What Personal Data you hold / process on (eg. Staff and student Surname forename etc) ?
Forenames and surnames of both staff and students if using Parent Meetings & Events system
Where do you store data for processing ?
The United Kingdom
How do you obtain data from our MIS and what are the encryption levels ?
Using third party MIS partners, data is transferred via HTTPS using a RSA256 certificate.
Our SAR (Subject Access Request) Procedure and who we should contact ?
How you provide a notification of breach of personal data ?
To the ICO and to the main contact of the site(s) affected
How we implement Pseudonymisation and Encryption ?
We have implement Pseudonymisation to keep our central records anonymised from our site data. Encryption is in place across all security information stored using recommended levels of encryption.
What is our process for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures for ensuring the security of data processing?
Continuous monitoring takes place although at set times of each month we have security days where we look at how we can improve existing security and keep ahead of any potential issues.
Do schools need to check our MIS integration partner (Assembly Education https://assembly.education/) for compliance ?
We carefully select our partners to ensure they will meet the requirements of GDPR but it is the responsibility of the School to also ensure that any system pulling data from the School complies with GDPR as well as the Schools own requirements.
How are backups managed and stored?
Backup are taken daily with snapshots taken in the event of a manager change per site. Storage is kept offline.
Is the data shared with anyone else, who has access to the data?
We don’t share our SchoolBooking data with any other company.
Do you have a data retention policy?
Any other questions, please contact our customer services team or email firstname.lastname@example.org