via in-product questionnaire/survey responses).

How is Teacher Data used by the Sparx Product?
Sparx processes Teacher School Data and Teacher Usage Data for the following purposes:
○ delivering the Sparx Product;
○ creating and administering secure teacher user accounts, log-ins and profiles;
○ providing insights and reports to teachers relating to Sparx Product usage;
○ pseudonymising Teacher School Data and Teacher Usage Data during each teacher’s use of the Sparx Product
and anonymising Teacher School Data and Teacher Usage Data once each teacher has finished using the Sparx
Product;
○ sharing teacher user accounts and log-ins between Sparx Products for trials or subscriptions of additional
Sparx Products;
○ providing technical and user support and general communications (including new products unless opted-out)
○ using AI tools to route, classify and summarise support
○ evaluating and improving the Sparx Product (for example, analysing teacher user activity or testing new product
features);
○ measuring the effectiveness and impact of the Sparx Product or service (including recording or transcribing
support meetings); and
○ for financial, accounting and administrative purposes.
Personal data relating to parents (Parent Data)
What Parent Data is collected by the Sparx Product?
● School data: Where they choose to do so, schools securely provide Sparx with school data relating to students’
parents (Parent School Data) in order to update parents on their child’s progress. This includes parent names
and email addresses.
● Usage data: Sparx gathers data generated by parents from interactions with emails sent by the Sparx Product
(Parent Usage Data), including when emails were opened and links were clicked.
How is Parent Data used by the Sparx Product?
Sparx processes Parent School Data and Parent Usage Data for the following purposes:
○ providing reports, reminders and seeking feedback by email to students’ parents;
○ providing technical and user support;
○ evaluating and improving the Sparx Product (for example, analysing user activity or testing new product
features);
○ measuring the effectiveness and impact of the Sparx Product; and
○ for administrative purposes.

sparx-learning.com

Sparx Privacy Notice for Schools

With whom does Sparx share personal data
and where is it stored?
Sparx may disclose Student Data to:
● teachers at the student’s school;
● (where applicable) staff at the student’s school’s multi-academy trust or other school group (MAT); and
● (where applicable) parents/guardians of individual students (parents will only receive Student Data about their
own child).
Sparx may disclose Teacher Data:
● other teachers at the teacher’s school;
● (where applicable) staff at the teacher’s school’s MAT.
Sparx may disclose Parent Data to:
● teachers at the relevant student’s school; and
● (where applicable) staff at the relevant student’s school’s MAT.
Student Data, Teacher Data and Parent Data may also be disclosed to:
● Sparx staff; and
● support companies used by Sparx to deliver the Sparx Product (a list of our support companies is available
here).
We have binding written UK GDPR-compliant data processing contracts with each of our support companies, who are
carefully selected, audited and approved. Support companies may be based outside of the UK; however, where this is the
case, data transfers to them are subject to a legally enforceable mechanism which is permitted under UK GDPR as
outlined by the ICO. All such transfers are safeguarded by UK GDPR-compliant contractual mechanisms, and appropriate
technical and organisational measures are in place. This means personal data is governed by protections equivalent to as
if it was in the European Economic Area.
Our default position is to host personal student School Data in the European Economic Area. On occasions, for
example, when a teacher (contrary to our best practice guidance) includes student data in a feedback post, this could
result in personal data being processed in the USA.
Crucially, all personal data, regardless of processing location, will be strictly ring-fenced and explicitly excluded from any
and all subprocessor large language models (LLMs) or generative AI training. This safeguard is absolute and ensures
student data will not be used to train or improve third-party AI models.
Save for our support companies, Sparx will not share Student Data, Teacher Data or Parent Data with third parties without
the prior written permission of the relevant school. However, we may share anonymised data sets with third parties
without restriction, including for research, product development and other business purposes.

Server/Data Location: EEA

Retention Period:
Sparx does not keep personal data for longer than is necessary. School data and usage data is processed for the duration
of each school’s use of the Sparx Product. School data is retained after the school finishes using the Sparx Product or an
individual leaves the school for a maximum of two (2) years to fulfil school reporting and other requirements (including
continuity of service should the school wish to re-subscribe to the Sparx Product). Once school data is no longer
required for these purposes, or at the request of the school at any time after it finishes using the Sparx Product, it will be
permanently deleted so the remaining usage data is anonymised. The anonymised data sets will be owned by Sparx and
may be used for research, product development and other business purposes.

Curriculum Software

more information

Data Shared: child's name, date of birth, school, class and year group.  Educational progress data. Analytics data. Teacher contact info

Security Protocols:
Information is encrypted using SSL.  Therefore, transfers of information from the European Union to the USA are done in such a way as to ensure an adequate level of protection such as by using the EU-US privacy shield or another appropriate safeguard, such as the model contract clauses approved by the European Commission
Password protection of accounts. Sumdog assert that they put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, they say they limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Teacher Access: Yes

Server/Data Location: US

Retention Period: Upon leaving school

Learning and monitoring reporting software

Data Shared: Child’s full name, child’s date of birth, basic assessment data, photographs in school settings and/or in supervised school led trip setting

Sharing Basis: Consent; Parents can withdraw consent at any time

Security Protocols: Amazon Web Services, has been independently certified as ISO 874 27001 compliant. Any information will be collected and uploaded on a work provided device. Staff training will be provided. Access restrictions are in place. Strong password usage.

Access Conditions: No

Teacher Access: Yes, authorised personnel only

Server/Data Location: EU and the UK Amazon Web Services (AWS)

Retention Period: One full year after the child leaves Primary School

Curriculum software

more information

Data Shared: name, email

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: Upon leaving school (Requires account deletion if children have own login)

Transition between primary and secondary school

Data Shared: Transition activities / work done in transition lessons / pupil record

Sharing Basis: In the public interest and official authority of the data controller.

Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: United Kingdom (EEA)

Retention Period: DOB + 21 years or 3 years since the last log on

Social Media platform

more information

Data Shared: Photos, names, achievements, event details, location, IP address

Server/Data Location: Worldwide

Retention Period: Public

Destinations platform

Data Shared: Name, email address, gender and postcode, academic performance information, personal statement / CV

Sharing Basis: In the public interest and official authority of the data controller.

Security Protocols: Secure servers – technical and organisational measures. Password protection.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: Servers in EEA

Retention Period: 4 years after the platform is no longer accessed.

Venture Centre

more information

Data Shared: Name, age, DOB, gender, address, medical info

Server/Data Location: Paper copy

Retention Period: Shredded after visit

Youtube

more information

Data Shared: Image or voice, Name

Access Conditions: Supervised and unsupervised

Server/Data Location: Worldwide

Video meeting software

more information

Data Shared:
Your name, username and email address, or phone number, Cloud recordings, chat / instant messages, files, whiteboards, and other information shared while using the service, voice mails, IP address, MAC address, other device ID (UDID), device type, operating system type and version, client version, type of camera, microphone or speakers, connection type, etc. location, Duration of the meeting / Zoom Phone call, Email address, name, or other information that a participant enters to identify themselves in the meeting, Join and leave time of participants, Name of the meeting, Date / time that meeting was scheduled, Chat status (unless a setting is actively chosen by user), Call data records for Zoom Phone

Sharing Basis: Consent

Security Protocols:
Password protection, encryption – not end-to-end, only participants to meetings to be sent links, updates to be installed. Please note there are currently serious issues and no sensitive information should be shared on this platform. Privacy Shield applies.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: Data routed through servers in China. USA

Retention Period: Individual accounts when deleted