This statement underpins the policies, promises and contracts we make with schools relating to the education data that ScholarPack processes.
What is ScholarPack?
ScholarPack is a secure, cloud-based management information system (MIS) that stores and processes your school data.
Privacy and Data Protection Statement
-
Introduction
Privacy and security are at the heart of everything we do at ScholarPack. This statement explains the key measures we’ve put in place to ensure that a school’s data is kept secure and processed appropriately at all times. It also covers our commitments to you, and what we expect from schools in terms of privacy and data protection.
-
Our Principles
We:
- Hold school data for the purposes of education management and school improvement only, and only for those purposes necessary to provide the service explicitly offered to schools
- Adhere strictly to the terms of the Data Protection Act 1998 and any future amendments or applicable legislation, such as GDPR (2018)
- Only store and process the minimum data required to provide our services
- Transport and store all personal data originating from schools using modern and best practice encryption technologies. This includes Secure Socket Layers (SSL/TLS) for encrypted data transfer over the internet and encryption of all data at rest
- Comply with all Subject Access Requests made relating to the data we store
- Ensure that all data is held securely by taking steps so that data is not corrupted or lost
- Ensure that all staff having access to personal data hold a valid Disclosure and Barring Service certificate
- Always maintain adequate liability insurance
- Audit our services against this pledge every 12 months and provide evidence of compliance to the other party whenever requested
- Report any breaches of security to the data controller, the Information Commissioner’s Office (ICO) and other authorities if required by law, and, in co-operation with the data controller, to data subjects
We DO NOT:
- Store or transport personal or sensitive data outside of the UK, except where personal emails you send through ScholarPack may be processed (not stored) by servers in the US
- Share your data with any third parties except where explicitly requested by you or required by law
- Use your data for the purposes of advertising or marketing, except where it is relevant to your usage of the system itself (e.g. awareness of new functionality)
- Transport personal data originating from schools in an unencrypted format
- Claim ownership or exclusive rights over any of the data processed or created as part of services provided to you
-
Security and Encryption
We take every reasonable measure to ensure we store data securely. The ScholarPack platform is developed using secure technologies, which include, but are not limited to the following:
- All personal and sensitive ScholarPack data is stored and transported within the UK
- All external data transmissions to and from the ScholarPack Platform are encrypted using modern SSL/TLS protocols and ciphers
- Encryption at rest i.e. when stored on a disk or laptop
- We use encrypted passwords
- All servers are situated in secure locations
-
Staff access to data
ScholarPack does not look ‘under the hood’ or inspect any of the data we store. The only exceptions to this are where a school has explicitly given us permission to inspect their data; for example, to provide technical support to correct a technical problem.
All our staff are required to agree that they will abide by the Security and Data Protection Policy at all times.
-
Deleting and Retaining Data
We retain personal data on our platform for as long as necessary to provide the ScholarPack service. If a school terminates their contract with ScholarPack, we will delete their personal data within 6 months.
-
ScholarPack and Third Party applications
Schools are responsible for accepting the terms and conditions of third party applications.
Before we allow Third Party Applications to access school data, schools must authorise the requests to connect to their data and review the type of data that an application is requesting. These permissions can be revoked at any time by the school.
-
Privacy or Security Breaches
We take all reasonable and necessary precautions to ensure that your data is secure and to recognise and then mitigate the risks to security and privacy. However, it is not possible to 100% guarantee the security of any data transmitted or stored electronically. In the event that a breach of security or privacy did occur, ScholarPack will contact Data Controller of the affected data, and inform the Information Commissioner’s Office (ICO), and other authorities, if required by law.
Information for students and parents
ScholarPack, as the Data Processor, only has access to pupil data as requested by the school, as Data Controller, and only for the purposes of performing services on a school’s behalf.
Your child’s school remains the Data Controller of any pupil data we process. If you have questions about your or your child’s data or how your school is making use of our service, please contact the school directly. Any pupil or parent/guardian enquiries we receive will be directed to the relevant school as the Data Controller for that child’s or parent’s/guardian’s data.