StudentFolder is a web and mobile based application, which at its heart, reproduces the traditional paper diary given to students, and includes provision for class based homework, notes and alerts, timetables and key resources. For wider school information, it also includes an announcements option which allows key news and announcements to be sent to larger groups, such as pupils, parents and teachers. As part of our modular approach, StudentFolder also has an optional “Learning Zone” which includes, whole school personal learning checklists, class and scheme of work specific assessments and quizzes.
When we refer to ’’we’’, ’’our’’ or StudentFolder we are referring to Grayson Solutions Ltd.
Our Data Protection Officer and data protection representatives can be contacted directly by email: email@example.com
This policy applies to all staff, students and parentsregistered with StudentFolder (data subjects) whose personal data is collected in line with the requirements of the GDPR by Grayson Solutions Limited (t/aStudentFolder).
3.1 It is the responsibility of StudentFolder to ensure this document is available to schools who have or wish to have access to the StudentFolder application. It is the responsibility of the school to ensure that they bring the existence of this policy to all staff, students and parents who are or may use StudentFolder prior to first use.
3.2 All employees and workers of StudentFolder must ensure that they keep the legal basis for processing under review at all times and, in the case of consent, maintain adequate records and ensure that they have a genuine belief that consent has been given before processing data.
4. Privacy Notice
StudentFolder is known as a data processor. The school who uses StudentFolder is known as the data controller. As a data controller, the school collects and stores specific information to conduct its statutory obligations. StudentFolder assists the school in meeting those obligations under a contract between the School and StudentFolder. Save for one situation, we only “process” data that the school provides to us, which has already been legally obtained.
The situation where we hold and process further information is our Learning Zone module. We hold data relating to student and teacher assessment via personal checklists and quizzes.
The personal data that we collect depends upon whether you are a student, member of staff, or a parent. Working with the school we process the least amount of data necessary for StudentFolder to function correctly.
Student and Staff can obtain a full list of all the data we process from the School directly.
For parents, we collect the following information
Contact email (used for registration and login)
Your relationship to the Student (ie Parent/Carer, Parental Responsibility, Lives with child)
We need this latter information to ensure controlled access by the parent to the relevant student.
When you register, you submit a password. This is never seen by us. It is stored in an encrypted format that cannot be decoded. This password is necessary to ensure that you are authorized to view your specific child’s data.
We use a Google service to obtain usage statistics. For example, to identify whensomeoneis using the application, total page visits etc. The service can only identify whether you are a parent, student or member of staff. All other information is anonymized.
Legal basis for processing personal data
The legal basis for processing data was set out briefly above. In detail, we use the following legal bases for processing your data:
Parents – Our legal basis for collecting and processing your data is “consent”. This means that before you can use StudentFolder to view your child’s school information, you must give us (via the School) consent (either via electronic means or in writing).
Where we have obtained your explicit consent it may be withdrawn at any time by contacting us via email with your registered email address.
Staff and Students – Our legal basis for processing your data is “contract”. We have a contract with your school to provide this service which requires access to the specific data the school provides us under that contract. The school will have its own basis for collecting the data initially such as a legal obligation or public interest as this forms part of the curriculum for your education and the school has chosen our software as the primary method of communicating homework and other services to you.
We do not collect or process data defined as ‘special categories’ by the ICO such as: Racial; Ethnic origin; Political opinions; Religious beliefs; Philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Data concerning a natural person’s sex life or Sexual orientation.
In certain circumstances, you may object to us processing your data by contacting your school directly. Your school will then work with us to block any future data coming through to our system. We will then remove / anonymise all your personal data on our system within 28 days of the request being made.
We do not use any of your data we process for using StudentFolder to undertake marketing activities. Our marketing activities are aimed solely at specific members of staff, who provide consent for marketing separately from our application.
In most circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. Further information is available on request about the factors we shall consider when deciding whether information should be disclosed.
Except as set out above StudentFolder will not pass on your personal data to new third parties without first obtaining your consent. All third parties will have in place agreements consistent with GDPR requirements. We will never sell your data to third parties. As part of our processing, we use the following sub processors:
- Wonde Limited (United Kingdom): Used to transfer all data from your school’s MIS to our servers.
Our servers are housed in a secure data centre located in the United Kingdom.
StudentFolder will process and store personal data for students, parents, teachers and school staff members for the duration of the schools license with us. If you leave the school during an active license with your school we will delete or anonymise your personal data within 28 days of your account being deleted by your school.
If you have opted out to your data being processed we will delete your data within 28 days of your opt out being received.
Your rights as a data subject
During the period that we hold or process your personal data, you have certain rights. The following is a list of those rights:
- Right of access – you have the right to request a copy of the information that we hold about you. Other than assessment data, this will be information already held by your school.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. As we take data ferom the School’s management information system, in the first instance, you should contact the school to rectify your information, following which our database will be automatically modified to reflect the changes made by the school.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Again, we only process data provided by the School. If you wish to exercise this right, in the first instance you should contact the school and we will work with them to achieve your request.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
In the event that you wish to make a complaint about how your personal data is being processed by StudentFolder (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and StudentFolder’s Data Protection Officer.
The details for each of these contacts are:
Supervisory authority contact details:
Contact Name: Information Commissioner’s Office (ICO)
Contact Details: https://ico.org.uk/concerns/
Data Protection Officer (DPO) contact details:
Contact Name: Ms Jennifer Andrews
Contact Details: firstname.lastname@example.org