Data Protection

Phonics Tracker ("We") are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be held and processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By subscribing (by subscription or trial), and using the site, you are accepting and consenting to the practices described in this policy. If you do not agree to the terms of this Privacy Policy, please do not use the site.
Our Policy has been updated in accordance with the new GDPR legislation. To the best of our knowledge, and in line with legal advice and auditting that we have undertaken, we are compliant with GDPR policies.
If you have any questions or concerns please do not hesitate to contact us.

Definitions

In this Schedule, the following terms shall have the following meanings:

  1. "Controller", "Processor", "Data Subject", "Personal Data" and "Processing" (and "Process") shall have the meanings given in Applicable Data Protection Law as amended from time to time;
  2. "Applicable Data Protection Law" From 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  3. "Company" means Phonics Tracker Limited (us)
  4. "School" means the relevant school or establishment using the Product;
  5. "School Data" means Personal Data relating to students, parents and guardians, and staff at the School, and other data regarding the school, including year group information;
  6. "Product" means the any us of Phonics Tracker - website, printed reports or printed sheets.
  7. Phonics Tracker considers themselves to be a processor of data. The school is the controller of data.
General Provisions
  1. By continuing to use Phonics Tracker, and by providing us with the school data, the School agrees to the terms of this schedule.
  2. The school and the company acknowledge that, for the purposes of applicable data Protection Law, the Company is a Processor and the School is a Controller in respect of the School Data comprising Personal Data
Data Subjects

The School Data to be processed concern the following categories of Data Subjects:

  1. Pupils
  2. Staff
Categories of Data

The School Data to be Processed concern the following categories of data:

  1. school name and contact information (including school postal address, phone number and email address), teachers’ names and contact information (including phone numbers and email addresses), pupils’ names, pupils’ data (including SEN status, Pupil Premium status, gender, English as an Additional Language status and class year groups; This data is optional and does not need to be entered into the Tracker.
  2. details of interactions that the School and its Data Subjects have with us regarding the Product, together with any other information that the School and its Data Subjects choose to provide us with, for example, through correspondence and interactions with our customer and technical support teams;
  3. information collected automatically relating to the Product about how a user’s device has interacted with the Site, including the pages accessed and links clicked, download errors, length of visits to certain pages, page interaction information, and methods used to browse away from any page;
  4. the answers provided by users of the Product to the phonemes and words.
Processing Operations / Permitted Purpose

The School Data will be obtained, held and used by the Company to enable the Company to carry out its obligations arising from the terms and conditions entered into between the School and the Company regarding the use by the School and its users of the Product, including the Site and Apps.

  1. The Company and the School shall comply with all Applicable Data Protection Law in respect of the Processing of the data.
  2. The Company shall Process the Data as a Processor for the purposes described in Annex A to this Schedule and otherwise strictly in accordance with the instructions of the School (the "Permitted Purpose"), except where otherwise required by any EU (or any EU Member State) law applicable to the Company.
  3. The School hereby instructs and authorises the Company to process the Data for the purposes described in Annex A to this Schedule, and as otherwise reasonably necessary to enable the Company to provide the Product to the School.
  4. The School warrants and represents that it has obtained all consents from individuals (including students, parents and guardians, and staff at the School) whose Data the School supplies to the Company in connection with the School’s use of the Product for the lawful Processing of the Data. The School shall indemnify the Company against all costs, claims, damages, expenses, losses and liabilities incurred by the Company arising out of or in connection with any failure (or alleged failure) by the School to obtain such consents.
International Transfers
  1. The Company shall not transfer the Data outside of the United Kingdom, and if it ever arises guarantees will be used to check the transferring in accordance with legislation.
Confidentiality of Processing
  1. The Company shall ensure that any person that it authorises to Process the Data (including the Company’s staff, agents and subcontractors) (an "Authorised Person") shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty or otherwise), and shall not permit any person to Process the Data who is not under such a duty of confidentiality.
  2. The Company shall ensure that all Authorised Persons Process the Data only as necessary for the Permitted Purpose.
Security
  1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing to be carried out by the Company, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Company shall implement appropriate technical and organisational measures to protect the Data from (i) accidental or unlawful destruction, (ii) accidental loss, alteration, unauthorised disclosure or access, and (iii) any other breach of security ((i), (ii) and (iii) together, a "Security Incident") in each case appropriate to that risk.
Subcontracting
  1. The Company may appoint sub-contractors to carry out any or all of its Processing activities.
  2. The School hereby authorises the Company to appoint third parties to provide web and app development services to the Company in connection with the Product, and third parties to provide electronic data storage and transmission services to the Company in connection with the Product.
  3. The School hereby authorises the Company to appoint the sub-contractors listed below to this Schedule to carry out Processing activities in connection with the Data. The Company shall use reasonable endeavours to promptly notify the School of any changes to the identity of such third parties from time-to-time.
  4. Where the Company appoints a sub-contractor pursuant to this paragraph 6, it shall ensure that the Company imposes data protection terms on any sub-contractor it appoints that protect the Data to the same standard as those provided for in this schedule, and meet the requirements of Applicable Data Protection Law.
  5. The Company acknowledges that it remains fully liable for the acts, errors or omissions of any of its sub-contractors in respect of the Processing of the Data.
  6. Our subcontractors are:
    1. HostingUK.net (https://hostinguk.net) for Electronic data storage, cloud server and transmission service.
    2. Sage ( https://www.sage.com ) for invoicing and accounting.
Cooperation and Data Subjects' Rights
  1. The Company shall provide all reasonable and timely assistance (including by appropriate technical and organisational measures) to the School (at the School’s expense) to enable the School to respond to:
    1. any request from a Data Subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and
    2. any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the processing of the Data.
  2. In the event that any such request, correspondence, enquiry or complaint is made directly to the Company, the Company shall promptly inform the School providing full details of the same and the School shall provide all reasonable and timely assistance to the Company to enable the Company to take appropriate action.
Data Protection Impact Assessment
  1. If the Company believes or becomes aware that its Processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall promptly inform the School and provide the School with all such reasonable and timely assistance as the School may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
Security Incidents
  1. Upon becoming aware of a Security Incident, the affected party shall inform the other party without undue delay and shall provide all such timely information and cooperation as the other party may reasonably require including in order for the affected party to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law.
  2. The parties shall each further take all such measures and actions as are reasonably necessary to remedy or mitigate the effects of the Security Incident and shall keep the other party up-to-date about all developments in connection with the Security Incident.
Deletion or Return of Data
  1. Upon written request by the School, the Company shall destroy all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing).
  2. This requirement shall not apply to the extent that the Company is required by any EU (or any EU Member State) law to retain some or all of the Data, in which event the Company shall isolate and protect the Data from any further processing except to the extent required by such law.
Audit
  1. The Company shall permit the School (or its appointed third party auditors) to audit the Company's compliance with this Schedule, and shall make available to the School all information, systems and staff reasonably necessary for the School (or its third party auditors) to conduct such audit.
  2. The School will not exercise its audit rights more than once in any twelve (12) calendar month period, except (i) if and when required by instruction of a competent data protection authority; or (ii) the School believes a further audit is necessary due to a Security Incident suffered by the Company.
  3. The information and audit rights of the School shall apply only to the extent required by Applicable Data Protection Law.
  4. The School shall give the Company reasonable notice of any audit or inspection that it wishes to conduct, and shall (and shall ensure that any nominated auditor shall) avoid causing (or, if it cannot avoid, minimise) any damage, injury or disruption to the Company or its sub-contractors’ business.
Information we may collect from you

We use information held about you in the following ways:

  1. Information you give to us. We will use this information:
    1. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
    2. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
    3. to provide you with tips on how to use parts of the service, information about new features on our site.
    4. to notify you about changes, improvements, and upgrades to our service;
    5. to ensure that content from our site is presented in the most effective manner for you and for your computer;
    6. where applicable, to allow you to see how different groups of learners in your school - for example, boys/girls, pupil premium/non-pupil premium, SEN/non-SEN, etc. – are performing.
  2. Information we collect about you. We will use this information:
    1. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    2. to improve our site to ensure that content is presented in the most effective manner for you and for your computer and to enhance the site generally;
    3. to calculate your phonics scores and those of your pupil(s);
    4. for the preparation of statistical reports and data analysis to assist us in enhancing the learning from our site;
    5. as part of our efforts to keep our site safe and secure.
  3. Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Cookies
  1. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them please see relevant paragraph below.
Uses made of the information

We use information held about you in the following ways:

  1. Information you give to us. We will use this information:
    1. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
    2. to provide you with tips on how to use parts of the service, information about new features on our site.
    3. to notify you about changes, improvements, and upgrades to our service;
    4. to ensure that content from our site is presented in the most effective manner for you and for your computer;
    5. where applicable, to allow you to see how different groups of learners in your school - for example, boys/girls, pupil premium/non-pupil premium, SEN/non-SEN, etc. – are performing.
  2. Information we collect about you. We will use this information:
    1. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    2. to improve our site to ensure that content is presented in the most effective manner for you and for your computer and to enhance the site generally;
    3. to calculate your phonics scores and those of your pupil(s);
    4. for the preparation of statistical reports and data analysis to assist us in enhancing the learning from our site;
    5. as part of our efforts to keep our site safe and secure.
  3. Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
  1. We do not sell your personal information to third parties.
  2. We do not share your personal information to third parties.
  3. We have no plans to share or aggregate your data with any third parties, should this change you will be notified and will never be done without your prior consent.
  4. We reserve the right to use the information for our own purposes enhance the learning from our site including the preparation of statistical reports and data analysis;
  5. We may disclose your personal information to third parties:
    1. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
    2. If Phonics Tracker Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
    3. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Phonics Tracker our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your personal data
  1. The data that we collect from you is stored on servers in the United Kingdom. This includes data about the school or family (name and address), the teachers or parents (names, email addresses, scores) and the pupils or children (identifying information - if the teacher or parent has provided them - and scores).
  2. If you are concerned about sharing personal data we recommend you self anonymise your data by using only surname initials for example, Charlie H.
  3. You and your staff are responsible for keeping your passwords confidential. We ask you not to share a password with anyone.
  4. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your Rights
  1. You have the right to ask us not to process your personal data for marketing purposes.
  2. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to your Information
  1. You have the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision-making including profiling.
  2. Your rights can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you and/or your pupil(s).
  3. We will have a month to comply with your access request. We can refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request,we will tell you why and that you have the right to complain to the supervisory authority and to a judicial remedy.
Changes to our Privacy Policy
  1. We reserve the right to make changes to, modify, or revise this Privacy Policy at any time. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. You will be deemed to have consented to such variations or changes by your continued use of the site following any such changes being made.
Cookie Policy
  1. A cookie is a little piece of information handed to a web browser from a web server that contains information that can be retrieved from the server later. When you visit the site the server may attach a cookie to your computer’s memory. We use cookies only to remember what language is set, which school last logged into the machine and the session cookie for knowing who is logged in. You should be able to configure your browser so that it disables cookies.
  2. To help us better understand your needs, we also use analytical software. This software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the site, but will not store, save or collect personal information. You can read Google’s privacy policy here at support.google.com for further information.
Disclaimer of Liability
  1. The Company shall have no liability to the School, whether arising in contract, tort (including negligence), breach of statutory duty or otherwise, for or in connection with:
    1. loss, interception or corruption of any Data resulting from any negligence or default by any provider of telecommunications services to the Company or the School;
    2. any loss arising from the default or negligence of any supplier to the School;
    3. damage to reputation or goodwill; and/or
    4. any indirect or consequential loss.
  2. Nothing in this clause shall limit the liability of the Company for any death or personal injury caused by its negligence, fraud or fraudulent misrepresentation, or any other matter for which liability cannot be limited or excluded as a matter of law.