DATAPROTECTION AND GDPR COMPLIANCE
DEFINITIONS – See Earwig School Terms and Conditions
This agreement supports the joint obligation between EarwigClient Schools and Earwig AcademicReporting Ltd to comply not only with the Data Protection Act 2003 and the Information Commissioner’s Office (ICO) mandate, but also the General Data Protection Regulations (GDPR) in force from May 2018. It details the data objects and items that are shared, and the use, storage, and security of the data that Schools share with Earwig Academic Reporting Ltd (Earwig).
All the personal data about school staff or pupils held by Earwig has been supplied by the School. The School is the Controller of this data for the purpose of the GDPR and Earwig is acting merely as the agent of the School in applying this data for purposes approved by the School. It is therefore the responsibility of the School to ensure that this data is kept secure and accurate. Earwig will do whatever is necessary to ensure compliance with the letter and spirit of the regulations, as follows.
The principles which Earwig applies to the management ofpersonal data are
Use of the Earwig software by any authorised staff at any educational establishment which has an account with Earwig or payment of an Earwig invoice indicates acceptance by that entity of these terms.
PERSONAL INFORMATION
Below is the list of personal information which Earwig requires in order to provide the Earwig service. Where appropriate, the data is classified in accordance with the UK Government’s Information Security DesignManual Business Impact Levels.
1. PERSONAL INFORMATION ABOUT PUPILS WHO ARECURRENTLY ON ROLL:
2. PERSONAL INFORMATION ABOUT STAFF CURRENTLYIN THE EMPLOYMENT OF THE SCHOOL:
3. INFORMATION ABOUT THE SCHOOL:
4. INFORMATION ABOUT PARENTS:
INFORMATION MANAGEMENT
We do not collect or retain credit card information.
We do not provide or sell any personal information tothird parties. This information is only available to the relevant client school and certain employees and contractors who have a need for it in the execution of their job. All Earwig employees and contractors with access to this information hold current DBS certificates.
We may use independent contractors to provide technology services on our behalf. Such third parties may have access to personal information in the course of providing services on our behalf. Any personal information that we provide to such third parties is protected under a confidentiality agreement. Such third parties will have current DBS certificates and take commercially reasonable measures to keep your personal information safe, private and secure.
We automatically collect and store:
We use this information only as anonymous aggregate data to determine the number of visitors to different sections of our sites, to ensure the sites are working properly, and to help us make our sites more useful. We do not use it to track or record information about individuals.
When you use our services as a registered user, we utilize cookies to store information about your visits to make your revisits more efficient for you and us. It is necessary to place the cookie on your computer’s hard drive in order for us to do this. We do not sell or give this information to any outside parties.
We use commercially reasonable measures to provide secure transmission of personal information to us. You should be aware that there is a level of risk involved in transmitting information over the Internet. As aresult, we cannot ensure or warrant the security of the information that is transmitted over the Internet, and that you do so at your own risk.
Earwig does not host any advertisements on our operational site.
Our operational website does not contain links to sites other than those managed by Earwig.
DATA UPDATE AND SECURITY PROCESSES
It is the responsibility of the School to ensure that the data in Earwig is always current.
If the School cannot implement an automated update process it will be the responsibility of the School to ensure that all pupil and staff data is updated manually.
All user activity is logged and access is restricted by password (12 digit if required) and by multi-factor authentication. School groups may also request a controlled Single Sign On facility.
The data held by Earwig is protected from exposure by in situ encryption, multiple layers of firewalling, authentication, intrusion detection and physical access control.
OTHER DATA SECURITY INFORMATION
Earwig is registered with the UK ICO. CertificateNo. ZB450961.
The Earwig Data Controller is Mark Hindmarsh – CustomerServices Director.
Earwig access controls satisfy Cyber Essentialsrequirements.
DATA RETENTION
Under current legislation, each client school may determine the length of time that data about individuals is held in Earwig after that individual ceases to have a day-to-day relationship with the school.
By default, in order to fulfil its obligations for historic data and performance analysis under its contract with schools, Earwig will retain all media and associated metadata for five years after the last User tagged to that media has been Archived. Then it will be deleted. However,any client school may change the retention period for that school by requesting a different retention period in writing.
EARWIG AND CYBER ESSENTIALS
Cyber Essentials is a UK Government sponsored scheme to provide the users of commercial software packages withe the necessary guidance to ensure that the software they are using is protected, as far as possible, from cyber attack. School data coordinators are now required to seek Cyber Essentials certification to ensure that their networks are as secure as possible.
To achieve this certification, they need to ensure that the software used by staff provides secure access procedures. Earwig does this by offering twelve digit password protection and multi-factor authentication.