Privacy Notice for Users
Contact Information
The Assessment Foundation CIC
1651 Pershore Road
Birmingham
B30 3DR
0300 234 2345
support@assessmentfoundation.org
The data we collect about you and your staff
When your school or organisation works with the Assessment Foundation, we collect staff names, email addresses and job roles. If you choose to contact us using your private phone number or email address, we store that too.
When we provide other services, such as events or training sessions, we collect the details of the person attending when you make the booking.
Why we need this
Staff names are used in the system to identify them as users, and to help us assist you with support queries. When we work with your school, we need to ensure the right information reaches the right person - updates to the system, information we need from you to roll the school forward into the new academic year, etc.
As all schools are entitled to support, we use email addresses, phone numbers and school information to make sure we can identify and support any issues you have as quickly as possible. If you have made a booking with us, we'll use the information provided to contact you about the event.
From time to time, we may send you information about additional services that you may be interested in. You can opt out of these communications at any time, and it won't affect your service for the rest of the system.
System Usage Monitoring
In order to supply you with a system that performs well, and in order to better assist with any support queries you raise with us, our servers automatically collect some information while you are using the system. This data may include the Internet Protocol (IP) address, browser type and settings, what kind of device you are using, the date and time of usage and your language preference. All of this can be used to provide you with more precise support at the point of enquiry, and allows us to plan for accurate provision of services in the future.
Where we keep your data
We set up your staff with individual logins for the system. These logins can be rectified by users with administrator rights, or by contacting our Support Team.
We store school and staff information in our company database, and in the Incerts system itself. The Assessment Foundation will never share your personal data with any third parties for the purpose of marketing. Occasionally, if the systems we use to hold your data require maintenance, authorised access of GDPR compliant third parties will be allowed in order to perform repairs.
Data recorded in Incerts is transported over encrypted channels to server centres that are already fully GDPR compliant, and thereafter we apply the appropriate industry-standard protocols to protect it from unauthorised access.
Data Retention
If your school or organisation stops working with the Assessment Foundation, we retain your personal data for the maximum period that it is useful, unless instructed otherwise by you.
Your rights under GDPR
If you know or believe that any data we hold to perform these functions is incorrect or has changed, you have the right to request that we update it. You can also ask us at any time for details of the personal data we hold, and to update, rectify or remove it as you prefer. We may only use the data for the purposes agreed to when the data is collected from you.
Any such request should be directed to the contact details above.
If our data security is breached, we are required to notify you within 48 hours, and notify the data authority for the England and Wales, the Information Commissioners Office (ICO). If you believe we have failed in our duty to handle your data lawfully, securely and fairly, you can report this to the ICO. However, it is advisable that you raise the issue directly with us first, so that we can rectify the issue as soon as possible, before contacting the ICO if you wish.
For any request made to us, you have a right to a response and action within one month, and without undue delay.
Pupil data you supply for Incerts
When your school or organisation chooses to use the Incerts system, we need the following personal data at a minimum about the children being added to the system:
• Forename
• Surname
• Date of Birth
• Gender
• UPN
• Class
You can choose whether or not to add the following information to the system:
• Ethnicity code
• SEN status
• LAC status
• Other health/socio-economic data
Why we need this
We need a small amount of information about children so that we can add them to the system, and you can make your assessments easily. The UPN is required so that we can uniquely identify each child amongst the thousands of records we store, and including gender and date of birth allows you to use simple tracking and analysis features within the system.
If a child leaves your school, you can easily transfer their assessment data to their new school by contacting us. We can also amend their assessment data for you.
Sensitive data, such as ethnicity, is given voluntarily by you as the controller of pupil data, and is not required for normal use of the system.
How we process it
You can use our secure transfer site, https://transfer.incerts.org, to transfer your data to us. This system uses the highest level of industry standard security. Any data we return to you can be transferred by the same pathway.
If you give your permission as controller of the pupil data, we can send and receive data securely with your Local Authority, or any other institution you wish to share your data with.
When we receive the data, it is held in a secure location, and then uploaded to the Incerts system, where it can only be accessed by individuals with logins to the system.
If the systems we use to host your data require maintenance, the third party providers of those systems will sometimes be permitted access to the system. This is strictly limited to the task that they need to perform. In the event that the Assessment Foundation is unable to host the data you provide us with, a GDPR compliant third party supplier may be used to ensure continuity of service to you. Any such third party supplier will be subject to data protection agreements that mirror the agreement between the Assessment Foundation and your school.
Data recorded in Incerts is transported over encrypted channels to server centres that are already fully GDPR compliant, and thereafter we apply the appropriate industry-standard protocols to protect it from unauthorised access.
Data Retention
The Assessment Foundation will retain personal data provided in accordance with your instructions upon termination of the contract of service with us, and as required by applicable law. By default, we retain archive versions of your pupil data for the period requested by school inspectorates.
Your rights under GDPR
The Assessment Foundation act as a processor of your pupil data. This means that your school makes the decision to use our system for storage of the data, what it is used for, and when it is added, updated or removed. We can only use the data you provide us with for the purposes you agree to here.
If you know or believe that any data we hold to perform the functions listed above is incorrect or has changed, you have the right to request that we update it. You can also ask us at any time for details of the personal data we hold, and to update, rectify or remove it as you prefer. We must supply data to you in a portable format - i.e. in a format you can easily read and transfer to another system if needed.
Any such request should be directed to the contact details above.
If our data security is breached, we are required to notify you within 48 hours, and notify the data authority for the England and Wales, the Information Commissioners Office (ICO). If you believe we have failed in our duty to handle your data lawfully, securely and fairly, you can report this to the ICO. However, it is advisable that you raise the issue directly with us, so that we can rectify the matter or clarify your rights.
For any request made to us, you have a right to a response and action within one month, and without undue delay.