Your data is safe with us!

Download our GDPR compliance statement

GDPR Statement for schools

11th May 2018

On May 25th 2018, the General Data Protection Regulation (GDPR) comes into effect. Busy Things can confirm that we will be fully compliant by this date.

 

Our relationship with our customers:

For most of our school customers, Busy Things acts as a Data Controller. We do not process any personal data on behalf of our customers. We do not offer individual logins for staff members or pupils, or require customers to disclose this information to us in order to use our service. Any personal information we collect from our customers is purely to enable us to deliver our service to them.

 

Schools may choose to disclose some personal information during their normal use of Busy Things, for example, creating a Setup for a specific child, or using the Assignments feature. In these cases, we act as both a Data Controller and a Data Processor. In these cases, we will process your data in accordance with our Data Protection and Privacy Policy and our Terms and Conditions.

 

 

 

Data security:

All data collected and processed by Busy Things is stored in a secure data centre in the UK meeting industry standards for security (ISO270001). All data is transmitted to and from this location using SSL encryption technologies. All data is backed up on a regular basis and stored securely off-site.

 

 

 

Data sharing:

We do not transfer any data outside of the EU, or disclose personal data to 3rd parties, unless required by law, or with the explicit consent of the individuals involved.

 

 

 

Staff Training:

All Busy Things employees receive on-going training regarding access to and use of customers Personal Data. Access to Personal Data is restricted based on their job requirements.

 

 

Data Breaches:

Under the GDPR, Busy Things is required to report all data breaches to the Information Commissioner's Office within 72 hours. As part of our breach response procedures, we will inform all affected parties as appropriate.

 

 

Subject Access Requests and Removal requests:

Individuals that Busy Things holds personal data on can request that we provide them with a record of the data we hold, or request that their data be removed. We will comply with all such requests in a timely manner.

 

 

 

GDPR Compliance:

The GDPR outlines 6 key principles:

 

 

Lawful, fair and transparent processing:

Busy Things will only process Personal Data in a lawful and fair manner., including complying with all of our legal obligations. Our Data Protection and Privacy Policy and Terms and Conditions transparently outline how and why we are processing Personal Data.

 

 

Purposeful and specific processing:

Busy Things will only process Personal Data for the purpose of delivering our service to our customers and for improving our Service.

 

Adequate, relevant and limited processing:

Busy Things only collects and processes Personal Data that is explicitly required to deliver our service.

 

Accurate processing:

Busy Things will strive to keep all Personal Data accurate and up-to-date. Customers can update their own Personal Data using the Manage Account area of our website and our staff will also be happy to help correct inaccurate data.

 

Time-limited processing:

Busy Things will only keep Personal Data for as long as it is required, as per our Data Protection and Privacy Policy. Individuals can request that their data be removed at any time, and we will comply in a timely manner.

 

Secure processing:

Busy Things data processing and storage facilities meets all industry standards for data security and transmission. Our employment policies and practices are focussed on protecting the security and integrity of the data we hold.

 

 

 

Further Information:

 

Our ICO Registration number: ZA033853

 

Our Data Protection Officer:

Duncan Witham

3 St. James Court,

Friar Gate,

Derby,

DE1 1BT

duncan@busythings.co.uk