• 01392 690500 (sales only)

Focus on Sound Privacy and Data Protection Policy

GDPR

Focus on Sound is fully compliant with the GDPR law for the UK/EU from 25th May 2018

Administrator(s)

We keep securely the name and email address of the person or persons allocated by the school as the administrator(s) of the software for the school.

We supply a temporary password and username, which the administrator can then alter. All passwords are encrypted and as soon as the administrator changes it, only the administrator knows what it is.

It is the responsibility of the administrator to ensure no student or any other unauthorised person has access to these logon credentials.

The administrator can add the names, usernames and classes of students to the system. He/she can also add teacher details: names, usernames, email addresses and encrypted passwords.

The administrator can also attach teachers to classes so that the teacher can see a list of students in that class, with names and usernames. Passwords are hidden.

The administrator can also in certain circumstances ask Focus on Sound to undertake some of these tasks, in which case the operation will be carried out by a member of Focus on Sound staff trained in data protection.

Data held about administrators: first and last names, username, school email address, encrypted secret password, classes taught (if relevant).

Teachers

Teachers have access to the names and usernames of the students in the classes to which they have been attached by the administrator. They can change their own details and those of the students in those classes. They do not have access to any secret student passwords but may change them, for instance if a student has forgotten theirs.

Data held about teachers: first and last names, username, school email address, encrypted secret password, classes taught.

Students

Each student has access to his/her name and username. The password is hidden but may be changed by the student if he/she knows the original. Students have no access to anybody else's details unless they become aware of another person's username and password. It is the administrator's responsibility to ensure these are kept secret from students.

Data held about students: first and last names, username, class, encrypted secret password. Usernames can be supplied by the school or auto-generated by Focus on Sound. Schools can use pseudonyms if they want. In addition the Focus on Sound system stores the student test marks/grades.

Deletion

The administrator can immediately delete any student, teacher or groups of students from the list, or delete all students and all teachers. This will permanently delete all those people from our database. On request by the school a member of Focus on Sound staff trained in GDPR can carry out the task for the school.

The administrator may in an emergency ask Focus on Sound to suspend the software. This will be done by changing the access URL (web address) to a new secret version. This will have the effect of stopping any user making use of the software.

Schools that stop using the software will have all data deleted one year after the end of the subscription - or earlier if requested by the school.

Servers

Focus on Sound uses the following servers:

  • Server 1 (and global variants) stores user details as described above. UK users have a UK based server. US data is stored in the US. No UK user data is transferred outside the UK. No US user data is transferred outside the US.
  • Server 2 in the UK stores the Focus on Sound software, media and UK test results. No UK user data is transferred outside the UK.
  • CloudFront servers. Most media is now stored on multiple servers around the world in a CDN (Content Delivery Network). This is to enable rapid delivery of the media from as near to the customer as possible. No user data is stored on these servers.

Contacts

Focus on Sound will keep securely names, addresses and email addresses of teachers who ask for trial versions or otherwise ask for more information. This information will be used in the following ways:

  • To tell trial users their logon credentials and to remind them.
  • To send further details including prices
  • To warn users of the ending of trials

Administrators will also be contacted from time to time with newsletters and information about the expiry of their subscription.

All contacts will have the right to have their details deleted from the database.

Privacy impact assessment

Focus on Sound has a number of strategies in place to secure data, with strict limits on the number of people who have access. Only the school administrators have access to the full data, i.e. the list of students the administrator has assigned to Focus on Sound. Class teachers only have access to data for individual classes to which they have been assigned. The manager of Focus on Sound is the only Focus on Sound employee to have access to the data. All data is protected by secret usernames and passwords. Passwords are hidden and encrypted.

In the extremely unlikely event of data being stolen, the impact will be limited to student names, usernames and classes. No student email addresses, phone numbers, gender information, age, date of birth or address are stored.

The only other data stored consists of the teacher's names, school email addresses and school address.

Data breach

If we become aware of a data breach we will immediately inform the school(s) affected

GDPR training

The managing director of Focus on Sound, Simon Foxall is the Data Protection Officer for Focus on Sound in the UK. He has been trained in GDPR and has attended the relevant course. The contact information is info@focusonsound.com

Data Subject Rights

Data subjects have the following rights regarding the use of their data in Focus on Sound

  • The right to be informed - all users have the right to be informed about how their data is used
  • The right of access - users have the right to access the data held about them
  • The right to rectification - users have the right to insist on the correction of any personal information held about them, such as name and school class.
  • The right to erasure - users have the right to have their details deleted.
  • The right to restrict or object to processing - users have the right to restrict or object to the processing of the data

Purposes of data collection

Data is held for two reasons:

  1. To enable teachers, administrators and students to access the software. All require username and password for access
  2. To store test marks so that students and teachers can see results

Legal Basis

The school administrators have to tick a box accepting the data protection procedures and their responsibility for data protection within the school. This has to be done before the administrator first uses the software.