Data Protection – GDPR
Alps was developed to support schools and colleges, and groups of schools to drive performance improvement through good use of data. Protecting the sensitive data schools and colleges choose to send to us is a top priority.
At Alps we updated our systems and terms and conditions in line with the General Data Protection Regulation (“GDPR”) to ensure that we could carry on supporting schools and colleges.
Our data protection compliance is continuous and is regularly reviewed. We will keep you informed of any updates to our data protection documents or systems, if the Government guidance on how to apply GDPR, which is regularly updated, or any case law requires us to change these further.
Site Terms and Conditions
Our Alps Site Terms and Conditions explain how our services work and how we ensure privacy and security. This is the document we require schools and colleges to agree to before uploading data to us. It explains what we require from schools and colleges if they choose to use Alps.
In terms of the services we provide, schools and colleges, as the data controllers, are required under the GDPR to have a written contract with us, the data processor, which fulfils certain requirements set out in the GDPR.
Our Terms and Conditions have been updated to reflect these requirements and now also serve as a GDPR processing agreement.
For schools and colleges based outside the UK but within the EEA, our Terms and Conditions have been updated to include the Standard Contractual Clauses produced by the European Commission in order to ensure transfers from those schools and colleges remain compliant with the GDPR in the absence of the European Commission granting the UK an adequacy decision.
This document underpins the policies, promises and contracts we make with schools and colleges relating to the education data that Alps processes. We are committed to protecting and respecting your privacy.
Our Compliance Statement confirms how we comply with GDPR in terms of our services to schools and colleges, and answers many of the frequently asked questions we receive, including how we store data, how long we retain data and how we might share data.
Data Protection – Further Information For Schools
Information for Students and Parents
This sets out our position with respect to student data, the position of the school or college, and what we do if there is a query from a student or parent.
GDPR – Profiling warning for schools and colleges
The GDPR contains a number of provisions about the use of automated decision making, including profiling. Profiling is defined under GDPR as the automated processing of personal data to evaluate certain things about an individual, including their performance or behaviour. This statement sets out our position on any potential profiling using Alps analysis.
Suggested text for Inclusion in School Privacy Notices
Schools and colleges are obliged to include information on data they hold and process in their Privacy Notices. We have set out some suggested text for your notices in relation to the services we provide.
Use of the Assembly Platform (https://assembly.education)
In some cases Alps may use Assembly to connect school or college data to Alps, if requested by the school or college. We comply with the terms of Assembly’s developer agreement, and the joint privacy pledge which ensures GDPR compliance and ensures that schools and colleges remain the data controller of the data they hold and send to Alps, via Assembly, for processing. For more information see: http://assembly.education/developer-agreement/
We will keep you informed on any further updates that we make. If you have any queries in the meantime please contact us on 01484 887 600 or email us at [email protected]
Please be aware that this statement is not intended to be formal legal advice. We recommend that you seek your own expert advice wherever relevant.