You are here:
Last updated February 2017
WHO WE ARE
We are The Key Support Services Limited (trading as The Key), a company incorporated under the laws of England and Wales with company number 08268303 whose registered office is at 29 Ludgate Hill, London, EC4M 7JR. If you have any queries about how we use your data, please contact our data protection officer at firstname.lastname@example.org
WHY YOU NEED TO READ THIS
This policy relates to all the websites, services and products featured from time to time under the domain thekeysupport.com (the Sites).
When you visit the Sites or access our services, you will be giving us information in a variety of ways as described in this policy (your Personal Data). The purpose of this policy is not to simply give you the small print. We want to protect and respect your privacy. We want to try and make it as clear as possible to you what you are agreeing to when you visit the Sites and use our services.
Sometimes in this policy we will refer to a few legal terms such as:
- The UK Data Protection Act 1998 (the DPA);
- The General Data Protection Regulation (2016/679) (the GDPR)
- Data processors (third parties who process your data on our behalf);
- A data controller (the company which determines how your data is handled) – that’s us (The Key).
Defined terms in our General Terms and Conditions will apply equally to this policy unless otherwise expressly defined in this policy.
CHANGES TO THE SITES AND THIS POLICY
We may need to update the Sites and this policy at any time and without notice. Where you have given us your email address, we may use this to notify you of such changes and we will post a note on the Sites to inform you that this policy has been updated. Please check this policy regularly to ensure you always understand how we use your information.
It is a condition of using the Sites and our services that you need to agree with this policy and how we use your data for our legitimate business purposes as described in more detail below. However, where we consider that you might think that one of the ways we use your data is more intrusive than others, and that use is optional, then we will ask you to tick a box on the forms that collect your data to make doubly sure you are happy about this.
WHAT INFORMATION WILL YOU COLLECT ABOUT ME AND WHY DO YOU NEED IT?
We will collect and process the following data about you:
- Obvious information you give us. This is information about you that you give us by:
- Filling in any forms on the Sites, registering for a free trial or account with us, subscribing to our services;
- Using our services (for example by asking a question or participating in discussion boards or other social media functions on the Sites); or
- Corresponding with us by phone, e-mail or otherwise (for example if you report a problem with the Sites or have a recommendation or complaint relating to one of our products or services).
In these scenarios, you know what information you are giving us and why we need the information as you are requesting us to use your information to fulfil your request. However, as a reminder, this may include your name, address, e-mail address and phone number, role, place of employment or School and any profile information you may give us that is linked to your account. Where you are a Lead User, your information may include your bank account and card information, which we do not hold on the Sites, but which is held instead by our secure payment providers. Ultimately, we need this information to provide you with the products and services you have subscribed for, to ensure it is relevant to you, to comply with the contracts we may have with you and to notify you about changes to our service. These are our legitimate business reasons.
- Marketing and Research
By signing up to these terms, you are consenting to receiving relevant marketing about products and services we offer which we feel may be of interest to you. We may also send marketing to existing users where we are marketing similar products/services to those they have already subscribed to.
The Sites and our services are based on an education community where users share their concerns and experiences. It is therefore a necessary function of our service that we may contact you occasionally for research purposes, although you do not have to participate in any survey.
If you wish to opt out of receiving marketing or being contacted for research purposes, please email us at email@example.com.
- Less obvious information we collect about you. Each time you visit the Sites or subscribe to our services, there is some data processing going on in the background telling us about you, as with many other websites. This is technical information including: the IP address used to connect your device to the internet, anonymous user ID, the full URL, the clickstream to, through and from the Sites (including date and time), products you viewed or searched for, page response times, errors, length of visits to certain pages, server log files, page-interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, the platform and device you are using, SDK version, timestamp, API key, application version, device identifier, iOS Identifier for Advertising, Media Access Control (MAC) address, International Mobile Equipment Identity (IMEI), model, manufacture and OS version of device, locale (specific location where a given language is spoken), time zone, network status (WiFi, etc.), location information (not sufficient to derive city and street names), gender, events, and page views, device type and time-zone of the user, and how you use the Sites. We also capture information about your browser type and version and operating system.
- We need this data to: administer the Sites and keep them secure, improve our products and services and how the Sites appear to you, track how you used the Sites, and look at where you go after visiting the Sites to ensure we are tailoring our marketing and services appropriately to you, and that you don’t receive irrelevant information. For more information on how we track what websites you visit, please see the cookies policy.
We also use aggregated data on user activity within the Sites to generate and publish lists of popular content and search terms on the Sites. Some of these lists are segmented by a common characteristic including by job role, local authority, school type and topic. For example, we may inform you that ‘school governors in a school like yours were interested in the following article’. These published statistics will not include any information that could personally identify you or the content you have personally accessed.
We may also provide aggregate statistics about use of the Sites to stakeholders in the education sector such as the Department for Education, trade unions, local authorities or education data insight and research organisations, for statistical and research purposes, but these statistics will not include any information that could personally identify you or the content you have personally accessed. (For example, we may provide information that 50% of school governors accessing our The Key for School Governors service read a particular article).
If you access the Sites using a mobile device, your device may give us your location data.
Your calls to our helpline may be monitored or recorded for training and quality assurance purposes and to provide you with the services you request.
- Will other Permitted Users be able to see my data?
Permitted Users at your School can view certain information relating to their School information in the ‘My school’ section of certain of the Sites. This section includes a list of all the other Permitted Users at the School, including their first name, surname and role. This allows Permitted Users to see which of their colleagues are also registered, and to ensure they are eligible, in line with our General Terms and Conditions.
On occasion, or upon receiving a request, we will email the Lead User and/or the individual (or body) who authorised or organised membership on behalf of a School, to inform them of new Permitted Users at their School who have registered with us. This is intended to help ensure that people who register are eligible to use the service.
Certain of our products offer a function to comment on an article or to add your own notes. Depending on the product, you may be asked for your permission to display your name, role and School, and you may be able to withhold this permission and instead be acknowledged anonymously using your role and a general description of your type of school and its broad geographical location (for example, headteacher, secondary school, East of England). Please check the individual products for details. Please note that our Compliance Tracker product does not offer a function for notes and comments to be private, as these need to be visible to the other Permitted Users for this product from your School.
- Information we receive from other sources.
- Sometimes, other people give us data about you which we may need for our legitimate business purposes. This may happen when you use another website that we link to. For example, we may link through to third-party payment providers. They tell us that you have paid for your products. We also might engage third-party contractors to provide us with technical or delivery services that are related to your account with us. We may have to conduct credit-referencing checks where this is a condition of our contract with you.
- We may enter partnerships with third parties to exchange information about you where we think it will give you an opportunity to get a great product or service, but we will always ask for your express permission to do this.
- We may use providers of analytical services or advertising network and search-engine providers to provide us with information about users of the Sites. Please see our cookies policy for more details.
- From time to time, we may partner with third-party professional or social-media websites whereby you can use their login details to access one of the Sites. Where this occurs, please remember you are linking the information you are giving us with the information on that website, so please read their privacy policies also, and remember we may connect your two profiles. Also, if we offer you the opportunity to invite a colleague to try our products by using the contacts from a social-network service or email provider, then we will only use those contacts to send them that invitation.
DO ANY THIRD PARTIES GET MY INFORMATION FROM YOU?
- We use some contractors and share your information with them as outlined above.
- Where a Permitted User uploads compliance data into the Compliance Tracker product (for example, by confirming they have undertaken an assessment and a section is marked as compliant), this will be visible to all Permitted Users at their School for Compliance Tracker.
- Certain products can be purchased by group-purchasing schemes and this means that certain limited data can be shared with other users in your group, unless your school has opted out of this function. This will not include any of your Personal Data, other than, occasionally, your name and role.
- In addition, we hope we will continue to expand. So, eventually, we may have different group companies (we will all be owned by the same company, though). If this happens, we may want to share your information around our group so they can use it for the same internal purposes as we do, as described above (for example, we might want to store our data on one server). It is possible that we could sell our business to a third party, or re-organise our business or become insolvent. In that scenario, our database of customers is one of the biggest parts of that business, so we would need to share it with the buyer and their advisers.
- We will co-operate with all third parties to enforce their intellectual property or other legal rights. We will also co-operate with law-enforcement requests from within or outside your country of residence. This may include disclosing your personal information to government or law-enforcement agencies, or private parties, when we have a good-faith belief that disclosure is required by law, or when we, in our discretion, believe that disclosure is necessary to protect our legal rights, or those of third parties and/or to comply with a judicial proceeding, court order, fraud-reduction or legal process served on us. In such cases, we may raise or waive any legal objection or right available to us.
WHERE DO WE SEND YOUR PERSONAL DATA, WHERE DO WE STORE IT AND FOR HOW LONG?
- The data that we collect from you will be kept here in the UK.
- When we engage data processors, we will ensure they are contractually bound to take all steps reasonably necessary to ensure your data is treated securely, in accordance with applicable data-protection laws, and in accordance with this policy.
- We only store your data for as long we need it. Storing data is expensive. Examples of timeframes that we may use to assess when we will delete your data are when you have been an inactive customer for a period, or when we consider that the risk of any legal claim is negligible. We will also delete your data on your request, though we may hold a list of the ‘opt out’ requests to administer your request.
- Although we have some international clients, the Sites are not expressly targeted at customers outside the UK. If you choose to use the Sites from outside the UK, you do so at your own risk.
BEING SAFE AND HOW WE PROTECT YOUR DATA
- All information you provide to us is stored on our servers, and we have implemented reasonable and appropriate security measures to protect the data including HTTPS and the industry standard for encryption and SSL technology. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur. Please keep your password safe and log out of inactive sessions.
- For safety purposes, we may require users to verify their accounts (because we want to make sure you are not a robot, and are eligible to register for an account with us) and we might ask for your phone number, credit-card number, separate email address or for other ways to verify your identity. We won't use this information for unexpected reasons.
- We also do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, credit-card details or other identifying or sensitive information in any online chat function on the Sites.
- You have the right to ask us not to process your data for marketing purposes at any time, and this can be done anyway as part of the checking of boxes on the forms we use to collect your data. Simply email us asking to opt out at firstname.lastname@example.org.
- You have the right to access information we hold about you. Simply email us at email@example.com and we will tell you how to do this.
- You can correct your data if it is wrong. Email us using the same address as above. You can always withdraw consents you have previously given to us.
- The laws are changing. The current UK law governing data protection is the DPA. Soon, it will become law under the GDPR that you can require erasure of your data in certain additional circumstances, that you can further restrict the reasons we process your data, and that you can ask us to ‘port’ your data to a third party. But we don’t need to wait for these laws to come into force. We have no intention of using your data in a way that makes you unhappy, so if you are unhappy with our use of your data, all you need to do is talk to us by emailing firstname.lastname@example.org and telling us what you want to do and we will do our best to accommodate you. You may also complain to your local supervisory data-protection authority about us depending on where you are located. In the UK, please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this.
Thank you for visiting our website.
Last updated February 2017. © The Key Support Services Limited.