Fair Processing Notice

The Headteacher in the name of Bunscoill Rhumsaa as Data controller

The Headteacher, in the name of Bunscoill Rhumsaa, is a data controller for the purposes of the Data Protection Act 2002/General Data Protection Regulation (Isle of Man) Order 2018. The contact details for the Data Controller are Bunscoill Rhumsaa of Lezayre Road, Ramsey, Isle of Man IM8 2PA.

In addition to the information set out in the Isle of Man Privacy Notice, we may also collect the following information about your child as required by the Education Act 2001 and the Registration of Pupils Regulations 2016:

  1. full legal name and where known, any former name or names;
  2. gender;
  3. date of birth;
  4. unique pupil number;
  5. ethnic group and by whom that information was provided;
  6. first language;
  7. date of admission to the school;
  8. year group;
  9. the address and postcode of the pupil's usual residence and any other properties at which the pupil is also known to reside on occasion;
  10. the name and address of every person known to the school to be a parent of the pupil and at least one emergency contact telephone number;
  11. the name and address of any other schools the pupil is known to have attended, if any, and in the case of guest registration, any other schools at which the pupil is registered;
  12. full-time or part-time;
  13. day pupil or boarder;
  14. date of leaving the school;
  15. usual mode of transport to and from school;
  16. for any pupil who is known to the head teacher to be or to have been looked after by an appropriate organisation, the name of that organisation;
  17. (where applicable) that the pupil has been found eligible for free school meals;
  18. Attendance;
  19. Medical information for the vital interests of children where appropriate;
  20. Educational psychologists reports and supporting documents;
  21. Academic achievements;
  22. Skills and abilities;
  23. Educational progress;
  24. Special educational needs information;
  25. Suspension information;
  26. Course information;

The Data Protection Officer for the Department of Education, Sport and Culture is: Andrew Shipley, Department of Education, Sport and Culture, Hamilton House, Douglas. IM1 5EZ. Tel 01624 685828. Email: DPO-DESC@gov.im.

How we will use the information we collect about you

Bunscoill Rhumsaa may use your information to:

  • register your child at the school;
  • record attendance information;
  • produce an educational record containing:
    • Information about your child
    • Personal education plans
    • Educational psychologist's reports and accompanying documents
  • produce a curricular record containing:
    • Academic achievements;
    • Skills and abilities; and
    • Educational progress
  • produce a record of special educational needs and special needs provision, if appropriate detailing:
    • The type of special need;
    • A ranking of the special needs if there is more than one;
    • The special needs provision being made; and
    • Whether teaching is in a special education needs unit or elsewhere
  • record details of suspensions
  • produce a record of the studies undertaken;
  • help prevent and detect crime

Bunscoill Rhumsaa has a statutory obligation to check and verify the data you provide to us on registration documents and on consent forms. This may include checks of publicly available information but in some cases, where it is necessary and relevant, the information you provide may be disclosed or shared with other organisations.

How we will share the information we collect about you

App or Service Details Consent Required

ActiveLearn (Bug Club and PowerMaths)

more information

Data Shared: Name, Year Group, Class

Sharing Basis: The data will be provided so that teachers can plan, provide and monitor online learning activities for pupils.
Pupil data means that pupils are able to access bespoke learning activities tailored to their needs.

Security Protocols:
GENERAL SECURITY OVERVIEW FOR PEARSON’S ONLINE LEARNING APPLICATIONS
At Pearson, we recognize that our Educational Partners, Students and Customers are increasingly concerned with security, privacy, and the reliable availability of online learning applications. The information in this document can be shared with Pearson customers, potential customers and 3rd party partners.
Pearson is committed to the security and availability of our online learning applications. Pearson maintains state-of-the-art technological practices and hosting equipment that meet or exceed the needs for today’s mission critical applications. The protection of sensitive data, whether Pearson’s or that of our Educational Partners and Students is an important part of our core operating values.
Contents
1. Introduction
2. Organizational Security
3. Security Policies
4. Human Resource Security
5. Security Training
6. Physical and Environmental Security
7. Networking and Communications Security 8. Vulnerability Scans
9. Security patch management
10. Third Party and Vendor Information Security Management 11. Secure Development Lifecycle
12. Monitoring
13. Maintenance and Change Management
14. Information Security Incident Management
15. Customer Account Creation and Data Management 16. Credit Card Processing
17. Backups and Data Destruction
18. Business Continuity Planning
19. Insurance
20. Regulatory, Industry, and Policy Compliance
1. Introduction
This document describes the control environment and security practices for Pearson online learning systems. It provides an overview of basic security information without supplying details that could compromise the security of the Pearson operating environment.
REVIEWS AND UPDATES – This document is periodically reviewed and updated to reflect the current security practices for Pearson online learning applications.

2. Organizational Security
Pearson has implemented a global security organization with the following key roles:
 Chief Information Security Officer
 Business Information Security Officers
 Regional Information Security Officers
 Chief Information Privacy Officer
DATA SECURITY AND PRIVACY BOARDS GOVERNANCE - the data security and privacy board mission is to establish Pearson as an ethical leader in security and privacy by setting global governance policies and standards that enable Pearson business strategy, manage risk, and respect and protect the privacy of the individuals that Pearson serves in alignment with all compliance requirements, relevant and applicable policies and laws.
SECURITY ENGINEERING – the security engineering team designs and maintains security infrastructure and services for Pearson's global infrastructure and IT platforms. APPLICATION SECURITY - is responsible for the security of Pearson learning management applications. The team provides regular security reviews of Pearson products, conducts training and provides guidance on industry leading practices for developing secure applications and integrates security principles for Pearson's secure development life cycle program.
SECURITY OPERATIONS CENTER - the 24x7 SOC monitors and responds to security incidents.
3. Security Policies
Pearson leverages the Information Security 27002 (ISO 27002) standard as a foundation for building our global security policies and standards.
INFORMATION SECURITY POLICIES AND STANDARDS - addresses all areas of data security including, but not limited to, personnel security, physical security, computer and network management, and access control. To reduce the risk of compromise to Pearson hosting and other systems, the contents of these policies are not disclosed publicly. Information Security Policies are reviewed and updated at least on an annual basis with ratification by the Chief Information Officer, Chief Technology Officers, Security and Privacy Officers.
4. Human Resource Security
PEARSON CODE OF CONDUCT - Annually every Pearson employee is required to read and
certify their acceptance of the Pearson Code of Conduct which establishes high levels of
ethics for Pearson staff and acceptable use of Pearson assets.
Pearson’s Code of Business Conduct policy reflects the company’s commitment to ensuring that employees and service providers understand the criteria and the importance of acting in a professionally responsible manner.
BACKGROUND CHECKS - Pearson’s talented engineers and support staff are the foundation of our company. Pearson utilizes a third-party service to conduct background checks before hiring, including criminal, education, and references.
MANAGEMENT OF EMPLOYEE AND SERVICE PROVIDER ACCESS TO COMPANY DATA AND ASSETS-
Pearson has a formal process used to assign, restrict, or remove employee access to data and/or all company-owned assets due to relocations, status changes, new hires, and terminations. UNIQUE LOGIN CREDENTIALS – Each Pearson employee or individual employed by a Pearson

authorized service provider has their own unique login name and password for accessing Pearson managed systems.
ROLE BASED ACCESS - access to Pearson systems is controlled by a multi-tier user rights management system. Pearson limits user information access to customer support and
system maintenance personnel on a need-to-know basis for the purpose of performing required business functions.
EMPLOYEE TRAINING FOR HANDLING PERSONAL DATA AND OTHER SENSITIVE INFORMATION - Pearson provides mandatory annual Information Security Awareness and Data Privacy training to all staff to ensure they understand their responsibilities when handling personal data and other sensitive information.
5. Security Training
Pearson staff receive training regarding information security and business ethics at time of hire and ongoing throughout their employment with Pearson. Additionally, Pearson's Information Security team reinforces information security best practices through memos, intranet postings and security awareness sessions with staff on site. Additional security training is provided to Pearson's developer community via in person sessions, webinars and online courses.
6. Physical and Environmental Security
Pearson utilizes state-of-the-art facilities provided by data center providers in multiple locations for housing and securing its application servers.
INTERNET DATA CENTERS – Pearson contracts with Internet data center service providers for physical hosting of Pearson’s online learning application infrastructure. These service providers are required to comply with or exceed Pearson standards regarding information security and confidentiality.
EQUIPMENT HOUSING AT DATA CENTERS - All systems are housed within locked cages or wholly dedicated and controlled areas within the hosting facilities. These facilities provide a secure and reliable infrastructure for highly available applications used worldwide. The highest quality equipment, practices, and staff are employed to ensure performance, reliability, and security. CONTROL OF PHYSICAL ACCESS AT DATA CENTERS - Physical access to the cage areas is limited to individuals on the approved access control list. Such individuals must present photo identification to guards that are stationed 24/7. Specified Pearson personnel or authorized Pearson service providers maintain physical access authority at all times. Standing access to Pearson systems is restricted to employees of Pearson with a ‘need to access’.
7. Networking and Communications Security
All network traffic between customers and Pearson systems is via the Internet. Pearson applications are web browser based and rely on HTTPs traffic. Non- HTTPs traffic consists of limited browser plug-ins and streaming media (audio and video) delivered by a commercially distributed content delivery network.
SECURE SOCKET LAYER (SSL/TLS) – All Pearson applications with SSL/TLS for public use rely on Certificate of Authority (CA) signed certificates. Self-signed certificates are not used. SSL encryption is by 128-bit cipher or higher.
FIREWALLS AND SWITCHING AND ROUTING EQUIPMENT - All Pearson systems reside behind redundant enterprise class firewalls. Pearson deploys all firewalls using approved configuration standards

which are tested, monitored and reviewed annually at a minimum. As a critical component of the company’s integrated security strategy, Pearson deploys enterprise-grade commercial switching and routing equipment that meets and exceeds industry standards as set by the Federal Information Processing Standards (FIPS), Internet Computer Security Association (ICSA), and Common Criteria certifications. The internal network topology is obscured by Network Address Translation (NAT). Services are presented publicly by virtual IP addresses (VIPs).
INTRUSION DETECTION - Ingress links from the Internet are monitored by Intrusion Detection Service which feeds traffic data to event monitoring and correlation platforms which are designed to detect anomalous traffic.
ADMINISTRATIVE CONNECTIVITY – Administrative connectivity to individual servers is strictly limited to people on a ‘need to access’ basis. There is no wireless connectivity present in the data centers. PEARSON HARDENS ALL SYSTEMS DEPLOYED FROM INITIAL BARE METAL INSTALLATIONS- Default
operating system installations are not used by Pearson systems. Pearson employs operating systems installations that have all unnecessary services removed or disabled, appropriate routing configuration predefined and the latest supported patch levels configured.
NON-DISCLOSURE OF PEARSON OPERATING SYSTEM OR SOFTWARE VERSION LEVELS -
Pearson does not disclose this information since it could be used to identify potential vulnerabilities or possible attack vectors. Further, Pearson does not disclose the configuration
of its web servers, applications or databases, since such disclosure could reveal internal
network topology, specific servers or services running on specific ports, which could be used to aid in designing or executing an attack.
USER AUTHENTICATION – Authentication/authorization to Pearson web applications is handled prior to any access to Pearson. Security architecture is reviewed by a team of systems architects and application software architects. Code reviews are executed as standard practice within the development of web applications.
BACKUPS AND COPIES OF DATA – Backups of application content and user data are made nightly. Full backups are handled on a scheduled basis. On a regular basis, copies of these backups are encrypted using industry-standard software and sent offsite to a secure third- party site for storage.
8. Vulnerability Scans
Pearson has a single, global vulnerability scanning and management program for its entire server/hosting estate. Coverage includes co-located and cloud-based servers, as well as all of the data centers managed directly by Pearson. Scanning is executed on an ongoing periodic basis for all servers/networks in scope, with critical applications and services scanned more frequently depending upon the severity and necessity.
Vulnerabilities discovered as part of the Pearson vulnerability management program are assessed, collated and presented to individual application and system owners for remediation. Pearson then tracks the risk represented by vulnerabilities, and identifies where remediation requires additional attention or escalation through a Risk Exception process.
When highly critical vulnerabilities are released, or threats are assessed as being high priority, Pearson executes a global remediation plan independent of vulnerability scanning to ensure the gap between vulnerability and closure is as small as possible.
● Pearson does not authorize customers to perform vulnerability scans or penetration scans
against Pearson products which are shared with other customers.

● Pearson may share the results of our security assessments with our customers
● Pearson will provide high level summaries via email subject to the customer signing Pearson’s
Non-Disclosure Agreement.
● Pearson will share actual vulnerability data on site and in person, subject to the customer
signing Pearson’s Non-Disclosure Agreement.
9. Security Patch Management
Pearson has established an OS layer security patching program which includes:
● A Global Threat Monitoring team which monitors vendor and security advisories and raises alerts to internal teams when a security vulnerability has been published which may affect
our infrastructure.
● A Vulnerability Scanning program to ensure patch intelligence is provided to security and
infrastructure teams.
● Risk based prioritization and reporting mechanism.
Generally non-critical security patches are deployed quarterly to allow for sufficient planning and testing. Patches are rolled out to development, staging and then production environments. An out of band emergency patch management process is utilized for when security patches require expeditious deployment due to risk.
10. Third Party and Vendor Information Security Management
Pearson has an extremely robust Vendor Information Security Management Program which includes pre-contractual discussion, the requirement for the vendor to agree to an exhaustive set of security requirements, and ongoing audits and contract reviews.
11. Secure Development Lifecycle
Pearson's Application Security team manages Pearson's secure development lifecycle processes and includes a number of components:
● Security training for developers. Security training is provided to Pearson's developer
community via in person sessions, webinars and online courses.
● Security scanning of static code. Pearson utilizes static code vulnerability scanning tools such
as Veracode to scan code repositories, report and risk rank security vulnerabilities and advise
developers and mitigation techniques.
● Dynamic web application vulnerability. Pearson utilizes dynamic web application security
vulnerability scanning tools to continuously scan web applications, detect, report and risk rank security vulnerabilities.
12. Monitoring
Pearson and its security partners actively research potential vulnerabilities worldwide and incorporate this intelligence into its ongoing application monitoring.
SYSTEM MONITORING – Server monitoring is performed at both the operating system level
and the application delivery level using network, host, and service monitoring systems. OPERATING SYSTEM LEVEL MONITORS include CPU, disk, network and ping health checks. APPLICATION-SPECIFIC TESTS are developed to test individual elements of the application delivery stack, such as database connectivity and application web tiers.
METRICS such as inbound and outbound network usage, CPU, disk consumption, and I/O are

monitored and viewable in real time.
AUDITING is enabled for standard system functions such as user authentication and activity on all Pearson platforms.
DEDICATED OPERATIONS SUPPORT TEAM (OPS) – The Operations Support team is staffed 24/7 and receives any alerts from ongoing operating system and service-level monitors. Ops is responsible for 24/7 response to service delivery interruptions or critical system and security events. Clearly defined resolution and escalation paths are defined for all systems.
SECURITY MONITORING - Pearson employs intrusion detection systems (IDS), web application firewalls (WAF), and Security Incident and Event Management (SIEM) systems to monitor
for security incidents.
LOGGING - Pearson systems implement the appropriate level of logging at the application,
web server, and database, and operating system layers.
13. Maintenance and Change Management
Pearson is committed to delivering industry-leading, reliable learning platforms. Pearson's policy regarding maintenance activity is to make any changes with as little impact as possible.
MAINTENANCE SCHEDULE – Most Pearson platforms have approximately six scheduled maintenance events during the year. These scheduled maintenance windows usually take
place early morning on Saturdays.
MAINTENANCE NOTIFICATION - For Learning Management Platforms, maintenance schedules are defined before the school year begins. For content platforms notice is given at least a week in advance.
14. Information Security Incident Management
The Pearson Security Operations Center (SOC) response team consist of members of the Security and Business Continuity Team, and members of the Legal and HR departments.
Depending on the severity of the Incident Pearson also maintains a retainer with ATE consisting of predefined SLAs and the availability of certified incident handlers. The team is capable of rapid deployment for triage, remediation, and forensic analysis of Security breaches.
SECURITY INCIDENT RESPONSE PLAN – Pearson follows an incident response plan that defines roles and responsibilities, incident security levels, and specific steps to be followed in each phase of a response effort. The Pearson plan includes:
● Identification and classification of a problem when it occurs.
● Containment of a problem.
● Eradication of the problem, communication procedures in working with affected
parties, and a return to normal operating standards.
● Recovery from the incident and follow-up analysis.
● Disabling of User Access to Applications – Pearson applications can be disabled
administratively in the event of security or performance issues. Access can be administratively prohibited at the firewall for any or all inbound or outbound traffic and for specific IP address destinations. The authorization/authentication system can be administratively configured to disable registration.

15. Customer Account Creation and Data Management
Pearson uses a number of methods to ensure the creation of unique, secure customer accounts. Educational Partners managing their students’ accounts can update account information through secure channels. Pearson’s internal security policies and published privacy policies and license agreements govern customer data usage and disclosure.
CUSTOMER RESPONSIBILITIES AND COMPLIANCE - It is important to note that the scope of data protection is also partly within the control of Pearson’s customers. Customers may restrict or grant access to information by certain parties through the options available on our online learning applications. We advise all customers of our Internet-based products of their obligation to ensure that confidential information remains secure by taking steps such as using strong passwords, changing passwords frequently, and refraining from sharing passwords with others.
16. Credit Card Processing
Pearson Learning Management Systems do not manage or process credit card transactions. All such transactions are facilitated by a Pearson managed credit card processing platform that specializes in credit card handling.
HOW ARE PAYMENTS PROCESSED?
Students who elect to pay for courses/materials with a credit card are redirected to Pearson's common internal payment environment. Pearson only accepts card-not-present e- commerce transactions and the submission channel is encrypted with appropriate SSL/TLS configurations, as required by PCI DSS. Payment card transactions are processed/settled through a PCI DSS compliant payment processor and Pearson's merchant bank.
17. Backups and Data Destruction
BACKUPS - All Pearson Learning Management Systems are backed up to encrypted (AES256) backup media which are stored offsite in secure third party storage facilities.
DATA DESTRUCTION - When a storage device has reached the end of its useful life, Pearson procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals. Pearson or its authorized vendor will utilize the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual“) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. If a hardware device is unable to be decommissioned using these procedures, the device will be degaussed or physically destroyed in accordance with industry- standard practices.
18. Business Continuity Planning
The Pearson Disaster Recovery Plan encompasses specific Pearson assets requiring protection measures and contingency plans. The purpose is to maintain business continuity and prevent loss of revenue in the event of downtime or catastrophic failure, particularly with regard to the systems used for production. The plan employs the following measures and procedures:
BACKUP AND RECOVERY PROCEDURES - Backup and restore practices help to ensure that data developed and stored on production systems can be recovered in the event of loss. Pearson currently uses a master backup system that is spread over several separate data centers, which enables Pearson to use multiple

backup strategies to protect client data (backup to disk, tapes, data de-duplication, etc.). Tape backups of all course content are performed daily, weekly, and monthly via a periodically audited backup schedule. Test restores are also performed periodically to ensure that backups are successfully occurring. Data retrieval time frames are based on the amount of data to be restored and the level of difficulty. Lastly, all tape libraries (and, correspondingly, all backups) use hardware encryption to protect the data in case of loss or theft.
ENVIRONMENTAL CONTROLS
Pearson currently operates in multiple data centers and in the public cloud. The primary production data centers have UPS, air conditioning units, and diesel generators that are capable of powering the facilities indefinitely. Primary Internet access is provided to the data centers over redundant links to multiple separate Tier 1 providers.
Web services are provided by redundant Web and application farms based on physical and virtual technologies. The production database core is based on multiple N+ 1 clusters of large scale servers attached to production class HP, NetAPP and EMC SANs. The consolidated course content storage is provided by three tiers of Network Appliance filers. From the network perspective, Pearson has a full GigE network to the independent server level with redundant firewalls, load balancers, and core switches, as well as system-based NIC teaming, to provide highly redundant and scalable network architecture.
SYSTEM REDUNDANCY / HOT SPARES
With regard to its production environment, Pearson is prepared to respond to the following disaster scenarios:
COURSE CONTENT REDUNDANCY
Full data synchronization between the production Tier 1 and Tier 2 storage arrays and the disaster recovery Tier 1 and 2 systems occurs once an hour. Individual volumes on all storage tiers are configured-to use "snapshots' that are a copy of the data-on the volume -at a specific point in-time. The volume "snapshots" are created once every 4 hours for 24 hours, every night at midnight for a week, and every Sunday at midnight for a month. These snapshots allow Pearson engineers to store individual course content as needed (such as in the case of accidental deletion). In the event of a full production filer failure, the production Web servers can be easily redirected to the disaster recovery systems due to the use of a virtualized name space.
DATABASE REDUNDANCY
Similar to the filer backup, the production database N+ 1 clusters replicate all changes to the disaster recovery databases on an hourly basis. Failover to individual databases or an entire cluster can be accomplished also through the use of a virtual name space.
SERVER REDUNDANCY
The use of multiple nodes/Web farms, active-active, active-passive, and manual failover is common in production. Individual machines also use redundant disk/power/cooling and are actively monitored by multiple software platforms.
SERVICE/MAINTENANCE CONTRACTS
Company assets are covered by maintenance contracts to ensure continuity of service. Time limits for recovery of critical elements have been defined. Service contracts for critical elements comply with defined time limits.
PERSONNEL
Pearson maintains a 24/7/365 monitored Network Operations Center (NOC) with multiple
tiers of support with a minimum of two personnel assigned for every key role (networking,

storage, security, etc.) and succession plans for primary management roles. This philosophy is reflected in Pearson processes and procedures including escalation and emergency scenario response. The Tier 1 personnel include the 24/7 Technical Support team who work 24/7/365 and have both local and remote support capability. Tier 2 personnel (Operations Support) are members of the IT team that have full access to production and who work directly with 24/7 Technical Support personnel as the first tier of escalation and are staffed 24/7/365. Tier 3 personnel are members of the senior engineering team and incident response managers who follow an on-call phone rotation and are available 24/7/365 for all escalation and emergency issues. In addition to having Pearson personnel on-site at the primary production data center, Pearson also has direct access to senior external data center staff 24/7/365.
PEARSON’S DISASTER RECOVERY (DR) PLAN contains the processes, policies and procedures needed to restore key platforms after a disaster has been declared. This includes regaining access to data (records, hardware, software, etc.) and data communications. Pearson has carefully considered the situations where execution of the plan may be necessary and has documented and practiced the most likely actions to take should it find itself in this type of situation.
DISASTER DEFINITION - A disaster will be declared and the Plan will be activated if any of the following events occur:
● ● ●
Loss of product platforms at the production data center that is expected to last 24 or more hours.
Loss of network connectivity to the production data center that impacts products and is expected to last 24 or more hours
Complete loss of the production data center that is expected to last 24 or more hours.
DISASTER RECOVERY STRATEGY - Pearson created an in-house, warm-standby DR solution using in-house physical and virtual servers and in-house storage using SAN-to-SAN log- shipping and NAS-to-NAS replication for the data. The DR environment is immediately available for warm failover to production when needed and supports full system recovery within 24 hours of the onset of a disaster with no more than 1 hour of aggregate data loss.
19. Insurance
Pearson maintains a Professional Liability policy which is an Information and Network Technology Blended policy. The policy provides coverage for Errors & Omissions, Media Liability and contains elements of cyber liability risks such as privacy data breaches and privacy remediation expenses.
20. Regulatory, Industry and Policy Compliance
Pearson platforms are subjected to regular internal and external scans, audits and assessments to maintain and improve security posture.
INTERNAL AUDIT AND ASSESSMENT - Pearson technology infrastructure and digital products are subject to risk based audits by the Pearson Global Internal Audit (PGIA) group and by the

Information Security Compliance group. The PGIA group is an independent function from Technology that reports to Pearson's Audit Committee and Board. PGIA assess whether security controls are designed adequately and operating effectively to mitigate risks and ensure adherence to technology policies, global standards and regulations. The Information Security Compliance Groups are responsible for ongoing risk assessments and analysis that spans the global scale of Pearson technology.
EU GENERAL DATA PROTECTION REGULATION (GDPR) - Pearson's Information Security Strategy is built upon industry recognized frameworks including ISO27001. Our security controls and risk management program and processes allow Pearson to comply with GDPR.
PCI COMPLIANCE - Pearson employs technological and procedural safeguards to maintain the security of credit card data from unauthorized disclosure. In doing so, Pearson maintains a robust information-security and risk management program that includes a PCI- DSS Security Policy. Regular security vulnerability scans are performed in accordance with the requirements of the most current PCI-DSS standard.

Access Conditions: Supervised (in school with staff, at home with parent) and unsupervised (in school independently, or at home independently).

Teacher Access: Yes, for monitoring the progress and coverage of learning for individual pupils and groups of pupils.

Server/Data Location: United Kingdom and European Economic Area

Retention Period:
Pearson Privacy Notice
We will keep your personal information only for as long as reasonably necessary to fulfil the purposes for which we are processing your personal information, unless the law permits or requires longer. For example, we might need to keep your personal data for quality assurance of the service we have provided, or we might need to keep it to defend future legal claims.


Yes

Arbor

more information

Data Shared: Pupil record

Sharing Basis: No - Public interest +official authority of the DC

Security Protocols:
Arbor uses bank-grade, end-to-end, 256bit SSL encryption to ensure only the authorised user can see school data. Student data is NEVER shared with third parties without a schools’ consent.  Each user is issued with a unique and secure password, with permission-based access ensuring that they can only view the data relevant to them. No data is stored on any device, and Arbor automatically logs out after a period of inactivity.  Arbor is a Data Processor and abides by all of the terms of the Data Protection Act 1998. Arbor are also registered with the UK Government on the G-Cloud VII framework, a Government framework which audits the security of cloud-based providers to ensure they meet government standards. Arbor products have also been approved by the Department for Education list for cloud suppliers.

Access Conditions: N/A

Teacher Access: N/A

Server/Data Location: EEA 

Retention Period: DOB +25 years


No

DESC Attendance

Data Shared: Name, School, Attendance data if less than 80%

Sharing Basis: Public interest + official authority of the DC

Security Protocols: Secure access or information sent by email password protected

Server/Data Location: EEA

Retention Period: As needed while resolving issues


No

Education City

more information

Data Shared: first name, last name, username, password and class, with unique ID, academic level, date of birth and gender as optional fields

Sharing Basis: This information is shared to allow for accurate tracking of pupils learning activity and output when using Education City.

Security Protocols:
All remote access to any web applications provided by EducationCity Ltd is conducted over HTTPS, an encrypted web link secured using TLS (Transport Layer Security). This is the same method used by banks and commercial entities to secure sensitive data from interception.

Access Conditions: Supervised (in school) and Unsupervised (at home)

Teacher Access: Yes, to monitor pupil progress and set relevant learning or assessment activities.

Server/Data Location: EducationCity stores data on secure database servers, located in the UK.

Retention Period:
EducationCity stores data for its users. To ensure that EducationCity does not hold user information in perpetuity, it has set criteria for the deletion of unused data. This information will be deleted daily.

Users
EducationCity holds data for Teacher, Student and Admin user accounts. If these accounts are left inactive for two years they will be deleted. The definition of inactive is if the user has not logged in (via any route) for two years.
SuccessTracker
Any saved score data will be deleted after five years on a rolling basis. Even if the student is still active, we will only hold five years’ worth of results per child; if more is required, the export data feature should be used. If a student is deleted as a result of being inactive for two years, all score data held for that student is also deleted. Data to be deleted includes Activity, Test/Assessment and PlayLive scores, and Revision Journals.
MyCity
If a Teacher or Admin user is deleted due to being inactive for two years, or a Teacher or Admin user is deleted via the user interface/front end, then their MyCities become ‘un-owned’. Any MyCities that contain no content will be deleted after two years. No MyCities will be deleted for an active user.
Usage Statistics
Usage statistics of EducationCity at school level will be stored in EducationCity’s subscriber management system and will be kept in perpetuity. No personal/user level information can be extracted from this data.


Yes

Evolve

more information

Sharing Basis: To demonstrate children's safety and welfare have been assessed prior to off-site visits to SLT and central DESC staff.

Security Protocols:
Implement additional security measures including advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging etc.

Access Conditions: Staff only

Teacher Access: Yes, to risk assess and evaluate risk assessments for off-site visits.

Server/Data Location: EEA 


No

Google Docs

more information

Data Shared: No personal information should be stored on Google servers by staff apart from a name, class grouping, email address and information regarding work completed or to be completed.

Sharing Basis: Collaborative learning by children and home learning. Can be shared with teacher and any other child at DESC school on IOM. re consent - No - Public interest +official authority of the DC

Security Protocols: Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: No

Teacher Access: Limited to areas set up by staff and shared documents

Server/Data Location: Worldwide including the US

Retention Period: DOB + 21 years or 3 years since the last log on


No

ItsLearning

more information

Data Shared: First name, surname and email address (Google for education)

Sharing Basis: To provide a LMS (Learning Management System) so that children can learn how to maintain a digital profile in a safe environment. Also to facilitate independent and self direct learning with reflection and peer assessment.

Security Protocols:
Physical security Data Centres itslearning operates all its customer services from data centres separated from the corporate office work space. Access to data centres are strictly controlled and protected to reduce the likelihood of unauthorised access, fire, flooding or other damage to the physical environment. Physical access to data centres are limited to a small number of employees within itslearning and/or its hosting centre providers. Strict security clearances are required and must be approved by security management prior to entering a data centre. Office work space All of the office work space of itslearning is protected by access control. Only invited visitors and employees can access itslearning’s work space. Multiple measures are in place to avoid security issues due to theft or loss of computer equipment. This includes security guidelines and acceptable use policies, authentication systems and encryption of storage units when applicable.

Access Conditions: supervised and unsupervised

Teacher Access: To support learning the teacher has access to pupil pages and their posts

Server/Data Location: EEA

Retention Period: While in education at state school. School attendance plus 1 year


No

Language link / Speech

more information

Data Shared: Name, DOB. email & telephone number of school

Security Protocols: Encryption, access restriction and physical security

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: 3 years


No

Microsoft Teams

Data Shared:
Census data: AppName, DeviceModel, OSName, OSVersion, UserLanguage, UserID, DeviceID. Census data DOES NOT contain any information that identifies your organisation or users.

Usage data: includes information such as number of calls made, number of IMs sent or received, number of meetings joined, frequency of features used and stability issues. Usage data DOES NOT contain any information that identifies users.

Anyone in a team can see all members of a team, including guests

Sharing Basis: Public interest to assist with remote education during period of school closures.

Security Protocols: Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest. Files are stored in SharePoint and are backed by SharePoint encryption.

Access Conditions: Supervised and unsupervised.

Teacher Access: Yes

Server/Data Location: EEA

Retention Period: August after pupil leaves school


No

MyMaths

more information

Data Shared: Name, email address

Security Protocols: Appropriate and suitable safeguards and technical measures are in place to protect your personal data

Access Conditions: Supervised

Teacher Access: Yes

Server/Data Location: Worldwide

Retention Period: End of use + 12 months


Yes

ParentPay

Data Shared:
ParentPay obtain (either from the Customer and/or from you directly) and process the following information:

Data Subject (Who) Data Category (What) Description
Pupil Student Forename This is the forename of the pupil.
Pupil Student Surname This is the surname of the pupil.
Pupil Student Known as This is the name that the pupil is known as.
Pupil Student DOB This is the date of birth of the pupil.
Pupil Student Gender This is the pupil’s gender
Pupil Student Groups Registration group (if any), year, other groups
Pupil Student Salutation This is the pupil’s salutation.
Pupil Student Dietary Requirements This is the pupils special dietary requirements
Pupil Student Postal Address The student’s postal address
Pupil Student Identifiers Roll/Admission number, UPN, management system identifier
Pupil Student Meal Selections and spend history This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items, including free school meals
Pupil Student Trip information Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport
Parents Contacts Title This is the contact’s title (Mr, Mrs, Ms, etc).
Parents Contacts Forename This is the contact’s forename.
Parents Contacts Surname This is the contact’s surname.
Parents Contacts Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Parents Contacts Gender The contact’s gender (Salutation)
Parents Contacts House Name The text entered as the contact’s house name.
Parents Contacts Street The text entered as the contact’s street.
Parents Contacts Locality The text entered as the contact’s locality.
Parents Contacts Town The text entered as the contact’s town.
Parents Contacts Postcode The text entered as the contact’s post code.
Parents Contacts Day Telephone The contact’s daytime telephone number.
Parents Contacts Home Telephone The contact’s home telephone number.
Parents Contacts Mobile Telephone This is the contact’s mobile telephone number used to receive alerts from Parentpay and for school communications
Parents Contacts Email This is the contact’s E-mail address used to receive communications from Parentpay and for school communications.
Parents Contacts Payment History and balances This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.
Parents Contacts Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Parents Contacts Other This is the contact’s alternative communication method.
Parents Contacts In-app messages Messages sent from parents to school within the ParentPay application
Parents Contacts Trouble ticket data When users submit trouble ticket information, this gets stored.
Parents Contacts Shop information ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).
Parents Contacts Browser Details IP address, cookies, browser information
Parents Contacts Scottish UPRN For users in Scotland who sign up via MyGovScot
School Staff Title This is the staff member’s title (Mr, Mrs, Ms, etc.).
School Staff Forename This is the staff member’s forename.
School Staff Surname This is the staff member’s surname.
School Staff Gender The staff member’s gender
Website Access IP Address The network address of your device or internet connection
Website Access Browser Type and Version The type of Web Browser your device is using
Website Access Cookies Special records in your browser to help the website operate
Website Access Web Analytics Generalised information about browsing behaviour and page statistics

Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest'

Security Protocols:
ParentPay use your personal information, and some of their employees have access to such information, only to the extent required to carry out the services for you and on behalf of the Customer.

ParentPay have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.

ParentPay are a Level 1 PCI-DSS certified organisation and are subject to regular and comprehensive security audits. They operate an ISO27001 compliant security programme to help protect your data at all times.

The PPL Products and Services only processes your personal information in the UK.

Some of ParentPay's supporting services (for example ZenDesk), might use cloud platforms that operate from Third Countries outside of the EEA. Where this is the case, they ensure that adequate safeguards are established to protect your data.

Server/Data Location: UK

Retention Period:
ParentPay will only retain information for as long as is necessary to deliver the service safely and securely. They may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.

Pupil data will typically be removed or anonymised when the following rules are met:

The pupil has been archived by the School.
The pupil does not have any meal consumption or attendance data within the last 13 months.
The pupil has not received a payment for any payment item within the last 13 months.
The pupil balance is zero.
Payer (Parent) data will usually be removed or anonymised when the following rules are met:

They have not logged in for 13 months.
They have not topped up or spent within the last 13 months.
Parent balance is 0 (zero), and all pupil balances are 0 (zero).
There are no active pupils associated with the account
Manager Accounts that have been disabled and have not logged in for 13 months, will be removed or anonymised. Other school staff accounts are subject to the same rules as pupils (above)

Message attachments will be removed after 24 months.

File area uploads will be purged after 24 months.

Personal information in trip records will be removed 1 month after trip completion

It should be noted that Schools will still retain a complete finance audit trail for their statutory requirements. In unusual cases where specific personal information needs to be retained, then this can be facilitated upon request.


Yes

Quesmedia Sites

more information

Data Shared: Website activity, website form submissions and user content.

Sharing Basis: To provide public website services for our school

Security Protocols:
Sites are served over HTTPS using TLS to provide both secure server–server and server–client communication. Accounts are protected from brute force attacks with rate limiting and automated account locking. Passwords are one-way encrypted using bcrypt before being stored and are required to satisfy strong password rules to ensure high-entropy.

Access Conditions: None

Teacher Access: Limited to data provided within the CMS

Server/Data Location: United Kingdom (EEA)

Retention Period: Please view the more information link for data retention policies.


No

Transition between primary and secondary school

Data Shared: Transition activities / work done in transition lessons / pupil record

Sharing Basis: In the public interest and official authority of the data controller.

Security Protocols: Emails on secure servers; for ‘online.sch.im’ a google service self regulatory frameworks, including the EU-US Privacy Shield arrangement.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: United Kingdom (EEA)

Retention Period: DOB + 21 years or 3 years since the last log on


No

Zoom

more information

Data Shared:
Your name, username and email address, or phone number, Cloud recordings, chat / instant messages, files, whiteboards, and other information shared while using the service, voice mails, IP address, MAC address, other device ID (UDID), device type, operating system type and version, client version, type of camera, microphone or speakers, connection type, etc. location, Duration of the meeting / Zoom Phone call, Email address, name, or other information that a participant enters to identify themselves in the meeting, Join and leave time of participants, Name of the meeting, Date / time that meeting was scheduled, Chat status (unless a setting is actively chosen by user), Call data records for Zoom Phone

Sharing Basis: Consent

Security Protocols:
Covid-19 Zoom for remote sessions

In order to facilitate remote working Bunscoill Rhumsaa are using a service called Zoom. Please be aware that there are privacy and security issues at present with this and we understand that you may not want to use this service. There is no obligation to do so. Some of the problems have been highlighted in the press and include:

Information routed through servers based in China – possible review of information;

Sharing of data with facebook – updated software should be used

Zoombombing – suitable passwords should be in place and links should not be shared

Encryption is not end to end - No personal information should be shared during sessions as the service is not properly encrypted.

Non-protected meetings – Only password protected meetings should be held.


Password protection, encryption – not end-to-end, only participants to meetings to be sent links, updates to be installed. Please note there are currently serious issues and no sensitive information should be shared on this platform. Privacy Shield applies.

Access Conditions: Supervised and unsupervised

Teacher Access: Yes

Server/Data Location: Data routed through servers in China. USA

Retention Period: Individual accounts when deleted


Yes

For more specific details about retention periods see the Department’s retention schedule

Information obtained or disclosed by third parties will not be used for any other purpose other than supporting the delivery of teaching and learning.

Failure to provide information may impact on support in school, the quality of teaching and learning and in achievement in examinations.

Protecting your information

Bunscoill Rhumsaa will:

  • keep your information safe and secure in compliance;
  • only use and disclose your information as detailed above where necessary
  • Retain the information for no longer than is necessary and your information wll be permanently deleted once the timeframes set out below have been reached (there will need to be an authorisation process, to dispose of this in line with our Records Management Policy and retention periods as outlined below (unless there is an over-riding reason to retain this information).

Transfer of Information outside the EEA

Apps and services that are used in school may require data to be stored on servers outside of the EEA. Information sent to these will be limited and are as detailed above.

More Information

You can find out more information including:

  • Looking at the Isle of Man Government Privacy Policy here https://www.gov.im/about-this-site/privacy-notice/ [Accessed 16/1/18]
  • Contacting our Data Protection Officer who is: Andrew Shipley, DPO. Hamilton House, Peel Road. Douglas. IM1 5EZ. Tel 685828. Email DPO-DESC@gov.im
  • Asking to see your information or making a complaint if you feel that your information is not being handled by contacting the Headteacher as Data Controller for Bunscoill Rhumsaa
  • Making a subject access request which is a request for all of the personal data we hold about you.
  • Obtaining this information in large print, braille, or in an alternative language.

Your rights

You have a right to access your personal data to ensure that it is accurate, and to request that it is rectified, blocked, erased or destroyed if it is inaccurate.

To make any request relating to your data held by us, please contact the Data Protection Officer for the Department of Education, Sport and Culture who is: Andrew Shipley, DPO. Hamilton House, Peel Road. Douglas. IM1 5EZ. Tel 685828. Email DPO-DESC@gov.im

If you are not satisfied with the response you receive, you may also complain to the Information Commissioner, whose details can be found on www.inforights.im, or the relevant supervisory authority. You may have a right to other remedies.