The Privacy Policy
This privacy policy is for the Website itrackeducation.com and is served by iTRACK Education, 3 Benford Court, Lower Cape, Warwick, CV34 5DA and governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act and the PECR (Privacy and Electronic Communications Regulations).
iTRACK Education is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
This policy will explains areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhered to. Additionally, it will explains the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website. Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer/device in order to serve it to you. Our contact information is provided if you have any questions
The DPA & GDPR May 2018
We and this website complies to the DPA (Data Protection Act 2018). We will update this policy accordingly after the completion of the UK’s transition period from the European Union.
ICO
Respect for school’s privacy and security is at the very heart of what we do. We have compliance with the UK’s data protection act and are registered with the Information Commissioner’s Office (registration number: Z9442686). Registration is April with automatic renewal in place. Please see the link at the end of this policy for further ICO guidance.
SSL Certificate
The websites itrackeducation.com has an SSL certificate installed, further enhancing the security of the site. SSL certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. SSL certificates bind together: A domain name, server name or hostname and an organisational identity (i.e. company name) and location. An organisation needs to install the SSL certificate onto its web server to initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure. When a certificate is successfully installed, the application protocol (also known as HTTP) will change to HTTPS where the ‘S’ stands for ‘secure’. Depending on the type of certificate purchased and the browser used, a browser will show a padlock or green in the browser when you visit a website that has an SSL certificate installed.
Architecture of the site
Data is stored on a physically separate machine to the website. Access to the storage is closed to the outside internet – that is to say, the only way to get into the data machine is through a carefully closed and specific channel from the websites.
The data storage machine is also behind a firewall that prevents any outside access except the system administrators with appropriate credentials. This access is via a secure VPN and open only to two trusted system engineers. The application server is protected from SQL Injection attacks by tight validation of any parameters sent by users to the application, so no access may be gained in this way. For instance, we do not permit write access on a routine that only needs to read data.
Data Transit
Data in transit to and from the websites is secured with a GeoTrust SHA-256 with RSA encryption SSL certificate. Access to data is only available via a second and separate local-only network that the website server can access internally. Additionally, all servers use advanced intrusion detection systems to prevent and stall brute force attacks.
What we collect
We may collect the following information: name and job title, contact information including email address and demographic information such as postcode. We will not collect any personal data that we do not need in order to provide and oversee the service we offer you.
What we do with the Information we gather
We use this information to provide you with a better service, and in particular for the following reasons: internal record keeping, to improve our products and services, to keep you information about updates to iTRACK Education products including but not limited to iTRACK and iASEND, to send promotional emails about new products, updates about products you have purchased, special offers or other information which we think you may find interesting using the email address which you have provided. We also use the information to assist you with lost login details.
We may disclose personal data if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with any legal process served on us or our website; and (b) protect and defend the rights of us, or our website or users of our website.
If we believe that your use of the website is unlawful or damaging to others, we reserve the right to disclose the information we have obtained through the site about you to the extent that is reasonably necessary in our opinion to prevent, remedy or take action in relation to such conduct.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways; whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do want the information you give to be used for direct marketing purposes.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by unsubscribing using the unsubscribe link provided at the bottom of the email.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
You may request details of your personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held, please write to us at the address at the bottom of this policy. Data will supplied electronically and in a commonly used format and within one month of receipt of the request.
In addition, you have the right to ask us to erase, suspend the processing of or transfer personal data.
We want to make sure that the information we hold about you is up to date. If you believe that any information we are holding about you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect.
Use of Cookies
This website uses cookies to better the users experience while visiting the website; they prevent multiple logins to any account and they also remember a user’s default settings.
As required by legislation, where applicable this website uses a cookie control system, allowing the user to give explicit permission or to deny the use of/saving of cookies on their computer/device.
What are cookies? Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.
Website Visitor Tracking
iTRACK Education websites do not contain a cookie which tracks and monitors user engagement and usage. However, when a user is logged in, the system logs this information enabling the iTRACK Education team to see who is logged in at any one time. This prevents the team from restoring a backup or doing any work on the system when users are logged in.
We will support you with specific queries about your data and its interpretation. To do this we will log into your account to access your data. We would not do this without your specific consent.
Employee Security and Awareness
A major part of keeping your data safe is ensuring employees are security conscious and aware of their responsibilities. All employees receive training on data use and data security prior to receiving system access.
Breach Notification
As required by law, iTRACK Education will provide notification in the event of a data breach. We maintain incident response procedures which enable us to notify all affected clients as required.
Unsubscribing
We offer a right to be forgotten service upon subscription expiry. Upon request that a school does not wish to renew its subscription, all data stored within your account will remain on our servers up to six months after expiry. Once the sixth month period has elapsed, all data will be deleted from our servers. If access to data is required within these six months of subscription expiry, a charge will apply each time information is required.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications. We accept no responsibility for third part downloads and downloads provided by external third party websites and advice users to verify their authenticity using anti-virus software or similar applications.
Contact & Communication with Us
Users contracting us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored on our website server securely in the UK until a time it is no longer required.
All iTRACK Education servers reside within the UK in industry-leading data centres with physical access restricted by biometric authentication with constant all year round surveillance.
We will only retain your personal data if it is necessary to fulfil the purpose we collected it for, including for satisfying any legal, accounting or reporting requirements
Email Mailing List(s) & Marketing Messages
We operate an email mailing list program, used to inform subscribers about products, services and/or news that we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in this policy. Subscribers can unsubscribe at any time through an automated online service (School Send). The type and content of marketing messages subscribers receive, and if it may contain third party content, is outlined at the point of subscription. Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies to track subscriber activity within email marketing messages.
Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
Our EMS (email marketing service) provider is School Send and you can read their privacy policy in the resources section.
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / images links to other websites)
Shortened URL’s: URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks like this (https://bit.ly/2KK1qdL). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for damages or implications caused by visiting any external link mentioned.
Social Media Policy & Usage
We adopt a Social Media policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms, users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Your Responsibilities
For the majority of users, pupil data is imported via a CTF file (either manually or via Wonde. More information on Wonde is available in the links below) which contains pupil data such as UPN’s, Names, and Dates of Birth. iTRACK Education will only process data that is contained within a CTF file. If, for example, a CTF file contains no information on school history, then this data will not be processed.
Users and User Login
When users set up accounts, we ask that they create a username and a password. We require users to have complex passwords (mixture of capitals, lower case and numbers) to prevent concentrated attacks on passwords. We also ask users to keep their username and password safe.
Users can be added, removed and reviewed from the Manage Users page within iTRACK Education websites. To ensure that sensitive data within your account can only be accessed by the people you choose to allow, we recommend reviewing this list at least once a term. This will also allow you to add any new members of staff, remove any who have left or alter permissions due to any changes in job roles.