The Data Protection Act (DPA) was superseded by the General Data Protection Regulation (GDPR) on 25th May 2018. It is important for schools to ensure that that their own systems - and those of any organisations that process data on their behalf - satisfy the requirements of GDPR.
Scope: which personal and special category data are held?
Ian Stokes Education Ltd will only ask schools to share (and schools should only provide) data which are required for Ian Stokes Education Ltd to deliver those services which have been specifically requested by the school. These services typically include the analysis of pupil performance and contextual data, and the delivery of training in the use and understanding of pupil performance data.
Depending on the services the school has commissioned Ian Stokes Education Ltd to provide, the following personal and special category data may be held by Ian Stokes Education Ltd:
Personal Data
Special Category Data
When commissioning Ian Stokes Education Ltd to supply services which involves the sharing of personal data, a Data Processing Agreement will be drafted and signed by both parties. This agreement will specify the data to be shared and the purposes for which it is used.
Ian Stokes Education Ltd also holds information on its customers. This information is limited to:
Sharing: does any personal data held by Ian Stokes Education Ltd flow onto anywhere else?
Ian Stokes Education Ltd will not share or transfer any personal data to third parties. Ian Stokes Education Ltd will not share customer information with third party organisations unless specifically requested or agreed by the customer. Ian Stokes Education Ltd may seek permission from the customer to use feedback provided by customers, for the purpose of testimonials, references and marketing.
Retention: What is Ian Stokes Education Ltd’s data retention policy?
Pupil & school data
Customer data
Access: how can a school access their information held by Ian Stokes Education Ltd?
Pupil & school data: Any pupil or school data provided to Ian Stokes Education Ltd by the school should also be retained in the school’s own systems and there should be no need to access these data via Ian Stokes Education Ltd. However, if a school does wish to receive copies of any data held by Ian Stokes Education Ltd, this should be requested in writing. All requests for information will be responded to within 5 working days.
Customer data: A school can request a copy of its customer data, in writing. All requests for information will be responded to within 5 working days.
Security: How does Ian Stokes Education Ltd ensure the security of the personal data it holds?
What recognised standards are in place?
All electronic pupil and school data held by Ian Stokes Education Ltd are stored only on physical media, secured by industry-standard encryption software (e.g. BitLocker).Ian Stokes Education Ltd does not store personal data on remote, cloud-based servers (such as Microsoft One Drive or Google Drive). All pupil and school data (stored on computer devices or on paper) are held securely on site in a locked safe. Data are transferred between Ian Stokes Education Ltd to schools via secure email with end-to-end encryption. Ian Stokes Education Ltd will not include personal data in an unencrypted email. Any personal data transferred via email will be in the form of a secure, encrypted attachment. Schools should not send personal data to Ian Stokes Education Ltd in an unencrypted email or an unencrypted email attachment.
Ian Stokes Education Ltd is registered with the Information Commissioner’s Office (reference ZA233413).
Copyright © Ian Stokes Education Ltd - All Rights Reserved.
Powered by GoDaddy