fbpx

Our Data Protection Policy:

Online safety is of paramount importance to Cyber Coach. We take pride in how we deal with the data we hold and make sure we comply with the General Data Protection Regulation (GDPR) and the Age Appropriate Design Code.

We take seriously the privacy of all who visit our website, including visitors, registrants, school subscribers, subscriber’s students, and home users.

We are especially conscious of the need to protect all information concerning children using our services.

We are committed to safeguarding the privacy of students while providing personalised and valuable services.

If there are any requests concerning personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail at [email protected]

Our site(s) contain(s) links to third party sites which are not subject to this privacy policy. We recommend that you read the privacy policy of any such sites that you visit.

References to Terms and Conditions are to the terms and conditions applicable to subscribers, subscriber’s students and home users.

Information Collected Personal information is collected by Cyber Coach which is registered with the UK’s Information Commission as a Data Controller in accordance with the Data Protection Act 1998.

Company’s Registered Address: 29-31 Knowlsey Street, Bolton, Lancashire, BL1 2AS

Registered Number: 08445095

ICO Number: ZA349276

We review this policy annually. 

 

Cyber Coach Smart ICO - GDPR

Cyber Coach has designed, developed and delivered a number of products into schools since incorporation in 2013. These products include, but are not limited to: Cyber Coach Smart, Cyber Coach French, Emile, Guide to Life and the Personal Development Tracker.

When visitors access our websites, we collect certain information automatically from their device. Specifically, we may collect visitor’s IP address, device type, unique device identification numbers and login information, browser-type and version, time zone setting, operating system and platform, geographic location and other technical information.
We may also collect information about how a visitor’s device has interacted with our websites, including the pages accessed and links clicked, download errors, length of visits to certain pages, page interaction information, and methods used to browse away from any page.

Collecting this information enables us to better understand the visitors who visit our websites. We use this information for our internal analytics purposes and to improve the quality and relevance of our websites.

We collect some of this information via cookies. We use Google analytics to help improve our websites (more information about Google analytics and cookies can be found here: https://support.google.com/analytics/answer/6004245)

Visitors to our websites can also voluntarily provide more information, in particular by completing website enquiry forms and requests for trials. Only the information needed for responding or setting up trials is requested and this is made clear on our contact forms. Visitors must confirm that they are over 18 years old before sending any information.

We provide a personalised experience and as such we collect personally identifiable information about visitors to our websites, including registrants, subscribers, subscriber’s students and home users (“Data”) through:

  • the use of enquiry and registration forms;
  • the request for a trial or the purchase any of our products or services; and
  • the provision of details to us either online or offline.

Emile Education uses of Personally Identifiable Data

The elements of Data that we collect may include:

  • School name, address and phone number;

  • Student names, usernames and indications of ability of a student including the time and duration of all visits to our websites, users’ scores in exercises, and the time taken to achieve those scores; and

  • Teacher Names, their email addresses and contact details.

We also collect information automatically about visits to Emile’s websites via Cookies.

Our Lawful Basis for processing this information may be Contract and/or Legitimate Interest. We try and minimise the amount of information held to that we need to provide our services and conduct our business. 

It should be noted that those under 18 cannot register for an account or sign up for a trial. As such, all data provided by us should be provided by an adult. 

Please note that by providing data, the user is deemed to have a Lawful Basis for supplying such data. It is a user’s responsibility to ensure that they have a sufficient lawful basis for supplying all data to us. If a user does not have (or in the future no longer has) a Lawful Basis for supplying us with such personal data, the user must promptly inform us so any relevant data can be removed.

Please note that we do not collect data relating to gender, personal addresses, religious beliefs, pupil premium status,….

Please note that when contracting with schools, schools are “controllers” of data and that Cyber Coach are considered to be “processors” of that data. Cyber Coach shall Process Data as a Processor for the purposes strictly in accordance with the instructions of the School (the “Permitted Purpose”), except where otherwise required by any EU (or any EU Member State) law applicable to the Company. The School is deemed to have instructed and authorised Cyber Coach as reasonably necessary to enable the Company to provide any of their products to the School.

6. The School warrants and represents that it has a lawful basis (pursuant to Applicable Data Protection Law) for supplying all Data to the Company in connection with the School’s use of the Product and the lawful Processing of the Data by both the School and the Company for the purposes set out in this paragraph 2. The School shall indemnify the Company against all costs, claims, damages, expenses, losses and liabilities incurred by the Company arising out of or in connection with any failure (or alleged failure) by the School to have a lawful basis for Processing Data.


Updating Your Information

You can update your account information by contacting the office on 01204 224 296 or emailing [email protected]

Data kept for marketing purposes can be changed at any time by clicking on the unsubscribe link on any email from us. Alternatively, you can email [email protected] to update your information.

Your Access to Personally Identifiable Data

The General Data Protection Regulation gives you the right to access information held about you.Your right of access can be exercised in accordance with the regulations. Please make such a request in writing to [email protected].

Cyber Coach Employees

To ensure that the user receives the best customer care, Cyber Coach’s staff have access to user data (dependent upon their role). Staff access is controlled and is only granted on a need-to-know basis.

Disclosure of Personal Identifiable Data to third parties

Cyber Coach has a policy of not sharing any Personal Identifiable Data about visitors, registrants, school subscribers, subscriber’s students, and home users with anyone outside the organisation. (Please note that the usernames/passwords are controlled by the users themselves.)

Who We Share data with

We do not sell or share your data without your consent, other than those processors we use for our business operations under our control:

  • Microsoft – office & email systems;
  • Google – office & email systems;
  • ActiveCampaigns – email marketing campaigns; 
  • Manchester Metropolitan University – educational input into product development (anonymised & de-aggregated); and
  • University of Manchester – impact assessment (anonymised & de-aggregated).

In all cases the servers where your personal data is stored and processed are located in the European Economic Area or other areas where adequate standards of protection are in place in line with EU law.

Legal requirements

We may also disclose Data to third party suppliers if we are otherwise required to do so by law. 

Security and Protection of Personal Identifiable Data 

All remote access to Cyber Coach web applications are conducted over HTTPS, an encrypted web link secured with a Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception.

External Storage of Personal Identifiable Data

Emile Education stores data on secure database servers – Amazon Webservers. Amazon Webservers are housed in secure data centers, trusted and used by many of the country’s leading organisations.

Transfer of Personal Identifiable Data Outside of the European Economic Area

All data entered and saved on Cyber Coach products is stored and backed up on secure database servers within the UK. Any email communication with us will go through our email systems (Microsoft Office 365 & Google Mail) which is held on Privacy Shield compliant servers held in the USA – the US Privacy Shield policy is available to view on request. Wherever possible we request our customers to upload their data directly to Cyber Coach products rather than emailing it to us.

Use of Personal Identifiable Data

By accepting the Terms and Conditions all home users and school subscribers consent to Emile Education’s use and/or disclosure of the home user’s, schools and the subscriber’s students’ Data for purposes which may include:

  • providing home users or subscriber’s students with a personalised service;
  • providing feedback about use of Emile;
  • processing orders, registrations, changes to registrations and enquiries;
  • conducting market research surveys;
  • running competitions;
  • providing information about other products and services from Emile Education; and
  • consolidating anonymised data

Data Retention Schedule

Data Held

Cyber Coach holds data on suppliers, potential customers (schools), customers (schools), teachers, students, home users and employees.

Data may be held electronically on our email systems, payroll, CRM systems, and access control systems. (Please note that our accounts software holds no personal data)

Our working email servers (Office 365) have a 6-month retention policy. Our back up email servers (Gmail) have a 36-month retention policy.

Payroll is cleansed in August every year. The cleansing will be the removal of data relating to employees who terminated employment more than 6 years previous.

Customers and potential customers in our CRM and access control system are deleted 5 years from the last active service.

Breach Notification Procedure

Outline Procedure

Any potential Data Protection Breach (DPB) is notified to the Privacy Officer (PO). The PO will open an incident log and make an initial assessment of the breach’s severity.

The PO will conduct a detailed assessment and investigation of the DPB. The PO will establish a likelihood and severity of a resulting risk to people’s rights and freedoms.

If there is a risk, the ICO will be notified within 72 hours of the notification.

If there is no risk, a documented decision will be made available to the ICO (although the ICO will not be notified).

If a DPB is likely to result in a high risk to the rights and freedoms of individuals, the PO will inform those concerned directly and without undue delay.

Any DPB will be documented and reviewed to ascertain if lessons can be learned.

Age Appropriate Design Code

The Secretary of State laid the Age Appropriate Design Code to Parliament under section 125(1)(b) of the Data Protection Act 2018 (the Act) on 11 June 2020. The ICO issued the code on 12 August 2020 and it came into force on 2 September 2020.

The Age Appropriate Design Code sets out 15 standards of age appropriate design reflecting a risk-based approach. The focus is on providing default settings which ensures that children have the best possible access to online services whilst minimising data collection and use, by default. 

Cyber Coach meets all obligations of the Code. This includes: 

1. Best interests of the child: The best interests of the child are a primary consideration when Cyber Coach designs and develops online resources. 

2. Data protection impact assessments: We undertake a DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access our resources. Cyber Coach has taken into account differing ages, capacities and development needs and ensured that Cyber Coach’s DPIA builds in compliance with this code.

3. Age appropriate applicationCyber Coach takes a risk-based approach to recognising the age of individual users and applies the standards in this code to child users. Cyber Coach applies the standards in this code to all users.

4. Transparency: Cyber Coach undertakes to make all  Terms and Condition provided to users to be concise, prominent and in clear language suited to the age of the child. Cyber Coach also provides additional specific ‘bite-sized’ explanations about how you use personal data at the point that use is activated.

5. Detrimental use of dataCyber Coach does not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.

6. Policies and community standardsCyber Coach upholds all published terms, policies and community standards (including but not limited to privacy policies, age restriction, behaviour rules and content policies).

7. Default settings: All of Cyber Coach’s settings are set to ‘high privacy’ by default (unless you can demonstrate a compelling reason for a different default setting, taking account of the best interests of the child).

8. Data minimisationCyber Coach collects and retains only the minimum amount of personal data needed to provide our resources. 

9. Data sharing: Cyber Coach does not disclose children’s data unless with a Lawful or Contractual reason, taking account of the best interests of the child.

10. Geolocation: All geolocation options are set off by default.

11. Parental controls: Cyber Coach does not provide parental controls

12. Profiling: Cyber Coach does not profile children. Cyber Coach resources adjust to the achievements, answers and other responses by Users to provide appropriate materials for students. 

13. Nudge techniques: Cyber Coach does not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections.

14. Connected toys and devices: Cyber Coach does not connect to toys or other devices. 

15. Online tools: Provide prominent and accessible tools to help children exercise their data protection rights and report concerns.



Free Access

Due to coronavirus

Across the globe schools are responding to the outbreak of the Coronavirus. In a number of countries, schools have been closed and teachers are trying to deliver lessons remotely.

So with this in mind we have agreed to give FREE full access to our games based learning resources to ANY school affected by the Coronavirus outbreak.

This website uses cookies to improve your experience. By continuing to use our site you consent to our use of cookies.