Please read this privacy policy carefully, together with the Terms and Conditions; they govern EveryBuddy Ltd (EB)’s relationship with you in relation to this Website, associated websites or the services provided by EB as stated in EB’s Terms and Conditions.
BACKGROUND
The EB system, and its associated mobile apps, are designed for use by schools and other educational establishments: their purpose is to enable/assist organising, communication and safeguarding processes within the school. EB’s customers are the schools who license the SchoolsBuddy platform.
EB is hosted on the school’s behalf by EB, and we accept responsibility for the physical safety and security of the data. However, ownership of the data rests with the school.
Schools may choose also to deploy the ClubsBuddy mobile apps, but these apps are dependent on information from the central system; they may be freely downloaded to an individual’s mobile device, but are not useful without authorised access to the EB system.
To fulfill its purpose, the EB system (and sometimes the mobile apps) need to store, or access from other school systems, personal information relating to teachers or students.
WHAT WE DO WITH YOUR PERSONAL DATA
As defined by General Data Protection Regulation GDPR (EU) 2016/679, EveryBuddy Ltd is a ‘Data Processor’. We process personal data only for the purpose for which they are collected. The purpose is dependent on whether you use only our website, or additionally, our services. If you use our services you are required to register and we collect your personal data. We use this personal data for the provision of the service or the performance of the contract. We may use your personal data for other similar purposes, including marketing and communications, but that will only occur in the case we have your consent or another legal justification for doing so.
From our Children we process and retain personal data for the following purposes and periods, with the applicable legal basis.
| Processing purpose | Legal basis | Retention Period |
|---|---|---|
|
Contact management |
it’s the legitimate interest of a third party (Our contract school or club) |
6 months after contract expire or a local countries minimum legal requirement which is the latest |
|
Service delivery |
it’s the legitimate interest of a third party (Our contract school or club) | Until service completed |
From our Customers/Clients we process and retain personal data for the following purposes and periods, with the applicable legal basis.
| Processing purpose | Legal basis | Retention Period |
|---|---|---|
|
Contact management |
we have a contract with the data subject |
6 months after contract expire or a local countries minimum legal requirement which is the latest |
|
Communications, marketing and intelligence |
it’s the legitimate interest of a third party (Our contract school or club) | Until contract completed |
|
Service Delivery |
it’s the legitimate interest of a third party (Our contract school or club) | Until service completed |
|
Customer Support |
we have a contract with the data subject |
Until contract completed |
From our Parents & Staff we process and retain personal data for the following purposes and periods, with the applicable legal basis.
| Processing purpose | Legal basis | Retention Period |
|---|---|---|
|
Contact management |
it’s the legitimate interest of a third party (Our contract school or club) |
6 months after contract expire or a local countries minimum legal requirement which is the latest |
|
Communications, marketing and intelligence |
it’s the legitimate interest of a third party (Our contract school or club) | 6 months after contract expire or a local countries minimum legal requirement which is the latest |
|
Service Delivery |
it’s the legitimate interest of a third party (Our contract school or club) | Until contract completed |
From our Students we process and retain personal data for the following purposes and periods, with the applicable legal basis.
| Processing purpose | Legal basis | Retention Period |
|---|---|---|
|
Contact management |
it’s the legitimate interest of a third party (Our contract school or club) |
6 months after contract expire or a local countries minimum legal requirement which is the latest |
|
Communications, marketing and intelligence |
it’s the legitimate interest of a third party (Our contract school or club) | 6 months after contract expire or a local countries minimum legal requirement which is the latest |
|
Service Delivery |
it’s the legitimate interest of a third party (Our contract school or club) | Until service completed |
WHAT PERSONAL DATA DO WE COLLECT?
The personal data we collect depends on whether you just visit our website or use our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted and the access status, and your IP address.
If you use our services, personal data is required to fulfill the requirements of a contractual or service relationship, which may exist between you and our organization or you and our contracted School or Club.
This depends on how a school chooses to use the system, but might typically include:-
- Name
- Date of Birth (child / student only)
- Location Information
- Telephone contact details
- Education History
We collect sensitive personal data for students & children (if the school / club authorises ClubsBuddy) and do so under the following legal basis:
- Health
- For purposes of medicine, health or social care or health professionals
HOW IS THAT PERSONAL INFORMATION USED?
It is made available to appropriate authorised users within the school community as part of the school’s processes. The EB system includes extensive facilities for controlling who has access to what information, so that appropriate controls may be maintained.
WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?
To maintain and improve our services, your personal data may need to be shared with or disclosed to service providers, other Controllers or, in some cases, public authorities. We may be mandated to disclose your personal data in response to requests from a court, police services or other regulatory bodies. Where feasible, we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.
We will never disclose Personal Information for marketing or other commercial purposes.
We transfer personal data to the following organisations and countries:-
Customers which are based in the EU all data is stored securely in our Microsoft Azure Cloud Storage Databases located in Ireland.
| Data subject type | Organisation Name | Type | Country |
|---|---|---|---|
| Children | Microsoft (Azure Cloud Hosting) | Processor | Ireland |
| Parents | Microsoft (Azure Cloud Hosting) | Processor | Ireland |
| Parents | Sendgrid (Email Processing Servers) | Processor | US |
| Students | Microsoft (Azure Cloud Hosting) | Processor | Ireland |
| Students | Sendgrid (Email Processing Servers) | Processor | US |
| Staff | Microsoft (Azure Cloud Hosting) | Processor | Ireland |
| Staff | Sendgrid (Email Processing Servers) | Processor | US |
Customers based outside of the EU (but not in the US) data may be stored on either our Hong Kong servers or European servers dependant upon timezones and distance from servers :-
| Data subject type | Organisation Name | Type | Country |
|---|---|---|---|
| Children | Microsoft (Azure Cloud Hosting) | Processor | Hong Kong |
| Parents | Microsoft (Azure Cloud Hosting) | Processor | Hong Kong |
| Parents | Sendgrid (Email Processing Servers) | Processor | US |
| Students | Microsoft (Azure Cloud Hosting) | Processor | Hong Kong |
| Students | Sendgrid (Email Processing Servers) | Processor | US |
| Staff | Microsoft (Azure Cloud Hosting) | Processor | Hong Kong |
| Staff | Sendgrid (Email Processing Servers) | Processor | US |
Customers based in the US data will be stored on our US Servers :-
| Data subject type | Organisation Name | Type | Country |
|---|---|---|---|
| Children | Microsoft (Azure Cloud Hosting) | Processor | United States |
| Parents | Microsoft (Azure Cloud Hosting) | Processor | United States |
| Parents | Sendgrid (Email Processing Servers) | Processor | United States |
| Students | Microsoft (Azure Cloud Hosting) | Processor | United States |
| Students | Sendgrid (Email Processing Servers) | Processor | United States |
| Staff | Sendgrid (Email Processing Servers) | Processor | United States |
| Staff | Microsoft (Azure Cloud Hosting) | Processor | United States |
HOW WE LOOK AFTER YOUR PERSONAL DATA
We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described above, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
CROSS-BORDER DATA TRANSFERS
Information that EB collects may be stored and processed in and transferred between any of the countries in which EB operates to enable the use of the information in accordance with this privacy policy. EB operates under the jurisdiction of the UK’s Information Commissioner’s Office. The Data Protection laws of the UK may be different to the national laws of EB users outside of the United Kingdom.
You agree to such cross-border transfers of personal information and the data protection laws of the country in which the data may be stored.
When a Processor or Controller is in a country outside the EU, we apply the necessary safeguards which may include, confirming whether the EC approves of transfers to the country, whether we need to use the EC’s model contracts or, if the transfer is internal to our organisation, commitment to Binding Corporate Rules. Details of these safeguards may be obtained by contacting us directly. We ensure that all processors located in the US are fully compliant and registered on the Privacy Shield Framework (https://www.privacyshield.gov).
TRACKING
The EB applications may collect anonymous data about how you use our services in order to help us improve future functionality using tools such as Google Analytics and Heap Analytics. No data that personally identifies an individual (such as a name, email address or billing information) is tracked, collected or uploaded. SchoolsBuddy may collect and report on the adoption and usage of specific features, crashes and exceptions and other useful, anonymous metrics.
SECURITY
The Internet is not a secure medium. EB is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
The Website may contain links that make it easy for users to visit other websites. If the user uses the links to leave the Website and visit a website operated by a third party, EB does not have any control over that website. Accordingly, EB cannot be responsible for the protection and privacy of any information which users have provided while visiting such websites. Users should exercise caution and look at the privacy statement applicable to the website in question.
You can choose to restrict the collection or use of your personal information:
By using the Website and not advising EB to the contrary, you consent to EB using the data in the way set out in these terms and conditions.
Under the Data Protection Act 1998, you may request details of personal information that EB holds about you. An official fee will be payable. If you want to make a request, you should contact us.
If you believe that any information EB holds about you is incorrect or incomplete, you should contact us. Any information found to be incorrect will be corrected as soon as possible.
COOKIES
EB may use cookies on certain areas of the Websites. Cookies are files that store information on your hard drive or browser that means EB can recognise that you have visited the Website before. They make it easier for you to maintain your preferences on the website, and by seeing how you use the Website, EB can tailor the Website around your preferences and measure usability of the Website. EB uses cookies only to make it easier to identify you when using the Website. EB does not use cookies to collect additional information about you. You can choose to disable the cookies from your browser and delete all the cookies currently stored on your computer. On Microsoft Internet Explorer, this can be done by selecting “Tools/Internet Options” and reviewing your privacy settings or selecting “delete cookies”. This may prevent you from taking full advantage of browsing the Internet. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu.
OUR SUPERVISORY AUTHORITY
United Kingdom
Water Lane, Wycliffe House Wilmslow – Cheshire SK9 5AF
[email protected]
+44 1625 545 745
www.ico.org.uk
CONTACT CLUBSBUDDY (EB)
If you have any questions about this privacy policy or EveryBuddy’s treatment of your personal information, please write to:
By email to [email protected] or by post to EveryBuddy Ltd, The Business Centre, Ham Manor Golf Club, West Drive, Angmering, West Sussex, BN16 4JE, United Kingdom
UPDATING THIS STATEMENT
EB may update this privacy policy by posting a new version on this website. You should check this page occasionally to ensure you are familiar with any changes.
