Privacy Policy

Please read this privacy policy carefully, together with the Terms and Conditions; they govern EveryBuddy Ltd (EB)’s relationship with you in relation to this Website, associated websites or the services provided by EB as stated in EB’s Terms and Conditions.

BACKGROUND

The EB system, and its associated mobile apps, are designed for use by schools and other educational establishments: their purpose is to enable/assist organising, communication and safeguarding processes within the school. EB’s customers are the schools who license the SchoolsBuddy platform.

EB is hosted on the school’s behalf by EB, and we accept responsibility for the physical safety and security of the data. However, ownership of the data rests with the school.

Schools may choose also to deploy the ClubsBuddy mobile apps, but these apps are dependent on information from the central system; they may be freely downloaded to an individual’s mobile device, but are not useful without authorised access to the EB system.

To fulfill its purpose, the EB system (and sometimes the mobile apps) need to store, or access from other school systems, personal information relating to teachers or students.

WHAT WE DO WITH YOUR PERSONAL DATA

As defined by General Data Protection Regulation GDPR (EU) 2016/679, EveryBuddy Ltd is a ‘Data Processor’. We process personal data only for the purpose for which they are collected. The purpose is dependent on whether you use only our website, or additionally, our services. If you use our services you are required to register and we collect your personal data. We use this personal data for the provision of the service or the performance of the contract. We may use your personal data for other similar purposes, including marketing and communications, but that will only occur in the case we have your consent or another legal justification for doing so.

From our Children we process and retain personal data for the following purposes and periods, with the applicable legal basis.

Processing purpose Legal basis Retention Period

Contact management

it’s the legitimate interest of a third party (Our contract school or club)

6 months after contract expire or a local countries minimum legal requirement which is the latest

Service delivery

it’s the legitimate interest of a third party (Our contract school or club) Until service completed

From our Customers/Clients we process and retain personal data for the following purposes and periods, with the applicable legal basis.

Processing purpose Legal basis Retention Period

Contact management

we have a contract with the data subject

6 months after contract expire or a local countries minimum legal requirement which is the latest

Communications, marketing and intelligence

it’s the legitimate interest of a third party (Our contract school or club) Until contract completed

Service Delivery

it’s the legitimate interest of a third party (Our contract school or club) Until service completed

Customer Support

we have a contract with the data subject

Until contract completed

From our Parents & Staff we process and retain personal data for the following purposes and periods, with the applicable legal basis.

Processing purpose Legal basis Retention Period

Contact management

 it’s the legitimate interest of a third party (Our contract school or club)

6 months after contract expire or a local countries minimum legal requirement which is the latest

Communications, marketing and intelligence

it’s the legitimate interest of a third party (Our contract school or club) 6 months after contract expire or a local countries minimum legal requirement which is the latest

Service Delivery

it’s the legitimate interest of a third party (Our contract school or club) Until contract completed

From our Students we process and retain personal data for the following purposes and periods, with the applicable legal basis.

Processing purpose Legal basis Retention Period

Contact management

 it’s the legitimate interest of a third party (Our contract school or club)

6 months after contract expire or a local countries minimum legal requirement which is the latest

Communications, marketing and intelligence

it’s the legitimate interest of a third party (Our contract school or club) 6 months after contract expire or a local countries minimum legal requirement which is the latest

Service Delivery

it’s the legitimate interest of a third party (Our contract school or club) Until service completed

WHAT PERSONAL DATA DO WE COLLECT?

The personal data we collect depends on whether you just visit our website or use our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted and the access status, and your IP address.

If you use our services, personal data is required to fulfill the requirements of a contractual or service relationship, which may exist between you and our organization or you and our contracted School or Club.

This depends on how a school chooses to use the system, but might typically include:-

  • Name
  • Date of Birth (child / student only)
  • Email
  • Location Information
  • Telephone contact details
  • Education History

We collect sensitive personal data for students & children (if the school / club authorises ClubsBuddy)  and do so under the following legal basis:

  • Health
    • For purposes of medicine, health or social care or health professionals

HOW IS THAT PERSONAL INFORMATION USED?

It is made available to appropriate authorised users within the school community as part of the school’s processes. The EB system includes extensive facilities for controlling who has access to what information, so that appropriate controls may be maintained.

WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?

To maintain and improve our services, your personal data may need to be shared with or disclosed to service providers, other Controllers or, in some cases, public authorities. We may be mandated to disclose your personal data in response to requests from a court, police services or other regulatory bodies. Where feasible, we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.

We will never disclose Personal Information for marketing or other commercial purposes.

We transfer personal data to the following organisations and countries:-

Customers which are based in the EU all data is stored securely in our Microsoft Azure Cloud Storage Databases located in Ireland.

Data subject type Organisation Name Type Country
Children Microsoft (Azure Cloud Hosting) Processor Ireland
Parents Microsoft (Azure Cloud Hosting) Processor Ireland
Parents Sendgrid (Email Processing Servers) Processor US
Students Microsoft (Azure Cloud Hosting) Processor Ireland
Students Sendgrid (Email Processing Servers) Processor US
Staff Microsoft (Azure Cloud Hosting) Processor Ireland
Staff Sendgrid (Email Processing Servers) Processor US

Customers based outside of the EU (but not in the US) data may be stored on either our Hong Kong servers or European servers dependant upon timezones and distance from servers :-

Data subject type Organisation Name Type Country
Children Microsoft (Azure Cloud Hosting) Processor Hong Kong
Parents Microsoft (Azure Cloud Hosting) Processor Hong Kong
Parents Sendgrid (Email Processing Servers) Processor US
Students Microsoft (Azure Cloud Hosting) Processor Hong Kong
Students Sendgrid (Email Processing Servers) Processor US
Staff Microsoft (Azure Cloud Hosting) Processor Hong Kong
Staff Sendgrid (Email Processing Servers) Processor US

Customers based in the US data will be stored on our US Servers :-

Data subject type Organisation Name Type Country
Children Microsoft (Azure Cloud Hosting) Processor United States
Parents Microsoft (Azure Cloud Hosting) Processor United States
Parents Sendgrid (Email Processing Servers) Processor United States
Students Microsoft (Azure Cloud Hosting) Processor United States
Students Sendgrid (Email Processing Servers) Processor United States
Staff Sendgrid (Email Processing Servers) Processor United States
Staff Microsoft (Azure Cloud Hosting) Processor United States

HOW WE LOOK AFTER YOUR PERSONAL DATA

We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described above, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.

CROSS-BORDER DATA TRANSFERS

Information that EB collects may be stored and processed in and transferred between any of the countries in which EB operates to enable the use of the information in accordance with this privacy policy. EB operates under the jurisdiction of the UK’s Information Commissioner’s Office. The Data Protection laws of the UK may be different to the national laws of EB users outside of the United Kingdom.

You agree to such cross-border transfers of personal information and the data protection laws of the country in which the data may be stored.

When a Processor or Controller is in a country outside the EU, we apply the necessary safeguards which may include, confirming whether the EC approves of transfers to the country, whether we need to use the EC’s model contracts or, if the transfer is internal to our organisation, commitment to Binding Corporate Rules. Details of these safeguards may be obtained by contacting us directly. We ensure that all processors located in the US are fully compliant and registered on the Privacy Shield Framework (https://www.privacyshield.gov).

TRACKING

The EB applications may collect anonymous data about how you use our services in order to help us improve future functionality using tools such as Google Analytics and Heap Analytics. No data that personally identifies an individual (such as a name, email address or billing information) is tracked, collected or uploaded. SchoolsBuddy may collect and report on the adoption and usage of specific features, crashes and exceptions and other useful, anonymous metrics.

SECURITY

The Internet is not a secure medium. EB is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

The Website may contain links that make it easy for users to visit other websites. If the user uses the links to leave the Website and visit a website operated by a third party, EB does not have any control over that website. Accordingly, EB cannot be responsible for the protection and privacy of any information which users have provided while visiting such websites. Users should exercise caution and look at the privacy statement applicable to the website in question.

You can choose to restrict the collection or use of your personal information:

By using the Website and not advising EB to the contrary, you consent to EB using the data in the way set out in these terms and conditions.
Under the Data Protection Act 1998, you may request details of personal information that EB holds about you. An official fee will be payable. If you want to make a request, you should contact us.
If you believe that any information EB holds about you is incorrect or incomplete, you should contact us. Any information found to be incorrect will be corrected as soon as possible.

COOKIES

EB may use cookies on certain areas of the Websites. Cookies are files that store information on your hard drive or browser that means EB can recognise that you have visited the Website before. They make it easier for you to maintain your preferences on the website, and by seeing how you use the Website, EB can tailor the Website around your preferences and measure usability of the Website. EB uses cookies only to make it easier to identify you when using the Website. EB does not use cookies to collect additional information about you. You can choose to disable the cookies from your browser and delete all the cookies currently stored on your computer. On Microsoft Internet Explorer, this can be done by selecting “Tools/Internet Options” and reviewing your privacy settings or selecting “delete cookies”. This may prevent you from taking full advantage of browsing the Internet. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu.

OUR SUPERVISORY AUTHORITY

United Kingdom
Water Lane, Wycliffe House Wilmslow – Cheshire SK9 5AF
[email protected]
+44 1625 545 745
www.ico.org.uk

CONTACT CLUBSBUDDY (EB)

If you have any questions about this privacy policy or EveryBuddy’s treatment of your personal information, please write to:
By email to [email protected] or by post to EveryBuddy Ltd, The Business Centre, Ham Manor Golf Club, West Drive, Angmering, West Sussex, BN16 4JE, United Kingdom

UPDATING THIS STATEMENT

EB may update this privacy policy by posting a new version on this website. You should check this page occasionally to ensure you are familiar with any changes.