How we accommodate the General Data Protection Regulation (GDPR)
- ‘The Right to be Informed’
- ‘The Right to Restrict Processing’
- ‘The Right to Portability’
- ‘The Right to Object’
- ‘The Right of Access’
- ‘The Right of Rectication’
- ‘The Right of Erasure’
Lawful Basis and Transparency
We collect very minimal information from parents and teachers. The information relating to children comes from the respective parent and/or teacher and does not extend beyond their name and grade level. We do not need their full name at all and in fact many schools now use a nickname or code.
Collecting data for a purpose
|Teacher’s first name, surname, email
Teacher’s manage their student accounts. Collecting teacher’s email enables Studyladder to communicate with them and offer support when needed.
Authorises free access as teachers need to be connected to a school. Enables teachers to utilise whole school tools like sharing classes etc.
|Grade level of class
To set a default grade for resources.
|Adult’s first name, surname, email
To manage a child’s account. Email addresses enables us to communicate and offer support.
Student accounts (created by teachers)
|First name, Surname (Surname not required. Most teachers add first names only and many use nicknames or code names) Studyladder does not collect student emails.
To personalise each child’s account and to provide them with usernames and passwords. Enables parents to set tasks, receive reports and manage their childrens’ accounts.
Student accounts (created by parents)
|First name, Surname (Surname not required)
To personalise each child’s account and to provide students with usernames and passwords. Enables teachers to set tasks, receive reports and manage their student’s accounts.
Results are used in a point system for student rewards, to indicate completion of activities and for reports to teachers and parents.
Access to data
Access to data is allowed only as required with strong directives in our internal policy relating to privacy.
Studyladder does not share personal information with any third party.
How we protect the data
Secure hosting practices and resources provided by Amazon Web Services
Controls on access
Staff training and policies
Data is deleted when requested by a registered user.
Legal justification for processing of data
Consent for Teacher and parent/supervision accounts
When teachers and parents/guardians register they give consent to the processing of their own personal data by agreeing to terms upon registration.
Consent for Students under 16 years of age
School accounts for students are created by teachers. Parents are prompted to sign up for parent/supervision accounts in order to oversee their child's activities when using outside school hours.
Student home accounts are created by parents/guardians.
Information about data processing clearly provided
Data protection by design and default
Data protection, privacy and security are our highest priorities and are taken into account at all stages of development of our site and programs.
Studyladder has an internal security, privacy and data protection policy in place for all staff.
Encrypt, pseudonymise, or anonymise personal data wherever possible
Data is encrypted wherever feasible. Including protection of data while in transit over public networks in web applications and database systems.
Create an internal security policy for team members and build awareness about data protection
Operational security includes:
- Internal measures and policies that ensures that staff are knowledgeable about data security
- Confidentiality agreements
- Data is only accessible to staff that require access – technical employees
- Staff are uniquely identifiable
- Password protected devices
- Two factor authentication to access data
Data protection impact assessments
Studyladder has successfully taken part in the National Education Risk Assessment. The assessment measured technical and business processes regarding data security and privacy.
Processes to notify authorities and data subjects in the event of a data breach
Policies to ensure that users affected are informed in case of a data breach.
Accountability and Governance
Data protection, privacy and confidentiality are important to Studyladder. Because of this importance our Director has direct involvement in data security and privacy (Studyladder has a dedicated Data Security officer that oversees all of Studyladder's security and compliance. For more information email firstname.lastname@example.org).
Studyladder is hosted on Amazon Web Services. Amazon Web Services are one of the largest hosting companies in the world and are certified compliant with a wide range of security and data protection standards. More details here: http://aws.amazon.com/compliance/. Studyladder backups and all student result data is encrypted before storage. We use the AES-256 encryption scheme, which is an industry standard, certified, encryption scheme.
GDPR compliance Officer
Data processing agreements between Study Ladder and third parties that process data
N/A – Studyladder does not share personal data with any third party.
Data Protection Officer
Studyladder’s Data Protection Officer can be contacted via the contact us link on our homepage or email@example.com (attention to ‘Data Protection Officer’).
We do not sell or pass on information to any third party.
All of the information Studyladder holds on any user is available for them to see via their account at Studyladder. Parents can create free parent accounts to view all of their child's data.
Most data can be changed by the teacher or parent. For anything that cannot be altered by the user, an email can be sent to firstname.lastname@example.org and we will investigate and change as required.
Studyladder has a deletion process in place. This will result in a complete deletion of all data.