Your privacy is important to us. By using our website www.professorassessor.co.uk or our Web-based Maths Assessment and/or Times Tables Fun online software available at www.prof123.co.uk you are agreeing to be bound by this Policy. We may occasionally update this Policy so please check this page from time to time to ensure you are happy with any changes we’ve made.
This Policy explains what personal information we collect from you and the personal data we process. If you have any questions regarding this Policy then please contact us by email to firstname.lastname@example.org or in writing to Professor Assessor Ltd, 1 Farrells Field, Yatton Keynell, Chippenham, SN14 7PJ.
Who are we?
We are Professor Assessor Ltd, a service provider of online educational software to schools. Professor Assessor Ltd is registered in England and Wales (Company No. 9953864). For the purposes of this policy, Professor Assessor Ltd will be referred to as we, us, or our.
Professor Assessor Ltd is registered with the Information Commissioner’s Office (ICO) and comply with the Data Protection Act (DPA) legislation and General Data Protection Regulations (GDPR). Our ICO registration number is: ZA361224. Our key staff are trained in the General Data Protection Regulations (GDPR) and understand our obligations.
What we do
We provide a Maths Assessment Web application and a Times Tables Fun Web application via www.prof123.co.uk on a subscription basis to schools. We as data controller are responsible only for the setup and maintenance of your School Administrator account. The school is the data controller and we are the data processor for all other data contained within these online Web applications and the School Administrator acting on behalf of the School can add, update and delete this data at any time during your Subscription Term (see our Subscription Agreement for details).
We also provide enquiry forms on our www.professorassessor.co.uk website. By completing and submitting any of these forms you are consenting to allow us to contact you via the methods you specify on the forms.
Legal Basis and purposes of processing your personal data
- You have given consent to the processing of your personal data for one or more specific purposes;
- It is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- It is necessary for compliance with a legal obligation to which we are subject;
- It is necessary in order to protect your vital interests;
- It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- It is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
We are committed to protecting your personal information and respecting your privacy. We process your personal data when you access our Sites and Services. These include:
- Viewing our websites.
- Corresponding with us using services such as web contact forms, telephone, email or written letter.
- Purchasing, licensing or accessing products, including mobile applications (Apps).
- Signing up to receive marketing material or newsletters.
- Entering competitions or participating in discussion boards.
- Applying for a job vacancy.
- Some of our Sites and Services may include additional terms and conditions under an applicable end-user subscription agreement.
We use your personal data in the following ways:
- Carry out our obligations from any contracts you have entered into with us;
- Respond to your enquiries, feedback and complaints;
- Provide you access to our Web-based services;
- Notify you about changes to our products and services;
- Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- Notify you about changes to our products and services.
- Customer satisfaction surveys and market research;
- Process job vacancy applications and CVs.
Our legitimate interests
There are times when we will rely on legitimate interests to process personal data, particularly when it is not practical to obtain consent. We will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Examples are:
- Reporting criminal acts and compliance with law enforcement agencies.
- Internal and external audit for financial or regulatory compliance purposes.
- Statutory reporting.
- Maintenance of “do not contact” lists (suppression lists).
- Customer satisfaction surveys and market research.
- Physical and network security.
- Software bug fixing and testing.
- Work experience placements.
- Financial management and control.
- General administration.
Categories of personal data you give to us
The personal data you give us includes:
- Email address
- User name and passwords to access our Sites and Services
- School Class(es)
- Cohort (year started school in the case of pupil data)
Your device and log information
Each time you visit or use our Sites and Services, we may automatically collect the following information:
- Technical information, including the type of device you use, your device screen resolution, your device screen size, a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface), Internet Protocol (IP) address, your operating system and its version, and/or the type of browser you use and its version;
- URL information showing how users have reached our Site and Services and whether they access other third party sites via any external links.
We use the device information in the following ways:
- To determine which features your Device supports and the screen resolution and size of your device in order to format and display content in a user-friendly manner for you and your device.
- To advise our development strategy.
- To administer our Site and Services for troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To allow you to participate in interactive features of our Sites and/or Service, when you choose to do so;
- As part of our efforts to keep our Sites and Services and the personal data contained therein safe and secure.
Information we pass to third parties and other data sharing
In order to facilitate your use of our Sites and Services, we may have to share your personal data with third parties to provide elements of our Sites and Services to you. We will provide your personal data to third parties when they need the data to perform particular functions in delivering our Sites and Services to you or as part of our regulatory compliance. These include:
- Service providers acting as data processors, located in the UK and EU who provide data hosting facilities, IT and system administration services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- In order to enforce or apply the terms of our Subscription Agreement and other agreements or to investigate potential breaches; or
- Protect the rights, property or safety of our company, our suppliers and/or our customers.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retaining your personal information
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may also retain your personal data for a reasonable period afterwards to allow us to respond to any follow up enquiries or complaints, or for as long as you remain a subscriber to our products and services.
To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, we may use or store this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data: see Right of Erasure below for further information.
Your data protection rights
Withdraw consent – Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time.
Right to be informed – You have the right to be told how your personal information will be used. This Policy is intended to be a clear and transparent description of how your data may be used.
Right of access – You can write to us asking what information we hold on you and to request a copy of that information. This is called a Subject Access Request. From 25 May 2018 we will have one month to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity..
Right of rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected. We have one month to rectify the information once a request has been received and we have successfully verified your identity. We may need to verify the accuracy of the new data provided to us.
Right of erasure – From 25 May 2018, you have the right to be forgotten (i.e. to have your personally identifiable data deleted). However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you. In some cases, we may recommend that we supress you from future communications, rather than delete your data, particularly if you have a current subscription to one of our Products or Services. We have one month to erase the requested data once a request has been received and we have successfully verified your identity.
Right to restrict processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage. We have one month to supply the information to you once a request has been received and we have successfully verified your identity.
Right to data portability – Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. This right is largely seen as a way for people to transfer their personal data from one service provider to another. We will provide to you your personal data in a structured, commonly used, machine-readable format. The format supplied by us may not be compatible with other service providers and reformatting and data manipulation may be necessary. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We have one month to supply the information to you once a request has been received and we have successfully verified your identity.
Right to object – You have an absolute right to stop the processing of your personal data for direct marketing purposes. Simply contact us and we will amend your contact preferences.
Right to object to automated decision making including profiling – Our Products and Services may perform automated decision making in order to fulfil contractual purposes. This processing in entirely for the benefit of our customers in order to deliver the advertised functionality of the products or services subscribed to. We do not undertake profiling of personal data.
A computer cookie is a small piece of information that is stored by your browser on your computer.
We use the following cookies:
- Session cookies to persist temporary information in order to provide you with essential features of our Products and Services. These session cookies are destroyed when you close your browser;
- An authentication cookie to authenticate user logins and maintain a login during a session using our Products and Services. The authentication cookie is encrypted whilst in use and destroyed when you close your browser;
- Google Analytics cookies which provide information regarding website usage to us.
- AddThis cookie which provides us with information when the share buttons are used on the website.
- Content Management cookies which are only used when our staff log in to our websites.
If you have any queries about this Policy, please contact us:
Tel: 01249 588850
Post: Professor Assessor Ltd, 1 Farrells Field, Yatton Keynell, Chippenham, SN14 7PJ.