Focus on Sound Privacy and Data Protection Policy

GDPR

Focus on Sound is fully compliant with the GDPR law for the UK/EU from 25th May 2018

Cookies

Cookies are small text files that contain random alphanumeric codes that our system uses to identify users, etc. Almost all online software and websites use cookies. Focus on Sound cannot function without them.

These are the main types used:

Session cookies - these keep users logged in and keep their place in lessons
Persistent cookies - to keep users logged in and remember student/teacher choices, for instance their choice of font size and whether they have read instruction screens.

Administration systems

Focus on Sound uses three alternative systems for administration and logging on:

  • Google Classroom
  • Microsoft Teams
  • MusicFirst

Google Classroom

All administration is carried out inside the school's Google Classroom system and not inside Focus on Sound's software. Logging on credentials are not stored by Focus on Sound Ltd. They are only used to enable logging on to their software.

Focus on Sound does, however, store the student name, class and test marks/grades so that the teacher(s) may access student test results. Focus on Sound also stores the teacher's names so that they can access the results of their classes.

To enable the results system, Focus on Sound requests the teacher to upload lists of the classes he/she wishes to attach to Focus on Sound.

Focus on Sound will also store work assignments created by the teacher(s).

The school's administrator can remove any student, class or teacher from the Focus on Sound system.

Full list of what we access and save:

School name
School ID
User IDs
First names
Last Names
School domain
Class names
Class IDs
Assignments for FoS

This is just to enable the teachers and students to access the software and for results to be saved and seen by the teachers. Focus on Sound also saves test results. We do not share the information with any third party. Access at Focus on Sound is extremely restricted and uses encrypted passwords.

Microsoft 365 Teams

All administration is carried out inside the school's Microsoft 365 Teams system and not inside Focus on Sound's software. Logging on credentials are not stored by Focus on Sound Ltd. They are only used to enable logging on to their software.

Focus on Sound does, however, store the student name, class and test marks/grades so that the teacher(s) may access student test results. Focus on Sound also stores the teacher's names so that they can access the results of their classes.

To enable the results system, Focus on Sound requests the teacher to upload lists of the classes he/she wishes to attach to Focus on Sound.

Focus on Sound will also store work assignments created by the teacher(s).

The school's administrator can remove any student, class or teacher from the Focus on Sound system.

Full list of what we access and save:

School name
School ID
User IDs
First names
Last Names
School domain
Class names
Class IDs
Assignments for FoS

This is just to enable the teachers and students to access the software and for results to be saved and seen by the teachers. Focus on Sound also saves test results. We do not share the information with any third party. Access at Focus on Sound is extremely restricted and uses encrypted passwords.

Administrator(s) - MusicFirst system only

We keep securely the name and email address of the person or persons allocated by the school as the administrator(s) of the software for the school.

We supply a temporary password and username, which the administrator can then alter. All passwords are encrypted and as soon as the administrator changes it, only the administrator knows what it is.

It is the responsibility of the administrator to ensure no student or any other unauthorised person has access to these logon credentials.

The administrator can add the names, usernames and classes of students to the system. He/she can also add teacher details: names, usernames, email addresses and encrypted passwords.

The administrator can also attach teachers to classes so that the teacher can see a list of students in that class, with names and usernames. Passwords are hidden.

The administrator can also in certain circumstances ask Focus on Sound to undertake some of these tasks, in which case the operation will be carried out by a member of Focus on Sound staff trained in data protection.

Data held about administrators: first and last names, username, school email address, encrypted secret password, classes taught (if relevant).

Teachers - MusicFirst system only

Teachers have access to the names and usernames of the students in the classes to which they have been attached by the administrator. They can change their own details and those of the students in those classes. They do not have access to any secret student passwords but may change them, for instance if a student has forgotten theirs.

Data held about teachers: first and last names, username, school email address, encrypted secret password, classes taught.

Students - MusicFirst system only

Each student has access to his/her name and username. The password is hidden but may be changed by the student if he/she knows the original. Students have no access to anybody else's details unless they become aware of another person's username and password. It is the administrator's responsibility to ensure these are kept secret from students.

Data held about students: first and last names, username, class, encrypted secret password. Usernames can be supplied by the school or auto-generated by Focus on Sound. Schools can use pseudonyms if they want. In addition the Focus on Sound system stores the student test marks/grades.

Deletion - MusicFirst system only

The administrator can immediately delete any student, teacher or groups of students from the list, or delete all students and all teachers. This will permanently delete all those people from our database. On request by the school a member of Focus on Sound staff trained in GDPR can carry out the task for the school.

The administrator may in an emergency ask Focus on Sound to suspend the software. This will be done by changing the access URL (web address) to a new secret version. This will have the effect of stopping any user making use of the software.

Schools that stop using the software will have all data deleted one year after the end of the subscription - or earlier if requested by the school.

Sharing - All administration systems

Focus on Sound does not share data with third parties.

Servers - All administration systems

Focus on Sound uses the following servers:

  • Application Web Servers. These store the Focus on Sound application code and are located in the UK. No user data is stored on these servers.
  • Database Servers. These store the data that powers the FoS application, including user data (results, lessons, etc...). They are located in the UK.
  • CloudFront servers. Most media is now stored on multiple servers around the world in a CDN (Content Delivery Network). This is to enable rapid delivery of the media from as near to the customer as possible. No user data is stored on these servers.

Contacts - All administration systems

Focus on Sound will keep securely names, addresses and email addresses of teachers who ask for trial versions or otherwise ask for more information. This information will be used in the following ways:

  • To tell trial users their logon credentials and to remind them.
  • To send further details including prices
  • To warn users of the ending of trials

Administrators will also be contacted from time to time with newsletters and information about the expiry of their subscription.

All contacts will have the right to have their details deleted from the database.

Privacy impact assessment - All administration systems

Focus on Sound has a number of strategies in place to secure data, with strict limits on the number of people who have access. Only the school administrators have access to the full data, i.e. the list of students the administrator has assigned to Focus on Sound. Class teachers only have access to data for individual classes to which they have been assigned. The manager of Focus on Sound is the only Focus on Sound employee to have access to the data. All data is protected by secret usernames and passwords. Passwords are hidden and encrypted.

In the extremely unlikely event of data being stolen, the impact will be limited to student names, usernames and classes. No student email addresses, phone numbers, gender information, age, date of birth or address are stored.

The only other data stored consists of the teacher's names, school email addresses and school address.

Data breach - All administration systems

If we become aware of a data breach we will immediately inform the school(s) affected

GDPR training - All administration systems

The managing director of Focus on Sound, Simon Foxall is the Data Protection Officer for Focus on Sound in the UK. He has been trained in GDPR and has attended the relevant course. The contact information is info@focusonsound.com

Data Subject Rights - All administration systems

Data subjects have the following rights regarding the use of their data in Focus on Sound

  • The right to be informed - all users have the right to be informed about how their data is used
  • The right of access - users have the right to access the data held about them
  • The right to rectification - users have the right to insist on the correction of any personal information held about them, such as name and school class.
  • The right to erasure - users have the right to have their details deleted.
  • The right to restrict or object to processing - users have the right to restrict or object to the processing of the data

Purposes of data collection - All administration systems

Data is held for two reasons:

  1. To enable teachers, administrators and students to access the software. All require username and password for access
  2. To store test marks so that students and teachers can see results

Legal Basis - All administration systems

The school administrators have to tick a box accepting the data protection procedures and their responsibility for data protection within the school. This has to be done before the administrator first uses the software.