Data Security Policy
1.0 Data Protection
Act
DrStuartAtkinson.com Ltd is registered with the Information
Commissioner’s Office (ZA329439) and processes data in accordance with the Data
Protection Act 1998 and the Code of Practice issued by the regulators of
England, Wales and Northern Ireland.
1.1 Software Data Usage
For users of DrStuartAtkinson.com Ltd “Atkinson Report
Generator” software, DrStuartAtkinson.com
Ltd does NOT directly access or handle any personal student data. All
sensitive/personal data relating to students remains on the Users computer and
does not leave their computer. This includes personal data relating to:
candidates’ name(s), grades, gender and special educational needs (SEN) status
and a school’s own internal pupil identifier in the context of progress
analysis. This data is not shared with DrStuartAtkinson.com Ltd or any other
3rd parties. In this context, DrStuartAtkinson.com Ltd is not a “Data
Processor” under Article 28 of the GDPR but instead provides software for
securely processing data by the User locally.
The software provided by DrStuartAtkinson.com Ltd does
collect Usage, Account and Service data. This includes the user account data
(username and encrypted password, email and usage statistics) that integrate
the software to the online user account database. The legal basis for this
processing is our legitimate interests, namely the proper administration of our
website, software and business. Further details can be found on the privacy and
cookies policy on Our website.
1.2 Bespoke Development & Software Troubleshooting
Under some situations it may be necessary for a User to
share student data with DrStuartAtkinson.com Ltd. This includes personal data
relating to: candidates’ name(s), grades, gender and special educational needs
(SEN) status and a school’s own internal pupil identifier. This could be for
one or more of the following administrative activities in relation to the
processing of candidates’ personal data: troubleshooting or bespoke software
development in the context of progress analysis. This process will only be undertaken with the prior agreement with the
User/Customer via a secure and agreed method of data transfer or remotely via
secure screen sharing. In this instance such data received will not be used
for any other purposes by DrStuartAtkinson.com Ltd. In the aforementioned
instances of data access by DrStuartAtkinson.com Ltd, We:
• will only
act on the Customers written instructions (unless you are legally required to
act without our prior instructions), including the transfer of any personal
data to a country outside the European Union
• will
ensure that all persons engaged in processing Your data are under a strict duty
of confidentiality
• will take
appropriate measures to ensure the security of personal data
• will only
engage a sub-processor with our prior written authorisation and the
sub-processor must be subject to a written agreement which meets all the
requirements of Your contract
• will
assist a Customer in responding to any requests from individuals exercising
their rights under the GDPR
• will
assist a Customer in meeting Their obligations under the GDPR, in particular, Their obligations relating to the security of processing,
the notification of a personal data breach and data protection impact
assessments
• will
delete or return all personal data to a Customer at the end of the Contract
period
• will
submit to audits and inspections, provide the Customer with whatever
information we need to ensure that both organisations meet our respective
obligations under Article 28 of the GDPR and will inform the Customer if We are
asked to do something with Your personal data which We believe would infringe
the GDPR or other applicable data protection laws.
It is recommended that schools/colleges include
DrStuartAtkinson.com Ltd within their ‘fair processing notice’ (please see
example below).
1.3 Fair Processing Notice
The following is an example of a ‘fair processing notice’
entry that existing customers should feel free to use within their school’s
notice.
“DrStuartAtkinson.com
Ltd: a third-party organisation called DrStuartAtkinson.com Ltd provides Software
and services that are valuable in helping educational organisations to monitor
and improve the quality of education they provide by allowing them to analyse
student, class and subject performance in great depth. DrStuartAtkinson.com Ltd
does not handle student data for most services, whereby sensitive data remains
securely under the control of the School and is analysed through use of the
Software locally on the Users computer.
In addition, the
school may request the services of one or more of DrStuartAtkinson.com Ltd Data
Consultants to assist with the provision of software products in terms of
bespoke development or troubleshooting. This may require the School to send
information about learners to DrStuartAtkinson.com Ltd. The information
required by DrStuartAtkinson.com Ltd in this context includes the pupil’s first
name, surname, gender, ethnicity, grades, SEN code and other factors such as
‘Pupil Premium’ and ‘Children in Care’ status. The purpose of this may also require
authorised remote access to the school’s management information system (MIS) or
Data handling system (4Matrix/SISRA), which could mean access to sensitive personal
data. The school will fully supervise any access while the Data Consultant
provides services and remain responsible for any data processing that the Data
Consultant might perform.
Data Protection
Officer, DrStuartAtkinson.com Ltd, 35 Drake Avenue, Teignmouth, Devon, TQ14 9NA”
2.0 Data Storage
All data uploaded into the Software produced by
DrStuartAtkinson.com Ltd is NOT sent or stored on any external servers and
remains securely on the User’s PC. The only data transferred to our system is
account User usage data which is set out in our privacy policy on our website.
DrStuartAtkinson.com Ltd uses a combination of the Secure Hypertext Transfer
Protocol (HTTPS) along with the Secure Sockets Layer (SSL) protocol to provide
encrypted communication and secure identification of our web servers.
3.0 Data Encryption
DrStuartAtkinson.com Ltd uses a combination of the Secure
Hypertext Transfer Protocol (HTTPS) along with the Secure Sockets Layer (SSL)
protocol to provide encrypted communication and secure identification of our
web servers.
Please also see our Privacy and Cookies policy for details on how we use data on our website.