data protection, hosting and security
SchoolPost is usually provided as a securely hosted 'in the cloud' application, although there is also an option to host the database in-house if preferred. In either case we take the security of your data very seriously.
Customer data and privacy
All data (for example including but not limited to contact data, SchoolPost messages and publications) remains the property of the customer. Data is not shared with or passed to any third party without express permission. Employee access to any sensitive or confidential data is strictly limited to only that which is necessary in the execution of duties e.g. technical support, and all staff with any access to contact data are DBS checked. All customer data is returned and/or deleted on request or on termination of a contract.
General Data Protection Regulation (GDPR)
We enter into a formal Data Processing Agreement with all schools which sets out out how we will only process data on your instructions, and in compliance with the GDPR. The schedules to the agreement also set out the types and categories of data we process, the nature and purpose of the processing, details of sub-contractors, and the security measures that we have in place. In summary, we will comply with all obligations imposed on us as a Data Processor and will:
only process personal data on instructions from the controller, and only for the purposes of providing SchoolPost services;
not share personal data with any third parties without prior written consent;
ensure that personnel authorised to process personal data are committed to confidentiality;
ensure appropriate security measures are in place;
assist the controller in complying with data subject rights and fulfilling any breach notification obligations;
delete or return all personal data after the end of the processing (on termination of a contract or otherwise on request);
not transfer personal data outside the EEA without prior written consent (in fact all our hosting is UK based).
Please contact us if you require any further information.