Edulink One Privacy Policy

Overnet Data Ltd (we) are committed to protecting your personal data and respecting your privacy.

Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data. This information is provided in this policy and it is important that you read that information.

Introduction

This policy applies to your use of:

  • Edulink One mobile application software (App) available on IOS or Android  as made available via an applicable app store (each an App Site), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device);
  • Edulink One web version (Site); and

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

You can download a pdf version of the policy here: www.overnetdata.com/legal.

Important information and who we are

We are Overnet Data Ltd (collectively referred to as Overnet Data, we, us or our in this policy).In the vast majority of case, where we process your personal data in respect of your use of Edulink One, we do so as a data processor, acting on behalf of the school or college (Organisation) where you are a member of staff, parent, pupil or otherwise affiliated (see section 3 below for more information about how we process your personal data as a data processor). This privacy policy provides details about the limited circumstances in which we collect and process your personal data for our own purposes (acting as a data controller).

Contact details

Our full details are:

  • Full name of legal entity: Overnet Data Ltd
  • Email address: legal@overnetdata.com
  • Postal address: Unit 2 Parkhill, Castle Ashby, Northampton. NN7 1LA

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).  We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy policy

We keep our privacy policy under regular review.

This version was last updated on 6 November 2018. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next start the App or log onto the Site. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the Services.

Our primary business is “data processing”

You are granted access to Edulink One as a result of our agreement with your Organisation. The Organisation has entered into a contract with us, pursuant to which we have agreed to provide various software solutions (including Edulink One) to the Organisation.  The Organisation wishes to use our services in order to allow the Organisation to:

  • make data about a student available via the App or Site to the student and their parents/guardians to support the student’s education;
  • make data about students available via the App or Site to the Organisation’s staff to help them support students’ education and to work more efficiently;
  • make data about students available to the Organisation’s Governing Bodies and/or Multi-Academy Trusts to help them support students’ education; and
  • make data relating to the Organisation’s staff available to students and their parents/guardians and other members of staff.

In order to provide such services, the Organisation will provide us with certain information relating to its staff, students and parents / guardians.  We are also required to process certain personal data (including personal data belonging to staff, students and parents/guardians), that you or another user uploads, inputs or otherwise shares via Edulink One.

This may include your:

  • name, contact details, date of birth, images and/or payment details;
  • family details;
  • information relating to your lifestyle and social circumstances;
  • employment and education details; and/or
  • special categories of personal data (or “sensitive” persona data), including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data and/or information about criminal convictions and offences.

In respect of any personal data that you share via Edulink One:

  • we process the personal data on behalf of the Organisation and only in accordance with the Organisation’s instructions (as set out in our contract with them);
  • the Organisation determines what personal data to store, how it is processed and for what purposes, the applicable legal basis for processing such personal data and when it is deleted;
  • we ONLY access the personal data shared via Edulink One and stored by the Organisation in order to carry out the Organisation’s instructions and to maintain or improve the services or to fix faults.  We do not use the personal data for any other purposes;
  • we don’t share the personal data with any third parties, unless the Organisation instructs us to do so or if we are otherwise required to do so by law; and
  • we do not use sub-contractors to process the personal data on our behalf.

It is important that (in addition to this privacy policy) you have also read and understood the Organisation’s privacy policy in order to understand the purposes for which they process your personal data, including personal data that you share via Edulink One.  It is the Organisation’s responsibility to ensure that they make this information available to you.  Please contact the Organisation for more details about the terms upon which we process such personal data on their behalf.  

We will work with the Organisation, where necessary, in order to support your rights as a data subject.

This privacy policy provides details about how we collect and process your personal data for our own purposes (acting as a data controller).

The data we collect about you (acting as data controller).

We may collect, use, store and transfer different kinds of personal data about you as follows:

  • Identity Data: for example, your first name, last name, username or similar identifier.
  • Contact Data: for example, your email address and telephone numbers.
  • Device Data: includes data relating to your mobile device, for example, your time zone setting and device lock status.
  • Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Site.
  • Usage Data: includes details of your use of any of our Apps including, but not limited to, traffic data and other communication data, and the resources that you access.

Third party data

Where you upload, input or otherwise share a third party’s personal data via Edulink One, you are solely responsible for ensuring that you have first obtained the third party’s consent (or have another appropriate legal basis) to share such personal data, and to advise the third party that you have shared their personal data via Edulink One and bring this privacy policy to their attention.

How is your personal data collected?

We will collect and process the following data about you:

  • Information you give us. This includes any Identity Data that you provide when you report a problem with an App or our Services. If you contact us, we will keep a record of that correspondence.
  • Information we collect about you and your device. Each time you use one of our Apps or interact with our Site, we will automatically collect personal data including Device, Technical and Usage Data.
  • Information provided by third parties. We use a service provided by Google in order to provide push notifications on your Device.  As part of this push notification service, we receive aggregated data from Google about the location of users who are receiving the push notifications (e.g. there are a specified number of users in Leeds).

Web browser storage

We use browser web storage (including HTML5) to store data relating to your use of the App or Site locally on your Device or computer (as applicable).  This is essential in order for us to provide Services to you.  For example, this enables us to remember your username and password, and the Organisation that you are affiliated to, each time that you use the App or Site. This helps us to provide you with a good experience when you use the App or Site. We do not download or otherwise centralise any information that we collect using HTML5, it is only ever stored on your Device or computer (as applicable).  We do not share the information with any third parties.

How we use your personal data

We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances: 

  • Where you have consented before the processing.
  • Where we need to perform a contract we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of the Organisation) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Purposes for which we will use your personal data

Purpose/activityType of dataLawful basis for processing
To deliver Services to you and the Organisation (including the provision of push notifications to your Device).Identity 
Device
Technical
Performance of a contract with you 
Necessary for the Organisation’s legitimate interests (in order to provide their functions and services in a cost-effective, accessible and stream-lined manner)
To administer and protect our business and this App including troubleshooting, data analysis and system testingTechnical
Usage
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)
To measure and analyse the effectiveness of our Services 
To monitor trends so we can improve the App
Technical
Usage
Necessary for our legitimate interests (to develop our products/Services and grow our business)

Disclosures of your personal data

We will not share your personal data with third parties, except in the limited circumstances set out below:

  • We may share personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  • We may share personal data with third parties in limited circumstances where we are required to do so by law.

International transfers

Subject to the below, we do not transfer your personal data outside the European Economic Area (EEA).

We may be required to transfer personal data out of the EEA, where you or the Organisation are based outside the EEA and where the processing is necessary either for the performance of our contract with you or the performance of our contract with the Organisation concluded in your interests.

Data security

All the information you provide to us is either stored on our secure servers within the EEA or on the Organisation’s servers (which may be outside the EEA, for example, if the Organisation is based outside of the EEA – please refer to the Organisation’s privacy policy for information about their servers).

Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.

If you are provided with, or choose, a password and/or other log-in details in order to use the App, it is your responsibility to keep such password and/or other log-in details confidential and secure.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

Data retention

On termination or expiry of our contract with the Organisation, your right to use the App and Site will automatically terminate.  We will automatically delete your personal data within 90 days of the date of termination or expiry of our contract with the Organisation, with the exception of any personal data that we are required to keep for legal or regulatory purposes.

Under certain circumstances you have the following rights under data protection laws in relation to your personal data:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer or your personal data.
  • Right to withdraw consent. 

To find out more about these rights please refer to the ICO’s website at [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/].  In most cases, the Organisation (as defined in clause 3 above) is primarily responsible for making decisions about how your personal data is processed by use (see clause 3 above for further details).  So, in most cases, you should contact the Organisation in the first instance if you wish to exercise any of your data rights.  If your query relates to data where we are the controller, please also feel free to contact us at legal@overnetdata.com and we will try to assist.