ActiveLearn (Bug Club and PowerMaths)
Data Shared: Name, Year Group, Class
Sharing Basis: The data will be provided so that teachers can plan, provide and monitor online learning activities for pupils.
Pupil data means that pupils are able to access bespoke learning activities tailored to their needs.
GENERAL SECURITY OVERVIEW FOR PEARSON’S ONLINE LEARNING APPLICATIONS
At Pearson, we recognize that our Educational Partners, Students and Customers are increasingly concerned with security, privacy, and the reliable availability of online learning applications. The information in this document can be shared with Pearson customers, potential customers and 3rd party partners.
Pearson is committed to the security and availability of our online learning applications. Pearson maintains state-of-the-art technological practices and hosting equipment that meet or exceed the needs for today’s mission critical applications. The protection of sensitive data, whether Pearson’s or that of our Educational Partners and Students is an important part of our core operating values.
2. Organizational Security
3. Security Policies
4. Human Resource Security
5. Security Training
6. Physical and Environmental Security
7. Networking and Communications Security 8. Vulnerability Scans
9. Security patch management
10. Third Party and Vendor Information Security Management 11. Secure Development Lifecycle
13. Maintenance and Change Management
14. Information Security Incident Management
15. Customer Account Creation and Data Management 16. Credit Card Processing
17. Backups and Data Destruction
18. Business Continuity Planning
20. Regulatory, Industry, and Policy Compliance
This document describes the control environment and security practices for Pearson online learning systems. It provides an overview of basic security information without supplying details that could compromise the security of the Pearson operating environment.
REVIEWS AND UPDATES – This document is periodically reviewed and updated to reflect the current security practices for Pearson online learning applications.
2. Organizational Security
Pearson has implemented a global security organization with the following key roles:
Chief Information Security Officer
Business Information Security Officers
Regional Information Security Officers
Chief Information Privacy Officer
DATA SECURITY AND PRIVACY BOARDS GOVERNANCE - the data security and privacy board mission is to establish Pearson as an ethical leader in security and privacy by setting global governance policies and standards that enable Pearson business strategy, manage risk, and respect and protect the privacy of the individuals that Pearson serves in alignment with all compliance requirements, relevant and applicable policies and laws.
SECURITY ENGINEERING – the security engineering team designs and maintains security infrastructure and services for Pearson's global infrastructure and IT platforms. APPLICATION SECURITY - is responsible for the security of Pearson learning management applications. The team provides regular security reviews of Pearson products, conducts training and provides guidance on industry leading practices for developing secure applications and integrates security principles for Pearson's secure development life cycle program.
SECURITY OPERATIONS CENTER - the 24x7 SOC monitors and responds to security incidents.
3. Security Policies
Pearson leverages the Information Security 27002 (ISO 27002) standard as a foundation for building our global security policies and standards.
INFORMATION SECURITY POLICIES AND STANDARDS - addresses all areas of data security including, but not limited to, personnel security, physical security, computer and network management, and access control. To reduce the risk of compromise to Pearson hosting and other systems, the contents of these policies are not disclosed publicly. Information Security Policies are reviewed and updated at least on an annual basis with ratification by the Chief Information Officer, Chief Technology Officers, Security and Privacy Officers.
4. Human Resource Security
PEARSON CODE OF CONDUCT - Annually every Pearson employee is required to read and
certify their acceptance of the Pearson Code of Conduct which establishes high levels of
ethics for Pearson staff and acceptable use of Pearson assets.
Pearson’s Code of Business Conduct policy reflects the company’s commitment to ensuring that employees and service providers understand the criteria and the importance of acting in a professionally responsible manner.
BACKGROUND CHECKS - Pearson’s talented engineers and support staff are the foundation of our company. Pearson utilizes a third-party service to conduct background checks before hiring, including criminal, education, and references.
MANAGEMENT OF EMPLOYEE AND SERVICE PROVIDER ACCESS TO COMPANY DATA AND ASSETS-
Pearson has a formal process used to assign, restrict, or remove employee access to data and/or all company-owned assets due to relocations, status changes, new hires, and terminations. UNIQUE LOGIN CREDENTIALS – Each Pearson employee or individual employed by a Pearson
authorized service provider has their own unique login name and password for accessing Pearson managed systems.
ROLE BASED ACCESS - access to Pearson systems is controlled by a multi-tier user rights management system. Pearson limits user information access to customer support and
system maintenance personnel on a need-to-know basis for the purpose of performing required business functions.
EMPLOYEE TRAINING FOR HANDLING PERSONAL DATA AND OTHER SENSITIVE INFORMATION - Pearson provides mandatory annual Information Security Awareness and Data Privacy training to all staff to ensure they understand their responsibilities when handling personal data and other sensitive information.
5. Security Training
Pearson staff receive training regarding information security and business ethics at time of hire and ongoing throughout their employment with Pearson. Additionally, Pearson's Information Security team reinforces information security best practices through memos, intranet postings and security awareness sessions with staff on site. Additional security training is provided to Pearson's developer community via in person sessions, webinars and online courses.
6. Physical and Environmental Security
Pearson utilizes state-of-the-art facilities provided by data center providers in multiple locations for housing and securing its application servers.
INTERNET DATA CENTERS – Pearson contracts with Internet data center service providers for physical hosting of Pearson’s online learning application infrastructure. These service providers are required to comply with or exceed Pearson standards regarding information security and confidentiality.
EQUIPMENT HOUSING AT DATA CENTERS - All systems are housed within locked cages or wholly dedicated and controlled areas within the hosting facilities. These facilities provide a secure and reliable infrastructure for highly available applications used worldwide. The highest quality equipment, practices, and staff are employed to ensure performance, reliability, and security. CONTROL OF PHYSICAL ACCESS AT DATA CENTERS - Physical access to the cage areas is limited to individuals on the approved access control list. Such individuals must present photo identification to guards that are stationed 24/7. Specified Pearson personnel or authorized Pearson service providers maintain physical access authority at all times. Standing access to Pearson systems is restricted to employees of Pearson with a ‘need to access’.
7. Networking and Communications Security
All network traffic between customers and Pearson systems is via the Internet. Pearson applications are web browser based and rely on HTTPs traffic. Non- HTTPs traffic consists of limited browser plug-ins and streaming media (audio and video) delivered by a commercially distributed content delivery network.
SECURE SOCKET LAYER (SSL/TLS) – All Pearson applications with SSL/TLS for public use rely on Certificate of Authority (CA) signed certificates. Self-signed certificates are not used. SSL encryption is by 128-bit cipher or higher.
FIREWALLS AND SWITCHING AND ROUTING EQUIPMENT - All Pearson systems reside behind redundant enterprise class firewalls. Pearson deploys all firewalls using approved configuration standards
which are tested, monitored and reviewed annually at a minimum. As a critical component of the company’s integrated security strategy, Pearson deploys enterprise-grade commercial switching and routing equipment that meets and exceeds industry standards as set by the Federal Information Processing Standards (FIPS), Internet Computer Security Association (ICSA), and Common Criteria certifications. The internal network topology is obscured by Network Address Translation (NAT). Services are presented publicly by virtual IP addresses (VIPs).
INTRUSION DETECTION - Ingress links from the Internet are monitored by Intrusion Detection Service which feeds traffic data to event monitoring and correlation platforms which are designed to detect anomalous traffic.
ADMINISTRATIVE CONNECTIVITY – Administrative connectivity to individual servers is strictly limited to people on a ‘need to access’ basis. There is no wireless connectivity present in the data centers. PEARSON HARDENS ALL SYSTEMS DEPLOYED FROM INITIAL BARE METAL INSTALLATIONS- Default
operating system installations are not used by Pearson systems. Pearson employs operating systems installations that have all unnecessary services removed or disabled, appropriate routing configuration predefined and the latest supported patch levels configured.
NON-DISCLOSURE OF PEARSON OPERATING SYSTEM OR SOFTWARE VERSION LEVELS -
Pearson does not disclose this information since it could be used to identify potential vulnerabilities or possible attack vectors. Further, Pearson does not disclose the configuration
of its web servers, applications or databases, since such disclosure could reveal internal
network topology, specific servers or services running on specific ports, which could be used to aid in designing or executing an attack.
USER AUTHENTICATION – Authentication/authorization to Pearson web applications is handled prior to any access to Pearson. Security architecture is reviewed by a team of systems architects and application software architects. Code reviews are executed as standard practice within the development of web applications.
BACKUPS AND COPIES OF DATA – Backups of application content and user data are made nightly. Full backups are handled on a scheduled basis. On a regular basis, copies of these backups are encrypted using industry-standard software and sent offsite to a secure third- party site for storage.
8. Vulnerability Scans
Pearson has a single, global vulnerability scanning and management program for its entire server/hosting estate. Coverage includes co-located and cloud-based servers, as well as all of the data centers managed directly by Pearson. Scanning is executed on an ongoing periodic basis for all servers/networks in scope, with critical applications and services scanned more frequently depending upon the severity and necessity.
Vulnerabilities discovered as part of the Pearson vulnerability management program are assessed, collated and presented to individual application and system owners for remediation. Pearson then tracks the risk represented by vulnerabilities, and identifies where remediation requires additional attention or escalation through a Risk Exception process.
When highly critical vulnerabilities are released, or threats are assessed as being high priority, Pearson executes a global remediation plan independent of vulnerability scanning to ensure the gap between vulnerability and closure is as small as possible.
● Pearson does not authorize customers to perform vulnerability scans or penetration scans
against Pearson products which are shared with other customers.
● Pearson may share the results of our security assessments with our customers
● Pearson will provide high level summaries via email subject to the customer signing Pearson’s
● Pearson will share actual vulnerability data on site and in person, subject to the customer
signing Pearson’s Non-Disclosure Agreement.
9. Security Patch Management
Pearson has established an OS layer security patching program which includes:
● A Global Threat Monitoring team which monitors vendor and security advisories and raises alerts to internal teams when a security vulnerability has been published which may affect
● A Vulnerability Scanning program to ensure patch intelligence is provided to security and
● Risk based prioritization and reporting mechanism.
Generally non-critical security patches are deployed quarterly to allow for sufficient planning and testing. Patches are rolled out to development, staging and then production environments. An out of band emergency patch management process is utilized for when security patches require expeditious deployment due to risk.
10. Third Party and Vendor Information Security Management
Pearson has an extremely robust Vendor Information Security Management Program which includes pre-contractual discussion, the requirement for the vendor to agree to an exhaustive set of security requirements, and ongoing audits and contract reviews.
11. Secure Development Lifecycle
Pearson's Application Security team manages Pearson's secure development lifecycle processes and includes a number of components:
● Security training for developers. Security training is provided to Pearson's developer
community via in person sessions, webinars and online courses.
● Security scanning of static code. Pearson utilizes static code vulnerability scanning tools such
as Veracode to scan code repositories, report and risk rank security vulnerabilities and advise
developers and mitigation techniques.
● Dynamic web application vulnerability. Pearson utilizes dynamic web application security
vulnerability scanning tools to continuously scan web applications, detect, report and risk rank security vulnerabilities.
Pearson and its security partners actively research potential vulnerabilities worldwide and incorporate this intelligence into its ongoing application monitoring.
SYSTEM MONITORING – Server monitoring is performed at both the operating system level
and the application delivery level using network, host, and service monitoring systems. OPERATING SYSTEM LEVEL MONITORS include CPU, disk, network and ping health checks. APPLICATION-SPECIFIC TESTS are developed to test individual elements of the application delivery stack, such as database connectivity and application web tiers.
METRICS such as inbound and outbound network usage, CPU, disk consumption, and I/O are
monitored and viewable in real time.
AUDITING is enabled for standard system functions such as user authentication and activity on all Pearson platforms.
DEDICATED OPERATIONS SUPPORT TEAM (OPS) – The Operations Support team is staffed 24/7 and receives any alerts from ongoing operating system and service-level monitors. Ops is responsible for 24/7 response to service delivery interruptions or critical system and security events. Clearly defined resolution and escalation paths are defined for all systems.
SECURITY MONITORING - Pearson employs intrusion detection systems (IDS), web application firewalls (WAF), and Security Incident and Event Management (SIEM) systems to monitor
for security incidents.
LOGGING - Pearson systems implement the appropriate level of logging at the application,
web server, and database, and operating system layers.
13. Maintenance and Change Management
Pearson is committed to delivering industry-leading, reliable learning platforms. Pearson's policy regarding maintenance activity is to make any changes with as little impact as possible.
MAINTENANCE SCHEDULE – Most Pearson platforms have approximately six scheduled maintenance events during the year. These scheduled maintenance windows usually take
place early morning on Saturdays.
MAINTENANCE NOTIFICATION - For Learning Management Platforms, maintenance schedules are defined before the school year begins. For content platforms notice is given at least a week in advance.
14. Information Security Incident Management
The Pearson Security Operations Center (SOC) response team consist of members of the Security and Business Continuity Team, and members of the Legal and HR departments.
Depending on the severity of the Incident Pearson also maintains a retainer with ATE consisting of predefined SLAs and the availability of certified incident handlers. The team is capable of rapid deployment for triage, remediation, and forensic analysis of Security breaches.
SECURITY INCIDENT RESPONSE PLAN – Pearson follows an incident response plan that defines roles and responsibilities, incident security levels, and specific steps to be followed in each phase of a response effort. The Pearson plan includes:
● Identification and classification of a problem when it occurs.
● Containment of a problem.
● Eradication of the problem, communication procedures in working with affected
parties, and a return to normal operating standards.
● Recovery from the incident and follow-up analysis.
● Disabling of User Access to Applications – Pearson applications can be disabled
administratively in the event of security or performance issues. Access can be administratively prohibited at the firewall for any or all inbound or outbound traffic and for specific IP address destinations. The authorization/authentication system can be administratively configured to disable registration.
15. Customer Account Creation and Data Management
Pearson uses a number of methods to ensure the creation of unique, secure customer accounts. Educational Partners managing their students’ accounts can update account information through secure channels. Pearson’s internal security policies and published privacy policies and license agreements govern customer data usage and disclosure.
CUSTOMER RESPONSIBILITIES AND COMPLIANCE - It is important to note that the scope of data protection is also partly within the control of Pearson’s customers. Customers may restrict or grant access to information by certain parties through the options available on our online learning applications. We advise all customers of our Internet-based products of their obligation to ensure that confidential information remains secure by taking steps such as using strong passwords, changing passwords frequently, and refraining from sharing passwords with others.
16. Credit Card Processing
Pearson Learning Management Systems do not manage or process credit card transactions. All such transactions are facilitated by a Pearson managed credit card processing platform that specializes in credit card handling.
HOW ARE PAYMENTS PROCESSED?
Students who elect to pay for courses/materials with a credit card are redirected to Pearson's common internal payment environment. Pearson only accepts card-not-present e- commerce transactions and the submission channel is encrypted with appropriate SSL/TLS configurations, as required by PCI DSS. Payment card transactions are processed/settled through a PCI DSS compliant payment processor and Pearson's merchant bank.
17. Backups and Data Destruction
BACKUPS - All Pearson Learning Management Systems are backed up to encrypted (AES256) backup media which are stored offsite in secure third party storage facilities.
DATA DESTRUCTION - When a storage device has reached the end of its useful life, Pearson procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals. Pearson or its authorized vendor will utilize the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual“) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. If a hardware device is unable to be decommissioned using these procedures, the device will be degaussed or physically destroyed in accordance with industry- standard practices.
18. Business Continuity Planning
The Pearson Disaster Recovery Plan encompasses specific Pearson assets requiring protection measures and contingency plans. The purpose is to maintain business continuity and prevent loss of revenue in the event of downtime or catastrophic failure, particularly with regard to the systems used for production. The plan employs the following measures and procedures:
BACKUP AND RECOVERY PROCEDURES - Backup and restore practices help to ensure that data developed and stored on production systems can be recovered in the event of loss. Pearson currently uses a master backup system that is spread over several separate data centers, which enables Pearson to use multiple
backup strategies to protect client data (backup to disk, tapes, data de-duplication, etc.). Tape backups of all course content are performed daily, weekly, and monthly via a periodically audited backup schedule. Test restores are also performed periodically to ensure that backups are successfully occurring. Data retrieval time frames are based on the amount of data to be restored and the level of difficulty. Lastly, all tape libraries (and, correspondingly, all backups) use hardware encryption to protect the data in case of loss or theft.
Pearson currently operates in multiple data centers and in the public cloud. The primary production data centers have UPS, air conditioning units, and diesel generators that are capable of powering the facilities indefinitely. Primary Internet access is provided to the data centers over redundant links to multiple separate Tier 1 providers.
Web services are provided by redundant Web and application farms based on physical and virtual technologies. The production database core is based on multiple N+ 1 clusters of large scale servers attached to production class HP, NetAPP and EMC SANs. The consolidated course content storage is provided by three tiers of Network Appliance filers. From the network perspective, Pearson has a full GigE network to the independent server level with redundant firewalls, load balancers, and core switches, as well as system-based NIC teaming, to provide highly redundant and scalable network architecture.
SYSTEM REDUNDANCY / HOT SPARES
With regard to its production environment, Pearson is prepared to respond to the following disaster scenarios:
COURSE CONTENT REDUNDANCY
Full data synchronization between the production Tier 1 and Tier 2 storage arrays and the disaster recovery Tier 1 and 2 systems occurs once an hour. Individual volumes on all storage tiers are configured-to use "snapshots' that are a copy of the data-on the volume -at a specific point in-time. The volume "snapshots" are created once every 4 hours for 24 hours, every night at midnight for a week, and every Sunday at midnight for a month. These snapshots allow Pearson engineers to store individual course content as needed (such as in the case of accidental deletion). In the event of a full production filer failure, the production Web servers can be easily redirected to the disaster recovery systems due to the use of a virtualized name space.
Similar to the filer backup, the production database N+ 1 clusters replicate all changes to the disaster recovery databases on an hourly basis. Failover to individual databases or an entire cluster can be accomplished also through the use of a virtual name space.
The use of multiple nodes/Web farms, active-active, active-passive, and manual failover is common in production. Individual machines also use redundant disk/power/cooling and are actively monitored by multiple software platforms.
Company assets are covered by maintenance contracts to ensure continuity of service. Time limits for recovery of critical elements have been defined. Service contracts for critical elements comply with defined time limits.
Pearson maintains a 24/7/365 monitored Network Operations Center (NOC) with multiple
tiers of support with a minimum of two personnel assigned for every key role (networking,
storage, security, etc.) and succession plans for primary management roles. This philosophy is reflected in Pearson processes and procedures including escalation and emergency scenario response. The Tier 1 personnel include the 24/7 Technical Support team who work 24/7/365 and have both local and remote support capability. Tier 2 personnel (Operations Support) are members of the IT team that have full access to production and who work directly with 24/7 Technical Support personnel as the first tier of escalation and are staffed 24/7/365. Tier 3 personnel are members of the senior engineering team and incident response managers who follow an on-call phone rotation and are available 24/7/365 for all escalation and emergency issues. In addition to having Pearson personnel on-site at the primary production data center, Pearson also has direct access to senior external data center staff 24/7/365.
PEARSON’S DISASTER RECOVERY (DR) PLAN contains the processes, policies and procedures needed to restore key platforms after a disaster has been declared. This includes regaining access to data (records, hardware, software, etc.) and data communications. Pearson has carefully considered the situations where execution of the plan may be necessary and has documented and practiced the most likely actions to take should it find itself in this type of situation.
DISASTER DEFINITION - A disaster will be declared and the Plan will be activated if any of the following events occur:
● ● ●
Loss of product platforms at the production data center that is expected to last 24 or more hours.
Loss of network connectivity to the production data center that impacts products and is expected to last 24 or more hours
Complete loss of the production data center that is expected to last 24 or more hours.
DISASTER RECOVERY STRATEGY - Pearson created an in-house, warm-standby DR solution using in-house physical and virtual servers and in-house storage using SAN-to-SAN log- shipping and NAS-to-NAS replication for the data. The DR environment is immediately available for warm failover to production when needed and supports full system recovery within 24 hours of the onset of a disaster with no more than 1 hour of aggregate data loss.
Pearson maintains a Professional Liability policy which is an Information and Network Technology Blended policy. The policy provides coverage for Errors & Omissions, Media Liability and contains elements of cyber liability risks such as privacy data breaches and privacy remediation expenses.
20. Regulatory, Industry and Policy Compliance
Pearson platforms are subjected to regular internal and external scans, audits and assessments to maintain and improve security posture.
INTERNAL AUDIT AND ASSESSMENT - Pearson technology infrastructure and digital products are subject to risk based audits by the Pearson Global Internal Audit (PGIA) group and by the
Information Security Compliance group. The PGIA group is an independent function from Technology that reports to Pearson's Audit Committee and Board. PGIA assess whether security controls are designed adequately and operating effectively to mitigate risks and ensure adherence to technology policies, global standards and regulations. The Information Security Compliance Groups are responsible for ongoing risk assessments and analysis that spans the global scale of Pearson technology.
EU GENERAL DATA PROTECTION REGULATION (GDPR) - Pearson's Information Security Strategy is built upon industry recognized frameworks including ISO27001. Our security controls and risk management program and processes allow Pearson to comply with GDPR.
PCI COMPLIANCE - Pearson employs technological and procedural safeguards to maintain the security of credit card data from unauthorized disclosure. In doing so, Pearson maintains a robust information-security and risk management program that includes a PCI- DSS Security Policy. Regular security vulnerability scans are performed in accordance with the requirements of the most current PCI-DSS standard.
Access Conditions: Supervised (in school with staff, at home with parent) and unsupervised (in school independently, or at home independently).
Teacher Access: Yes, for monitoring the progress and coverage of learning for individual pupils and groups of pupils.
Server/Data Location: United Kingdom and European Economic Area
Pearson Privacy Notice
We will keep your personal information only for as long as reasonably necessary to fulfil the purposes for which we are processing your personal information, unless the law permits or requires longer. For example, we might need to keep your personal data for quality assurance of the service we have provided, or we might need to keep it to defend future legal claims.
Data Shared: first name, last name, username, password and class, with unique ID, academic level, date of birth and gender as optional fields
Sharing Basis: This information is shared to allow for accurate tracking of pupils learning activity and output when using Education City.
All remote access to any web applications provided by EducationCity Ltd is conducted over HTTPS, an encrypted web link secured using TLS (Transport Layer Security). This is the same method used by banks and commercial entities to secure sensitive data from interception.
Access Conditions: Supervised (in school) and Unsupervised (at home)
Teacher Access: Yes, to monitor pupil progress and set relevant learning or assessment activities.
Server/Data Location: EducationCity stores data on secure database servers, located in the UK.
EducationCity stores data for its users. To ensure that EducationCity does not hold user information in perpetuity, it has set criteria for the deletion of unused data. This information will be deleted daily.
EducationCity holds data for Teacher, Student and Admin user accounts. If these accounts are left inactive for two years they will be deleted. The definition of inactive is if the user has not logged in (via any route) for two years.
Any saved score data will be deleted after five years on a rolling basis. Even if the student is still active, we will only hold five years’ worth of results per child; if more is required, the export data feature should be used. If a student is deleted as a result of being inactive for two years, all score data held for that student is also deleted. Data to be deleted includes Activity, Test/Assessment and PlayLive scores, and Revision Journals.
If a Teacher or Admin user is deleted due to being inactive for two years, or a Teacher or Admin user is deleted via the user interface/front end, then their MyCities become ‘un-owned’. Any MyCities that contain no content will be deleted after two years. No MyCities will be deleted for an active user.
Usage statistics of EducationCity at school level will be stored in EducationCity’s subscriber management system and will be kept in perpetuity. No personal/user level information can be extracted from this data.
ParentPay obtain (either from the Customer and/or from you directly) and process the following information:
Data Subject (Who) Data Category (What) Description
Pupil Student Forename This is the forename of the pupil.
Pupil Student Surname This is the surname of the pupil.
Pupil Student Known as This is the name that the pupil is known as.
Pupil Student DOB This is the date of birth of the pupil.
Pupil Student Gender This is the pupil’s gender
Pupil Student Groups Registration group (if any), year, other groups
Pupil Student Salutation This is the pupil’s salutation.
Pupil Student Dietary Requirements This is the pupils special dietary requirements
Pupil Student Postal Address The student’s postal address
Pupil Student Identifiers Roll/Admission number, UPN, management system identifier
Pupil Student Meal Selections and spend history This is a history of a pupil’s meal selections and spends for school meals or non-meal-related items, including free school meals
Pupil Student Trip information Trip details collected from parents, e.g. emergency contacts, medical details, dietary requirements, doctor’s contact, EHIC and Passport
Parents Contacts Title This is the contact’s title (Mr, Mrs, Ms, etc).
Parents Contacts Forename This is the contact’s forename.
Parents Contacts Surname This is the contact’s surname.
Parents Contacts Authentication data Username and password, single-sign-or multi-factor-authentication tokens
Parents Contacts Gender The contact’s gender (Salutation)
Parents Contacts House Name The text entered as the contact’s house name.
Parents Contacts Street The text entered as the contact’s street.
Parents Contacts Locality The text entered as the contact’s locality.
Parents Contacts Town The text entered as the contact’s town.
Parents Contacts Postcode The text entered as the contact’s post code.
Parents Contacts Day Telephone The contact’s daytime telephone number.
Parents Contacts Home Telephone The contact’s home telephone number.
Parents Contacts Mobile Telephone This is the contact’s mobile telephone number used to receive alerts from Parentpay and for school communications
Parents Contacts Email This is the contact’s E-mail address used to receive communications from Parentpay and for school communications.
Parents Contacts Payment History and balances This is the contact’s history of payment transactions, including reversals, refunds and withdrawals of funds.
Parents Contacts Payment card details Payment card details are captured and passed to a 3rd party for authorisation.
Parents Contacts Other This is the contact’s alternative communication method.
Parents Contacts In-app messages Messages sent from parents to school within the ParentPay application
Parents Contacts Trouble ticket data When users submit trouble ticket information, this gets stored.
Parents Contacts Shop information ParentPay can be used as a payment page from externally or internally hosted shop systems. This the information captured as part of that (“shopping basket”).
Parents Contacts Browser Details IP address, cookies, browser information
Parents Contacts Scottish UPRN For users in Scotland who sign up via MyGovScot
School Staff Title This is the staff member’s title (Mr, Mrs, Ms, etc.).
School Staff Forename This is the staff member’s forename.
School Staff Surname This is the staff member’s surname.
School Staff Gender The staff member’s gender
Website Access IP Address The network address of your device or internet connection
Website Access Browser Type and Version The type of Web Browser your device is using
Website Access Cookies Special records in your browser to help the website operate
Website Access Web Analytics Generalised information about browsing behaviour and page statistics
Sharing Basis: Schools have signed up for the service and their legal basis is: 'processing is necessary for the performance of a task carried out in the public interest'
ParentPay use your personal information, and some of their employees have access to such information, only to the extent required to carry out the services for you and on behalf of the Customer.
ParentPay have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.
ParentPay are a Level 1 PCI-DSS certified organisation and are subject to regular and comprehensive security audits. They operate an ISO27001 compliant security programme to help protect your data at all times.
The PPL Products and Services only processes your personal information in the UK.
Some of ParentPay's supporting services (for example ZenDesk), might use cloud platforms that operate from Third Countries outside of the EEA. Where this is the case, they ensure that adequate safeguards are established to protect your data.
Server/Data Location: UK
ParentPay will only retain information for as long as is necessary to deliver the service safely and securely. They may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.
Pupil data will typically be removed or anonymised when the following rules are met:
The pupil has been archived by the School.
The pupil does not have any meal consumption or attendance data within the last 13 months.
The pupil has not received a payment for any payment item within the last 13 months.
The pupil balance is zero.
Payer (Parent) data will usually be removed or anonymised when the following rules are met:
They have not logged in for 13 months.
They have not topped up or spent within the last 13 months.
Parent balance is 0 (zero), and all pupil balances are 0 (zero).
There are no active pupils associated with the account
Manager Accounts that have been disabled and have not logged in for 13 months, will be removed or anonymised. Other school staff accounts are subject to the same rules as pupils (above)
Message attachments will be removed after 24 months.
File area uploads will be purged after 24 months.
Personal information in trip records will be removed 1 month after trip completion
It should be noted that Schools will still retain a complete finance audit trail for their statutory requirements. In unusual cases where specific personal information needs to be retained, then this can be facilitated upon request.
Your name, username and email address, or phone number, Cloud recordings, chat / instant messages, files, whiteboards, and other information shared while using the service, voice mails, IP address, MAC address, other device ID (UDID), device type, operating system type and version, client version, type of camera, microphone or speakers, connection type, etc. location, Duration of the meeting / Zoom Phone call, Email address, name, or other information that a participant enters to identify themselves in the meeting, Join and leave time of participants, Name of the meeting, Date / time that meeting was scheduled, Chat status (unless a setting is actively chosen by user), Call data records for Zoom Phone
Sharing Basis: Consent
Covid-19 Zoom for remote sessions
In order to facilitate remote working Bunscoill Rhumsaa are using a service called Zoom. Please be aware that there are privacy and security issues at present with this and we understand that you may not want to use this service. There is no obligation to do so. Some of the problems have been highlighted in the press and include:
Information routed through servers based in China – possible review of information;
Sharing of data with facebook – updated software should be used
Zoombombing – suitable passwords should be in place and links should not be shared
Encryption is not end to end - No personal information should be shared during sessions as the service is not properly encrypted.
Non-protected meetings – Only password protected meetings should be held.
Password protection, encryption – not end-to-end, only participants to meetings to be sent links, updates to be installed. Please note there are currently serious issues and no sensitive information should be shared on this platform. Privacy Shield applies.
Access Conditions: Supervised and unsupervised
Teacher Access: Yes
Server/Data Location: Data routed through servers in China. USA
Retention Period: Individual accounts when deleted