This policy, together with our terms and conditions of use (and any other agreement between you and us) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by REACH Boarding.
For the purpose of the General Data Protection Regulation (the “GDPR”), the data processor and/or controller of your data is REACH Boarding Europe Limited, 32 Thorpe Wood, Thorpe Wood Business Park, Peterborough PE3 6SR
Our appointed Data Protection Officer (the ‘DPO’) can be contacted on all data protection related matters on GDPR@reachboarding.co.uk
Information we may choose to collect about you
We may collect and process the following data about you:
- Information and personal data that you provide to us, and that you may give us by filling in forms on our Website or providing it to us via other methods such as (but not limited to) email. This includes information you provide at the time of registration, subscription to our services or at any subsequent point. The information you give us may include, without limitation, your name, address, place or work, e-mail address and phone number, personal description and any images including photographs;
- If you contact us, we may keep a record of that correspondence;
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- Information we collect about you. With regard to each of your visits to the Website we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); pages views or searches; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, providers of payment services, analytics providers, search information providers) and may receive information about you from them.
We will hold the above information for as long as is necessary in order to provide you with the REACH Boarding services, deal with any specific issues that you may raise or otherwise as is required by law or any relevant regulatory body.
Information we may collect about others
We may collect and process the data about others that you provide us with, including (but not limited to):
- information that you provide by filling in forms on our Website or provide us by email or taken directly from the school MIS system via our exporter utility installed by the school network manager;
You represent and warrant to us that you have obtained the express consent from the individuals whose data you provide us with.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical information about our users’ browsing actions and patterns, and does not identify any individual.
Where we store your personal information
Except as set out in this section, the personal data that we collect from you is stored in the UK and shall not be transferred or stored at a destination outside of the European Economic Area (“EEA”).
Notwithstanding the preceding sentence, certain marketing data (for example, email addresses that form part of our prospective marketing database) may be transferred to and stored at a destination outside of the EEA and may also be processed by staff operating outside of the EEA. Any transfer and storage of data for these purposes will be assessed for GDPR compliance and any staff that process the data will also be assessed for GDPR compliance. Where the assessment shows practices that might put data subjects personal data at risk, an appropriate risk impact assessment will be done and remedial action will be taken to negate the risk. By submitting your personal data, you agree to this transfer, storing and processing.
Your passwords are stored on REACH Boarding servers in encrypted form. We do not disclose your account details, postal or email addresses to anyone except when legally required to do so.
Sensitive information between your browser and our website(s) is transferred in encrypted form using Secure Socket Layer (“SSL”). When transmitting sensitive information, you should always make sure that your browser can validate the REACH Boarding security certificate.
How we use your information
We use information held about you (and information about others that you have provided us with) in the following ways:
- to provide you with our REACH Boarding platform and related services;
- to provide you with technical support of our REACH Boarding platform and services, this may include authorised staff of our partners or subsidiary companies including those located outside of the EEA.
- to ensure you receive information relevant to you;
- to allow you to participate in interactive features of our service, when you choose to do so;
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- for marketing, provided always that we:
1) only use aggregated and anonymised data; or
- to contact students, parents and teachers, but only where you have given us permission to do so;
- to ensure the content on our Website is presented in the most effective manner for you and your computer or mobile device;
- as part of our efforts to keep our Website safe and secure;
- to provide research or data statistics, provided that always we only use aggregated and anonymised data; and
- to notify you about changes to our service.
We will not:
- sell or pass on (transmit) your data (or any other data you provide us with) to third-parties at all;
- use the information held about you (and information about others) to provide you with advertising or other services that you have not requested; or
- sell your data upon the winding up of REACH Boarding.
Disclosure of your information
We may disclose your personal information to any partner of REACH Boarding and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets;
- if REACH Boarding or substantially all of its assets are acquired by a third party; or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of REACH Boarding, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
You have the right to ask us not to process your personal data by contacting us at GDPR@reachboarding.co.uk. However, if you make such a request we will be forced to close your account and you will not be able to use our services.
Our Website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The General Data Protection Regulation also gives you the right to access any personal information held about you by submitting a request in accordance with the guidelines set out by the regulation. Any access request may be subject to a fee if there are deemed unreasonable costs associated with meeting the request in the way requested by the data subject.
All such requests should be sent to GDPR@reachboarding.co.uk.
Personal Data Retention
At the election of the relevant entity to archive the information in a structured, retrievable manner or, in the alternative, to destroy the personal data.
For the deletion of data the intention is for the cloud provider to securely delete the data, to use overwrite software or other comparable methods of deletion.
In addition, in compliance with the General Data Protection Regulation REACH Boarding will ensure that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal Data Destruction
REACH Boarding will ensure, at the election of the relevant entity, for personal data to be destroyed within 90 business days and that other data shall not be kept for longer than is necessary for that purpose or those purposes.
Information Security: How We Protect Your Privacy
REACH Boarding Europe Limited is committed to protecting the privacy and confidentiality of your personal information. We limit access to your personal information to authorised employees or agents. REACH Boarding Europe Limited also maintains physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorised access or disclosure.
Some of the other central features of our information security program may extend to:
- A dedicated group that designs, implements and provides oversight to our information security program;
- The use of specialised technology such as firewalls;
- Testing of the security and operability of products and services before they are introduced to the internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
- Internal and external reviews of our internet sites and services;
- Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
- Implementing controls to identify, authenticate and authorise access to various systems or sites;
- Protecting information during transmission through various means including, where appropriate, encryption; and
- Providing REACH Boarding Europe Limited personnel with relevant Data Protection training and continually updating our security practices in light of new risks and developments in technology.
Changes to this policy