iTCHYROBOT Schools Text Logo

GDPR

The General Data Protection Regulation (GDPR) is a new regulation that pertains to the uniform handling of data protection and privacy for all individuals throughout Europe, as well as the exporting of personal data to outside of Europe. The regulation takes effect as of May 25, 2018.

Personal Information

Our school websites contain personal data.  An IP address, one example of a personal identifier, is an integral part of being able to access online information. Even more personal identifiers, such as cookies and user IDs, are also commonly used.

We used in conjunction with our editing facilities and Parents Evening Solutions the levels of data increases.

Therefore, as soon as a website that is online is accessed, personal data is processed, and the General Data Protection Regulation (GDPR) must be followed.

Data Protection on the Internet

The protection of personal data is of upmost importance for the General Data Protection Regulation (GDPR). Personal data includes, for example, first names, last names, email addresses, addresses, telephone numbers, birthdays, bank accounts, user names, passwords, cookies, comments (which include an email address), contact form entries, newsletter registrations with specification of an email address, social media plug-ins and analysis tools such as Google Analytics.

In short, almost all iTCHYROBOT websites are affected by the General Data Protection Regulation (GDPR).

Checklist for iTCHYROBOT Customers

The following checklist lists how we work to comply with the General Data Protection Regulations (GDPR).

SSL

Securing the connection between the client/user and your website is an essential part of ensuring that information cannot be collected whilst in transit from the client browser to the server and vice versa. Your website’s visitors must be able to rely on their data being treated confidentially and with integrity. Encrypting all data sent between the client and the server helps to reduce the potential of data lose whilst in transit.

The General Data Protection Regulation (GDPR) now makes certain things mandatory:

  • Personal data must be processed in such a way as to ensure adequate security of personal data
  • Personal data must be protected against unauthorised or unlawful processing and against unintentional loss, unintentional destruction or accidental damage by using appropriate technical and organisational measures

Our minimum security level is that all iTCHYROBOT websites are secured view a Secure Socket Layers (SSL) certificate. This helps the user;

  • Identify the domain name for the website as legitimate
  • Ensure data sent or received by either party is encrypted in transit

Passwordless (Multifactor Authentication)

At iTCHYROBOT we move to a passwordless solution for our school customers many years ago. The benefits are numerous but from a security perspective we require a person attempting to login to have a valid account in the system with an associated email. The login system requires the user to receive a one time usable login link that has an limited time of use. This allows us to authenticate the person as having access to a separate system (email) that allows them login access to their school website. Having adopted this solution we have removed the ability to brute force attack our login system ensuring the data held within is secure.

Privacy Policy

The GDPR contains new guidelines for the data protection declaration, which are mandatory on every website that processes data.

The following contents are recommended:

  • The reason for processing data
  • The name and contact details of the person responsible or data protection officer
  • The legal legitimacy for data processing
  • The recipient of the data
  • The data storage periods
  • Whether data will be passed on to third parties
  • The right to information and/or deletion of data
  • The indication of the right of appeal to the data protection supervisory authority
  • The reference to the use of Google Analytics

All our school website come with a detailed cookie and information policy covering any tracking solutions and information logging. We endeavour to utilise as few tracking solutions as we can and systems such as Google Analytics is only installed on the request of the client.

Data Storage

All data is stored on dedicate iTCHYROBOT webservers in the United Kingdom or Europe through our hosting provider.

Export/Transfer Data from Your iTCHYROBOT Website

All data added to iTCHYROBOT Schools websites can be exported following compliance with GDPR.

Our websites are developed on top of the excellent WordPress Content Management System. To review how to export your data please visit Export WordPress Content | WordPress.com Support (External Link).

Data imported into the Parents Evening System including pupils and parents can be exported in CSV format. If you are unsure how to complete an export please contact support@itchyrobot.co.uk or join one of our training sessions to learn how this works.

General Terms

The School and iTCHYROBOT acknowledge that, for the purposes of Data Protection Laws, iTCHYROBOT is a Data Processor and the School is a Data Controller in respect of the School Data comprising Personal Data which is processed by the iTCHYROBOT Software. Each party shall comply with their respective obligations under the Data Protection Laws.

iTCHYROBOT will be a Data Controller in respect of certain other Personal Data collected by iTCHYROBOT, including details of staff of the School when they interact with iTCHYROBOT directly such as on training or support calls, and the contact details of parents who may login to the iTCHYROBOT Software directly. This Agreement does not apply to any information iTCHYROBOT collects as a Data Controller. Further information relating to iTCHYROBOT’s collection and handling of Personal Data is outlined in its Privacy Handling Policies, which is made available to the School by request.

iTCHYROBOT shall comply with all applicable Data Protection Laws in respect of its obligations for the processing of the School Data.

iTCHYROBOT shall not process any School Data other than on the instructions of the School (unless such processing shall be required by any applicable law to which iTCHYROBOT is subject to)

The School hereby instructs and authorises iTCHYROBOT to process School Data for the purpose of:

  • Delivering a school website
  • iTCHYROBOT Providing the school access to the System and features such as the parents evening solution
  • as otherwise reasonably necessary for the provision of the Services by iTCHYROBOT to the School.

The School and iTCHYROBOT determines the subject matter, duration, nature and purpose of processing which includes the following:

  • the purpose of the processing of School Data by iTCHYROBOT is to enable iTCHYROBOT to provide the Services.
  • the data that will be processed by iTCHYROBOT will be School Data, and the data subjects will be students of the School, their parents and guardians, and staff of the School.

iTCHYROBOT has written policies governing their use of IT, backup procedures and security audits and processes in place as a management system. These can be shared as template agreements for organisations without such measures in place. Data and Information Security and confidentiality is a collective responsibility and ultimately the data imported and processed within the iTCHYROBOT system is owned, maintained and managed by the School and appropriate agreements between the school and the data subjects are assumed to be in place.

Ownership of the School Data and Confidential Information

The School therefore retains control of the School Data and remains responsible for its compliance obligations under the Data Protection Laws, including but not limited to, providing any required notices and obtaining any required consents, and for the written processing instructions it gives to iTCHYROBOT.

iTCHYROBOT shall keep all Confidential Information and School Data confidential and shall not:-
use any Confidential Information or School Data except for the purpose of performing the Services it provides to the School. Disclose any Confidential Information in whole or in part to any third party except as required for the purpose of any Services provided by iTCHYROBOT to the School, or if required to by law.

iTCHYROBOT shall ensure that all persons authorised by iTCHYROBOT to process the School Data are:
informed of the confidential nature of the School Data and are bound by confidentiality obligations and use the appropriate restrictions in place in respect of preserving the School Data; and have undertaken training on the Data Protection Laws relating to any handling of the School Data.

Insurance

iTCHYROBOT maintains a policy of insurance in respect of public liability in respect of the services provided by iTCHYROBOT and the processing of the School Data, and shall produce a copy of such policy to the School if requested to do so.

Deletion of Data

iTCHYROBOT shall within a reasonable period of either a written request from the School or upon instruction from an Authorised Person, or the termination of this Agreement, delete and procure the deletion of all copies of the School Data except when iTCHYROBOT are authorised or required to retain School Data to the extent required by any applicable law, provided that iTCHYROBOT continue to ensure the confidentiality of all such School Data retained, and shall ensure that such School Data is only processed as necessary for the purpose(s) specified by the applicable laws requiring its storage and for no other purpose.


This policy was last checked on the 26th February 2024 by the iTCHYROBOT team, please check this page on a regular basis as information is liable to change as practices and regulations are updated.

School Solutions

Branding

Ensuring a professional and consistent brand for your school. Will support any marketing strategy your audience will be familiar with your brand.

FIND OUT MORE Click Icon
School Websites

Your school website is one of the key places a prospective parent will visit to find out more about your school. Ensuring your website reflects your school and key messages are tailored to prospective parents and carers is a must.

FIND OUT MORE Click Icon
Social Media

Knowing what channels your target market are using and targeting them with key messages can be a cost effective way of market-ing your school to prospective parents & carers. Our team can support you to plan your content and design effective social media campaigns.

FIND OUT MORE Click Icon

FOLLOW US

Facebook Logo Twitter Logo Instagram Logo LinkedIn Logo

iTCHYROBOT UK Ltd is a company registered in England and Wales. Company number: 07210276 | VAT Number: GB102677334 | Cookie Policy | Privacy Policy | Terms & Conditions