MossPAM Privacy Policy

Introduction

MossPAM is committed to protecting your personal information when you are using the MossPAM website. This Privacy and Cookies Policy relates to our use of any personal information we collect from you via the following online services:

The MossPAM website that links to this Privacy and Cookies Policy;

Social media or official MossPAM content on other websites;

It also relates to our use of any personal information you provide to us by phone, SMS, email, in letters, other correspondence and in person. In order to provide you with the full range of MossPAM services, we sometimes need to collect information about you.

This Privacy and Cookies Policy explains the following:

What information MossPAM may collect about you;

How MossPAM will use information we collect about you;

When MossPAM may use your details to contact you;

Whether MossPAM will disclose your details to anyone else;

Your choices regarding the personal information you provide to us,

The use of cookies on the MossPAM website and how you can reject cookies.

MossPAM is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 and the General Data Protection Regulations which came into effect on 25th May 2018. These laws are referred to collectively in this policy as the “data protection laws”.

The MossPAM website may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies, and we therefore urge you to review them. They will govern the use of personal information you submit when visiting these websites, which may also be collected by cookies. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

We may need to update the website and this policy at any time and without notice. Where you have given us your email address, we may use this to notify you of such changes. Please check this policy regularly to ensure you always understand how we use your information.

1. Who are we?

We are MOSSPAM LIMITED, a company incorporated under the laws of England and Wales with company number 10248621 whose registered office is 100 Downs Park Road, London, England, E5 8JY. If you have any queries about how we use your data, please contact our data protection officer at info@mosspam.org

2. What information will MossPAM collect about me?

We’ll only collect your information in line with the relevant regulations and law. We may collect it from a range of sources and it may relate to any of our products or services you currently use or have used in the past.

We may collect data about you through:

Signing up to receive newsletters;

Submitting an enquiry through a form;

Entering competitions;

Live chats, web and mobile notifications;

Telephone and email conversations;

Booking event tickets,

Market research.

We may also collect information about you when you interact with us, e.g. visit our websites or mobile channels, call us or ask about any of our products. Some of this information will come directly from you. We might also get some of it from publicly available sources.

The types of information we collect about you may include:

Your name and job title;

Work or personal email addresses;

Home or work postal address,

Telephone or mobile numbers.

MossPAM collects information about how you use the MossPAM website and the device(s) you use to access the website. This includes:

Collecting unique online identifiers such as IP addresses (which are numbers that can uniquely identify a specific computer or other network device on the internet);

Your use of the MossPAM website, such as what you read, what pages and content you visited or documents you download,

For more information on how we may collect and use this data please see section 13 of this policy, on MossPAM’s use of cookies and our use of third party analysis applications.

3. How will MossPAM use the information it collects about me?

We’ll only use information on you where we have consent or we have another lawful reason for using it. These reasons include where we:

Need to pursue our legitimate interests,

Need to process the information to carry out an agreement we have with you.

The reasons we use your information include:

To provide you with the most user-friendly online navigation experience;

Where we provide personalised services, we may analyse the information you supply, as well as your activity on our website so that we can offer a more relevant, tailored experience;

Managing our relationship with you, including (unless you tell us otherwise) telling you about products we think may be relevant for you;

Understanding how you use our website content;

Undertaking website content improvement;

Undertaking risk management;

Protecting our legal rights and complying with our legal obligations;

To use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different regions or countries,

We may also use and disclose information in aggregate (so that no individuals are identified) for marketing and strategic development purposes.

We may use information which we hold about you to show you relevant advertising on third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter). This could involve showing you an advertising message where we know you have used the MossPAM products or website. If you don’t want to be shown targeted advertising messages from MossPAM, some third party sites allow you to request not to see messages from specific advertisers on that site in future, or contact us to request removal at support@mosspam.org

4. How we make decisions about you?

We may use automated systems to help us make decisions, for example helping us to identify the relevancy of products to new or existing customers or non-customers or to help us understand the renewal risk profile of a customer. Individuals may have a right to certain information about automated decisions we make about them and may also have a right to request human intervention and to challenge the decision. More details can be found in section 12.

5. When will MossPAM contact me?

MossPAM may contact you:

In relation to any correspondence we receive from you or any comment or complaint you make about MossPAM products;

To invite you to participate in surveys or research about MossPAM’s current or potential products (participation is always voluntary),

For marketing purposes, as set out in section 6.

6. Will I be contacted for marketing purposes?

From time to time we may send you marketing communications which we believe may be of interest to you. We may use your information to provide information about other MossPAM products, and also products and services from our partners and other relevant third parties. We may send marketing messages by post, email, telephone, text or other MossPAM platforms. You may opt out of receiving marketing by amending your preferences. You can do this by emailing us at support@mosspam.org, or by clicking the link on any marketing emails we may send you.

7. Will MossPAM share my personal information with anyone else?

We may share your information with others where lawful to do so including where we or they:

Have a public or legal duty to do so;

Need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;

Have a legitimate business reason for doing so;

To provide you with products you’ve requested,

Have asked you or the individuals connected to your business for your permission to share it, and you (or they) have agreed.

In addition, we hope we will continue to expand. So, eventually, we may have additional group companies (we will all be owned by the same company, though). If this happens, we may want to share your information around our group so they can use it for the same internal purposes as we do, as described in this policy (for example marketing where we think this might be of interest to you or we might want to store our data on one server).

It is possible that we could sell our business to a third party, or re-organise our business or become insolvent. In that scenario, our database of customers is one of the biggest parts of that business, so we would need to share it with the buyer and their advisers.

Sometimes, other people give us data about you which we may need for our legitimate business purposes. This may happen when you use another website that we link to.

Generally, we will use your information within MossPAM. However, we may share with third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter) some data, with appropriate security measures, to show you relevant advertising on third party sites.

Sometimes MossPAM uses third parties to process your information on our behalf, for example to provide analysis. MossPAM requires these third parties to comply strictly with its instructions and MossPAM requires that they do not use your personal information for their own business purposes.

8. Sharing aggregated or anonymised information

We may share aggregated or anonymised information within and outside of MossPAM, with partners such as research groups, policy groups, the DfE, or Ofsted. You will not be able to be identified from this information.

9. Offensive or inappropriate content on the MossPAM website

If you post or send content which may reasonably be deemed to be offensive, inappropriate or objectionable anywhere on or to the MossPAM website or social media, MossPAM may remove such content.

Where MossPAM reasonably believes that you are or may be in breach of any applicable laws, for example on hate speech, MossPAM may disclose your personal information to relevant third parties, including to law enforcement agencies or your internet provider. MossPAM would only do so in circumstances where such disclosure is permitted under applicable laws, including data protection law.

10. How long will MossPAM keep my information?

We’ll keep information in line with our data retention policy. For example, we’ll normally keep your core information for a period of seven years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.

11. How we protect your data

All information you provide to us is stored on our servers, and we have implemented reasonable and appropriate security measures to protect the data including HTTPS and the industry standard for encryption and SSL technology. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur.

We do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, credit-card details or other identifying or sensitive information in any online chat function on the sites.

12. Your rights

You have a number of rights in relation to the information that we hold about you under the data protections laws. These rights include:

The right to access information we hold about you and to obtain information about how we process it;

In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another legitimate reason for doing so;

In some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;

The right to request that we rectify your information if it’s inaccurate or incomplete;

In some circumstances, the right to request that we erase your information. We may continue to retain your information if we’re entitled or required to retain it;

The right to object to, and to request that we restrict, our processing of your information in some circumstances. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we’re entitled to continue processing it and/or to refuse your request. You can exercise your rights by contacting us at support@mosspam.org;

Individuals also have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk, or to the data protection regulator in the country where they live or work;

You have the right to ask us not to process your data for marketing purposes at any time by emailing us at support@mosspam.org,

You have the right to access information we hold about you. Simply email us at info@mosspam.org and we will tell you how to do this.

13. What are Cookies?

A cookie is a piece of text stored on the hard drive of your computer, mobile phone or other portable device by your web browser. Broadly, this tool distinguishes you from other visitors to our websites and stores information about your website visits, and recognises you and your preferences each time you visit our websites.

There are different types of cookies:

Session cookies

These are specific to your browsing session and expire when your browser is closed or when you leave the site. These cookies ensure that you are recognised when you move from page to page within the sites, and any information entered is remembered.

Permanent/persistent cookies

These cookies remain, even when you have closed the browser. These cookies remember information so that you don’t have to type them in every time you use the sites. Permanent cookies are stored on your device (browser or mobile device), and expire at a fixed point in time, or until you choose to delete them.

First and Third-party cookies

First-party cookies are those set by MossPAM. Third-party cookies are placed by third party sites and are typically persistent. These cookies gather information on user activity, so that the sites can remember something about you at a later time, such as personalisation preferences or collecting statistics so that MossPAM can improve the sites. Unless you choose to tell them, the third party sites will never know who you are even if they assign your browser a cookie.

These cookies also have different functions:

Performance cookies

These cookies collect information about how visitors are using the sites, e.g. which pages are most popular, when errors are being generated and testing different designs. Additionally, performance cookies allow us to count the number of visitors and measure how effective advertising metrics, user experience and site performance.

Functionality cookies

These cookies allow MossPAM to provide services, such as live chat, and remember choices you have made, so that we can better serve personalised content to you.

Strictly necessary cookies

These cookies are required for the sites to perform correctly.

Targeting and/or advertising cookies

These cookies track your visits to the sites, the links you have clicked and the articles you have viewed. MossPAM uses this information to target and personalise our advertising, so that is more relevant to your needs.

If you would like to know more about cookies, including flash cookie and local storage devices, the following websites provide useful information: www.allaboutcookies.org, and www.youronlinechoices.eu

14. Can I refuse cookie tracking?

Most web browsers allow some control of most cookies through the browser settings. If you turn off cookies, you may not be able to use all of our functionality. However, you will still be able to see content.

MossPAM is committed to protecting your data and the information we collect about you online. You can withdraw your consent to accept cookies through settings on some of the most popular browsers.

Thank you for visiting our website.

Last updated 7th November 2019. MossPAM.

MossPAM Parent App Privacy Statement

1. Executive Summary – Data Privacy & the Parent App

At all times when using the Parent App you should be aware that your school remains the controller of the personal data which you can access, update and interact with through the App.  It is important to remember that your use of the Parent App results in no transfer of control over the personal data, or of the personal data itself, to MossPAM.

2. Scope of this Privacy Policy – the Parent App

In this Policy, defined terms shall have the meanings given to them in the User Terms. 

MossPAM is a secure, cloud-based platform that stores and processes data relating to a school and its pupils.  This privacy policy applies specifically to the mobile application that is aimed at parents or legal guardians of school children to enhance their access and engagement with certain parts of the management information system as it applies to the pupil (the “Parent App” or “App”).   A parent or legal guardian can only use the Parent App after being authorised to do so by their school.

This Privacy Policy applies to information about you the User, about pupils and about third parties such as family members, key others connected to your child (for example carers, uncles, aunts or grandparents) or other personnel within your school and as it is accessed through the Parent App (together “App Personal Data”).

Specifically, in this Privacy Policy we cover:

What information the Parent App may collect about you and your child/pupil;

How the Parent App will use this information;

When the Parent App may use your details to contact you;

Whether the Parent App will disclose your details to anyone else;

Your choices regarding the personal information you provide to us; and,

Our use of cookies within the Parent App and how you can reject cookies.

Outside of the App as the primary mode of communication and data processing, this Privacy Policy also rightly relates to our use of any personal information you provide to us by phone, SMS, email, in letters, other correspondence and in person. In order to provide you with the full online service and functionality provided by the Parent App we sometimes need to collect information about you – which may involve for example verifying the records held about you and your child by the school.

3. Who we are – Explaining our role in more detail

We are MOSSPAM LIMITED, a company incorporated under the laws of England and Wales with company number 10248621 whose registered office is 100 Downs Park Road, London, England, E5 8JY. If you have any queries about how we use your data, please contact our data protection officer at info@mosspam.org (“MossPAM” “us”, “we” or “our”).

As owner and creator of the App, MossPAM acts as data controller in respect of its own business and personnel information.  But in respect of the App Personal Data, MossPAM acts as data processor acting on the instruction of your school (the data controller).  Our data protection lead (DPL) responsible for communicating with you about our use of your data can be contacted at info@mosspam.org

4. What does the Parent App do?

At a functional level, the Parent App enables parents to communicate with their children’s schools and allows them to review the information held about them or their children within the school’s MIS.  The Parent App therefore acts as a communication and information medium which builds on the core software and services provided by MossPAM to the school.

5. Who controls the data in the Parent App?

The school is the controller of the data.  The use of the Parent App results in no transfer of control to MossPAM.  Moreover, data accessed within the Parent App does not reside anywhere other than the school’s databases.   It is not cached or copied in the provision of the Parent App.

6. Your role and interaction with the App

You are a parent or legal guardian. Only users whose details have been registered with us by a school will be permitted to use the App.

7. The data protection laws and principles we honour

MossPAM is committed to protecting your personal information when you are using the Parent App. We take our written instructions to administer the App and to enable your access to the App from the school.

Whenever you provide such information in the App, we are legally obliged as a data processor to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 and the General Data Protection Regulation 2016/670 (“GDPR”) as the same may be updated or replaced from time to time. These laws are referred to collectively in this policy as the “data protection laws”.

A fundamental feature of the data protection laws is the establishment of guiding privacy principles at Article 5 of the GDPR.  For further information as to how your school applies these privacy principles please refer to their own Privacy Policy.

For your information, the service we provide at the request and instruction of the school operates in accordance with these principles including the principles of transparency, purpose-limitation, data accuracy, retention/storage, data security and integrity, and data minimisation.

8. Our commitments to you

Subject to the bespoke commitments and arrangements put in place by your school as the relevant data controller, we subscribe to the following practices:

We do not engage in restricted transfers of personal data save than as permitted by the exceptions and permissions contained in the data protection laws.   We therefore do not currently store or transport personal data outside of the EU;

We do not transfer personal data originating from schools in an unencrypted format,

We do not claim ownership over any of the data processed or created as part of services provided to you. If you wish to exercise any of your rights under data protection laws to remove any content, more details can be found in the ‘Rights of individuals’ section below.

9. Authorisation from the school

The Parent App is made available to you under clear authorisation provided to us by your school, who act as the primary gatekeeper and data controller in terms of the information held by it in connection with your child.

10. Your download of the Parent App

Your school will provide you with details of how to download our App along with unique login credentials. From that moment on, you should not allow others to access the App on your phone or other handheld device or tablet upon which the App can be accessed (each a “Device”).  You should not share your login credentials with anyone even if he or she is a co-parent or fellow legal guardian or fellow teacher of your child.  All parents or guardians with children at schools which subscribe to the MossPAM services are entitled under the licensing agreement to set up their own profiles. This will then enable them to access the Parent App providing the school has provided them with the relevant authorisation.

11.  Data sources

The App may process data about you through:

Downloading the App – when registering your device for the services;

Displaying information supplied by the school;

Displaying content you upload using the App,

Unique application numbers, reinstallations of the App, other updates or resets.

When you want to install or uninstall an App such as the Parent App it may possess a unique application number or it may search for automatic updates and these processes can supply information about your installation such as the type of operating system your Device is using.

12. The types of information we collect about you and your child/pupil

The predominant types of data that might be used (but not necessarily cached) in the App include:

The technical and other information that you give us when downloading and registering the App – which allows us to validate you as a User;

 

The information we get from your day to day use of the App (for example by uploading content, frequency of visits);

Other types of information we process and display which emanate from the MIS controlled by the school (such as your child/pupil’s attendance record, school reports and achievements);

Messaging services or feedback opportunities or surveys which we may provide from time to time to time on the App (both one-way and two-way traffic);

Special category data where the school is obliged to (and therefore will) obtain your specific consent before processing it – such as blood group, medical details, and other essential information relating to the vital interests of your child which may include associated information relating to his or her sibling or other family members (particular allergies, medicines, procedures and conditions the school should know about);

Technical information relating to how you use the App, which will include information about your Device, its settings, its IP address, and certain permissions within the Device, plus analytics regarding your use of the App – frequency of usage, what you read, interact with, upload and download; and,

Monitoring information and communications which may be recorded for purposes of quality assurance, training and fraud prevention.

13. Your school’s lawful bases for collecting information about you and your child/pupil?

We have listed a wide range of information-types in the previous section.  Data protection laws requires your school to have a lawful basis (Article 6 (1) of the GDPR) for engaging us to process the types of App Personal Data we hold about you or your child.

For the most part your school is obliged to use personal data in respect of you and your child pursuant to a legal obligation. These legal obligations emanate from successive Education Acts (from 1944, 1996, 2002 for example) as well as a vast range of other acts of parliament related to children and childcare in addition to relevant regulations applicable to schools.  For further details please consult your school’s Privacy Policy.

MossPAM is required to help your school process this personal data because of a contractual necessity – where we need to perform our subscription agreements with each school (which includes provision of the platform and the App we make available to you through your school).

For several of the information types that are accessed in the App, there will be occasions when your school will rely on its legitimate interests to justify the processing of that information. Again, we invite you to consult your school’s Privacy Policy to learn further about the use of legitimate interests by your school.

In addition, we at MossPAM will rely on our legitimate interests whenever we act as data controller over particular personal data (in limited circumstances).  We have identified on page 1 of this Privacy Policy that we will act as data controller in two clear circumstances:

When we compile and use technical information,

When we maintain or update the App (including fixes/patches).

When we do use your data in these ways we will not collect or process any data in relation to you or your child unless it is necessary in order to provide you with the service (for example to correct bugs in the App) or we are satisfied that we continue to have a legitimate interest in doing so (in adherence to the GDPR).  This means that through this policy we are happy to commit to continually assessing our legitimate business needs against the needs to maintain and protect individual rights and freedoms.  We are happy to make our up to date assessment of our legitimate interests available to you upon request.

In summary, we conduct a 3-stage test to challenge ourselves and confirm our legitimate interests to hold personal data as follows:

1. We identify what our legitimate business interests are at any given time,

2. We check the necessity of processing a parent or child’s personal data in order to properly deploy and operate the App.  We check that there are no less intrusive means to deliver the App’s functionality for parents and legal guardians,

3. We make sure we weigh the balance of the interests of our business and our App with the interests of the pupils, parents and others whose personal information we hold.

Finally, we ensure that our legitimate interests are prudently counterbalanced against the constant right of individuals to make a data access request to us (such as an objection to processing).

14. How your school makes decisions about you?

Your school’s Privacy Policy will set out how the school makes decisions about you and your child’s information.

15. When will MossPAM contact me?

It is unlikely that MossPAM will ever contact you directly. Your school is responsible for communicating with you about use of the App.  This may include notifications within the App alerting you to new messages or notices which we can display on behalf of the school.

It is possible in the future (we do not store any contact data for you ourselves), we may contact you as follows:/

To notify you about any planned maintenance and downtime affecting the App;

At the school’s request only, to verify your credentials or your authorisation from the school or to help you reset your linkup code with the school (i.e. password);

In relation to any email or other correspondence we receive from you or any comment or complaint you make about the Parent App directly to us;

At the school’s request only, in relation to any tailored or trial services or new features of the App you are using,

At the school’s request only to occasionally invite you to participate in surveys or research about the App.

16. Will I be contacted for marketing purposes?

No.

17. Will MossPAM share my personal information or my child’s personal information with anyone else?

As a data processor following instructions (pursuant to a subscription agreement) from your school there are times when we use third parties to process your information on our behalf, for example to provide services such as email deployment or cloud storage services or analysis of the technical data we use.  We need these providers to provide us with their services for our legitimate interests of operating our business and our App effectively.

When we use the services of others it will be required in order to fulfil our obligations under the subscription agreement in place with your school.

18. Will other end users or administrators of the Parent App be able to see my data?

Your school’s privacy policy sets out the relevant permissions to access your data and school records to which the App interfaces.

19.  Sharing aggregated or anonymised information

In line with the organisational and technical measures and techniques of anonymisation and/or pseudonymisation advocated by the data protection laws we may share aggregated or anonymised information within and outside of MossPAM, with partners such as research groups, policy groups, the DfE, or Ofsted. Neither you nor your child or individuals connected to your child will be able to be identified from this information.

20. Offensive or inappropriate content on the Parent App

If a User posts or uploads content which is disruptive or may reasonably be deemed to be offensive, objectionable or otherwise inappropriate, MossPAM may remove such content and may deny you access to the Parent App temporarily or permanently as we see fit.

Where MossPAM reasonably believes that you are or may be in breach of any applicable laws, in respect of hate-speech for example we may disclose your personal information to relevant third parties, including to law enforcement agencies or your mobile phone operator or other internet communications provider. MossPAM shall only do so in circumstances where such disclosure is permitted under applicable laws, including data protection law.

21. How long will MossPAM keep my information?

As a reminder, the Parent App only provides a medium for you and the school to update the records your school holds about you and your child. Parent App does not cache or store these records. If you need to access these records, please contact your school.

The technical data we collect about you is very limited but we will only store your data for as long we need it and we will keep information in line with any data retention policy in force. To determine the appropriate period, we consider the amount of data, its nature and sensitivity, the potential for harm and whether we can achieve our purposes through other means as well as our applicable legal requirements. Details of our records retention policy is available upon request. We will regularly cleanse this data. We will also delete your data on your request though we may hold a list of the ‘opt out’ requests to administer your request.

22. How we protect your data

Your school’s privacy policy should provide information about the security measures it has in place to protect this.

In terms of the limited technical data we store about you, this is stored on our servers, and we have implemented reasonable and appropriate security measures to protect the data including HTTPS and the industry standard for encryption and SSL technology.

Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur.  Please keep your login credentials and your Device safe from unauthorised use or intervention at all times – and remember to log out of or close down the App after use.

For safety and child protection purposes only, in the future, we may require users to verify their credentials. We also reserve the right to contact the school in the event of any unusual or noteworthy login activity or patterns of usage. We won’t use this information for unexpected reasons.

We also do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, holiday / home absence information, credit-card details or other identifying or sensitive information in any online messaging function on the App now or in future.

23. Your rights

You have a number of rights in relation to the information that the school holds or uses about you or your child.  In the vast majority of cases, it will be appropriate to contact your school as the first port of call so that any information relating to the MIS which the school controls can be made available by the school.

For the very limited information we hold as data controller (in respect of technical information relation to the App, analytics applied to that information and any software upgrade or modification) you nevertheless have enshrined rights which are summarised below:

The right to be informed about our use of your data. This is met by this Policy;

The right to access information we hold about you and to obtain information about how we process it (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that we may ask you to specify what you wish to see in order to focus our search, and we may have to verify your identity/authority;

In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent;

In some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;

The right to request that we rectify your information if it’s inaccurate or incomplete though we may need to verify the accuracy of the new data you provide to us;

In some circumstances, the right to request that we erase your information where there is no good reason for us continuing to process it. We may continue to retain your information if we’re entitled or required to retain it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request,

The right to object to, and to request that we restrict, our processing of your information in some circumstances for example where we are relying on our legitimate interests or using it for direct marketing. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we’re entitled to continue processing it and/or to refuse your request.

You and individuals (including individuals connected to your school) can exercise your rights by contacting us at info@mosspam.org

Individuals have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk, or to the data protection regulator in the country where they live or work.

Where we are the data controller of your personal data, you have the right to access information we hold about you. Simply email us at [insert email address] and we will tell you how to do this.

24. What are Cookies?

A cookie is a piece of code or text stored on the hard drive of your computer, mobile phone or other portable device by your web browser.  We do not track your online browsing patterns and the App does not contain cookies at present. It is possible the App may contain cookies in the future to provide you with a good experience when you use the App, to store information about your App usage, your preferences and your engagement.  In this way, cookies ensure that the App functions as we intend it to and enables us to provide the services you request. If we do this, we will provide a clear notice about this usage within the App.

The App is not available to users outside the UK.

Last Revised May 2020.

MossPAM Privacy Statement

This statement underpins the policies, promises and contracts we make with schools relating to the education data that MossPAM processes.

What is MossPAM?

MossPAM is a secure, cloud-based platform that stores and processes your school data.

Privacy and Data Protection Statement

1. Introduction
Privacy and security are at the heart of everything we do at MossPAM. This statement explains the key measures we’ve put in place to ensure that a school’s data is kept secure and processed appropriately at all times. It also covers our commitments to you, and what we expect from schools in terms of privacy and data protection.

2. Our Principles

We:

Hold school data for the purposes of education management and school improvement only, and only for those purposes necessary to provide the service explicitly offered to schools;

Adhere strictly to the terms of the Data Protection Act 1998 and any future amendments or applicable legislation, such as GDPR (2018);

Only store and process the minimum data required to provide our services;

Transport and store all personal data originating from schools using modern and best practice encryption technologies. This includes Secure Socket Layers (SSL/TLS) for encrypted data transfer over the internet;

Comply with all Subject Access Requests made relating to the data we store;

Ensure that all data is held securely by taking steps so that data is not corrupted or lost;

Ensure that all staff having access to personal data hold a valid Disclosure and Barring Service certificate;

Always maintain adequate liability insurance,

Report any breaches of security to the data controller, the Information Commissioner’s Office (ICO) and other authorities if required by law, and, in co-operation with the data controller, to data subjects.

 

We DO NOT:

Store personal or sensitive data outside of the EU;

Share your data with any third parties except where explicitly requested by you or required by law;

Use your data for the purposes of advertising or marketing, except where it is relevant to your usage of the system itself (e.g. awareness of new functionality);

Transport personal data originating from schools in an unencrypted format,

Claim ownership or exclusive rights over any of the data processed or created as part of services provided to you.

3. Security and Encryption
We take every reasonable measure to ensure we store data securely. The MossPAM platform is developed using secure technologies, which include, but are not limited to the following:

All personal and sensitive MossPAM data is stored and transported within the EU;

All external data transmissions to and from the MossPAM Platform are encrypted using modern SSL/TLS protocols and ciphers,

All servers are situated in secure locations.

4. Staff access to data

MossPAM does not inspect any of the data we store, except where a school has given us permission to inspect their data; for example, to provide technical support to correct a technical problem.

All our staff are required to agree that they will abide by the Security and Data Protection Policy at all times.

5. Deleting and Retaining Data

We retain personal data on our platform for as long as necessary to provide the MossPAM service. If a school terminates their contract with MossPAM, we will delete their personal data within 12 months.

6. MossPAM and Third Party applications

Schools are responsible for accepting the terms and conditions of third party applications.

Before we allow Third Party Applications to access school data, schools must authorise the requests to connect to their data and review the type of data that an application is requesting. These permissions can be revoked at any time by the school.

7. Privacy or Security Breaches

We take all reasonable and necessary precautions to ensure that your data is secure and to recognise and then mitigate the risks to security and privacy. However, it is not possible to 100% guarantee the security of any data transmitted or stored electronically. In the event that a breach of security or privacy did occur, MossPAM will contact Data Controller of the affected data, and inform the Information Commissioner’s Office (ICO), and other authorities, if required by law.

 

Information for students and parents

MossPAM, as the Data Processor, only has access to pupil data as requested by the school, as Data Controller, and only for the purposes of performing services on a school’s behalf.

Your child’s school remains the Data Controller of any pupil data we process. If you have questions about your or your child’s data or how your school is making use of our service, please contact the school directly. Any pupil or parent/guardian enquiries we receive will be directed to the relevant school as the Data Controller for that child’s or parent’s/guardian’s data.