Privacy Policy
Stat Solutions Ltd. has developed a reputation as one of the leading companies for Education Data analysis support and dedicated to protecting all data provided.
This Privacy Notice has been designed to explain how and why we collect, use, store and delete data as well as how long it is kept for and if any third parties are involved. Your rights will also be clarified. This Privacy Policy applies to use of all our data processing and websites (and web-based services) on which a link to this policy appears (the "Sites") that process and store data for analysis, namely in our ASSET© for Schools software.
For the purpose of the Data Protection Legislation, the data controller is Stat Solutions trading as ASSET© for Schools of 225 Marsh Wall, Angel House, Canary Wharf, London E14 9FW. The data subject is the individual whose data is being processed. The Data Protection Officer is the Assistant Manager of the company who can be contacted on 0207 183 8357, option 5 and dpo@assetforschools.co.uk.
We are a registered company (no. 04890386).
We are committed to keeping your information secure and take the privacy of all data extremely serious and are ISO 27001 Certified.
By providing us with any information about yourself (including via the Sites), you consent to our processing of your personal information in accordance with this Privacy Policy and our Cookies Policy.
This Privacy Policy covers
- How we collect your personal data
- What personal data we collect
- Our legal basis for processing
- How we use this personal data
- How we store it
- How long we keep it
- Who it is shared with
- Data Transfers
- How we delete it
- Your rights as a data subject
- Complaints
- Subject Access Request
- Links to other websites
- Changes to our Privacy Notice
- Contact Information
How we collect your personal data
We can collect your personal data through the following communication channels;
- Booking Form, Contact Form, Online Chat, Surveys
- The data collected through the Booking Form Contact Form, Online Chat, Surveys will be provided by the data subject with consent.
- Telephone, Email, Social Media, Postal
- The data collected through Telephone, Email, Social Media, Postal will be placed into our system through our booking form. The data subject will be informed upon processing data as well as sent an email or letter to identify the storing and processing of data as well as their rights.
- Cookies
- The data collected through cookies is with consent. For more information, please see our Cookies Policy.
What personal data we collect
Stat Solutions Ltd. may collect the following data:
- Title
- Name
- Job Title
- School Name
- School URN
- Contact Telephone Number
- Contact Email Address
- Invoice Email Address
- How you heard about us (for Marketing Analysis Purposes)
- Preferred Demonstration Date and/or Time (if required)
- Availability for contact (if required)
- Other information relevant to customer surveys and/or offers
- Recorded Phone Calls
Please note, personal data is defined as any data that can identify an individual. The personal data we may hold would include the data subject's name, job title and/or email address.
The information we collect to follow up on interest in our software, ensure account set-up and ensure the security of the account including any data importing within it.
Following the purchase of any products or the attendance of any training, demonstration, webinar, meeting or further service, we may request for feedback. The feedback is not anonymous so that we can contact you should you request for further support or if we would like to resolve any queries.
The data collected through our websites with the use of cookies includes demographic data and browsing patterns. We also automatically receive your IP address (which identifies the computer or device that you use to access the Sites); the time and date of your visit; browser; operating system; internet connection details, as well as a breakdown of your journey through our Sites.
The data the user imports is saved within our software and is collected only for analysis by the school;
- Pupil Name (optional can leave blank‐Pseudonymisation is optional)
- Pupil URN (Required - Pseudonymisation is optional)
- Gender (recommended)
- Ethnicity (optional)
- Free School Meals (FSM) (recommended)
- Disadvantaged Pupils (recommended)
- SEN (recommended)
- Gifted & Talented (optional)
- EAL (optional)
- Class Name (optional)
- KS2 Reading Mark (required)
- KS2 Maths Mark (required)
- KS2 Reading Teacher Assessment (required)
- KS2 Maths Teacher Assessment (required)
- KS2 Average Point Score (APS) Combined Reading and Maths (required)
- List of Subjects taken in the school (required)
- Pupils grades, targets, predicted, other for each subject (required)
- Class groups for each subject (optional)
- Additional Pupil Groups/categorisation (optional)
- Basic Info (PEP)
- Pupil Voice (PEP)
- SEND module (PEP)
- Meeting module (PEP)
- Targets & Actions (PEP)
- QA & Sign Off (PEP)
The above states a list of information that users can import including the whether it is optional, recommended but still optional or required. The optional information inputted will provide additional analysis for users, the recommended is optional but key for many reports to successfully deliver the correct/expected output and the required information is what data is needed to compute and generate the main analysis reports. Pseudonymisation (the replacement of identifiable data with artificial identifiers) is optional for Pupil Name and Pupil URN. However, in order to analyse data on a pupil level either a Pupil Name or a URN (whether the Psedonymised or not) will be need to enable users to identify pupils.
Our legal basis for processing
We will only process data for the purpose of providing an individual with the most relevant information, products or services. Our organisation's legal basis for processing data is when it has been obtained voluntarily or through consent. Should our purpose for processing your data change, you will be notified.
All information collected and processed will be relevant to your interest/booking or to supply you with the right information regarding new products, services or documentation etc.
All calls are recorded for monitoring and training purposes. This is stated on our automated voice recording that each person will hear when they call the organisation. They may be produced to the data controller upon request or with regards to a query.
Data inputted into the software is assumed consented for analysis through the schools.
How we use this personal data
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping
- To improve our products and services
- To ensure the you receive information regarding the most relevant products, services and special offers
- To ensure delegates receive all information and reminders regarding their purchases and updates on our legal obligations when necessary
- Contacting you from time to time for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise our websites according to your interests.
- To build up marketing profiles, to aid strategic development, to manage our relationship with advertisers and to audit usage of the Sites.
- Additional information may be collected from your school website or by contacting the school or the Data Subject directly. The information includes the school phase, an alternative email address, reason for interest or booking, more information about your job role etc.
- For the courses, we share (via email) name, school name, role, telephone number and email with consultants who deliver training so that they can prepare for the training course. These details are also printed and sent via post in the form of personalised training materials.
- We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
- The personal data about the user will be used to create and secure the account, they may also be contacted about new features and relevant training and consultancy support.
- The data imported into the software is only used for the data analysis of the school and is not used for any comparison across further software users or shared with any third parties.
How we store it
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
We are ISO 27001 certified and Cyber Essentials Certified, a few of our security measures in our UK based office includes but is not limited to;
Physical
- CCTV
- Outer Building fob key access and monitored concierge desk
- Office Pin Code and fob key access
- Separate designated and logged fob key access to our server rooms
Electronic
- BitLocker passcodes on all PC's (Management or IT must log in each PC before use on a daily basis)
- All users have individual password access and limited access to only suitable files
- Group Policy determines and logs the use of IT equipment including 30 second lock
- Firewall and Norton Antivirus across all PC's
- All ports are disabled for non-authorised personal (management) ‐ meaning no external drives can be used
- Only administrator account can enable updates, software downloads and more
- ASSET for Schools website is securely protected by 256 SSL
- Penetration tests conducted internally and externally
All data is stored in UK Office, our server is backed up twice a day and a further back-up on a Naas Server and External UK Hosting.
Details from a form or website are downloaded, they are all stored in one place in our system and dated the download date. Otherwise, they will remain in the website.
All call recordings are recorded and stored in an external supplier, you can click here to view their Privacy Policy http://soho66.com/104383/all/1/Privacy-Policy.aspx
Email Addresses
All emails, both those who have consented to receive emails and
those who have not (or those who have unsubscribed) are stored in
an external mailing software and our internal system. Click here
to view our mailing software providers Privacy Policy https://www.sendinblue.com/legal/privacypolicy/
https://mailchimp.com/legal/privacy/
Email addresses are kept on our email marketing database so that we can keep a track of the status of the email as well as send emails to those who have consented to receive emails i.e. by subscribing to our mailing list. If you no longer wish to receive our emails, your email address will be kept in our systems in the form of a blacklist so that we do not contacted in the future.
How long we keep it
We will keep your personal data on our records for an ongoing period for the reasons mentioned above, as long as you (the data subject) give consent for us to do so. If you no longer want us to keep your personal data, it is your right to request for its removal at any time, providing you have a legitimate reason.
Who it is shared with
Your personal data will never be shared with any third parties or internationally, nor will it be accessible to any unauthorised persons as we have secure encryption and password controls in place to limit access to personal records.
For any demonstrations, we share (via email) name, school name, role, telephone number and email with consultant/specialist or who deliver training so that they can prepare for the training course. These details are also printed and sent via post in the form of personalised training materials. All consultants/specialists have signed contracts and NDA's which specifically indicate the importance of data security.
Data Transfers
All of our data is only process and stored in the UK and no transfers to further countries will occur. Should this change, you will be updated immediately.
How we delete it
In certain circumstances, you have the right to have your data deleted or 'forgotten'. In order to delete your personal data from our records, you must request either verbally or in writing. Once we have received this, we will confirm that the request is to be put forward to the DPO for Approval. The DPO will consider the deletion and ensure it will not affect any other data subject. If it is, the request will be rejected. Should the data not affect a further data subject, it is confirmed for deletion. All data will be deleted within this request excluding the email address. This will be place in a blacklist for our records.
Data is deleted manually from all databases at the stated time. Our back-up servers are updated automatically daily and this is when the back-up servers will too have the data deleted.
Your rights as a data subject
The GDPR provides the following rights for individuals.
- The right to be informed
- You have the right to be given information on how and why your personal data is being processed, such as this Privacy Notice. You are entitled to request this information both before and after providing consent to us, free of charge.
- The right of access
- You have the right to access your personal data at any time (this is called a Subject Access Request). You are entitled to receive confirmation that your data is being processed, have access to your personal data and information on how and why your data is processed. This right allows you to be aware of and confirm that we are processing your data legitimately.
- The right to rectification
- You have the right to have your personal data amended if it is inaccurate or incomplete. It is your right to have your request for rectification responded to within a month.
- The right to erasure (the right to be forgotten)
- You have the right to request the deletion or removal of your personal data, but only where there is no persuasive reason for its continued processing. For example, you may request to have your data deleted/removed if your personal data is no longer necessary for the purpose it was originally collected/processed.
- The right to restrict processing
- You have the right to stop your personal data from being processed any further. This mean that we are able to store your personal data, but not process it. We shall keep just enough information about you to make sure we can keep your restriction in place from this point on. (See Emails as an example of this scenario).
- The right to data portability
- This right only applies to personal data you give to a controller (anyone who determines the reasons and ways of processing personal data), where your personal data is being processed because you have given consent or for the performance of a contract and when processing is carried out automatically.
- The right to object
- You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics. You have the right to withdraw consent at any time.
- Rights in relation to automated decision making and profiling
You have the right to request for reconsideration of your applications or request should a decision be made through an automated process. The information above has been sourced from the Information Commissioner's Office (ICO). For their full guide to rights for individuals under the GDPR, please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Complaints
If you have a complaint about the way your personal data is being processed or for any other reason relating to your personal data, you have the right to lodge a complaint with a supervisory authority.
Subject Access Requests
As per your right of access, you are entitled to request to see your personal data that is stored in our records. In order to do this, you must send us your request in writing, so that we may be able to tell you whether any of your personal data is being processed, provide you with a description of your personal data, the reasons for which it is being processed and whether it will be shared with any other party. You will also be given a copy of this information and the details of where it is available.
If you wish to use our Subject Access Request Form to make your request, please contact us at virtualschools@assetforschools.co.uk or call our office at 0207 183 8357.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to our Privacy Notice
If there are any changes to this Privacy Notice, we will notify you via email and it will be updated here.
How to contact us
We are happy to assist you with any request you may have.
- 225 Marsh Wall
- Angel House
- Ground and 1st Floor
- Canary Wharf
- London E14 9FW
Email :virtualschools@assetforschools.co.uk
Tel : 0207 183 8357 (Opt 2)