What data we store
- The email address of the account holder/teacher (this is the controller/admin of your account). All correspondence will be made via this person’s address. This can be changed (i.e. if there is a change of teaching staff personnel). In doing so a verification process will take place. This email address (belonging to the teacher) is not shared with third parties or made public.
- The student name for each submission. Please note, a successful submission does in no way require an accurate or full name of a student. Nicknames, initials, pseudonyms or other text identifiers can be used. This data is entered by the user/student and may be inaccurate. No names are entered by teaching staff. The data base (tracking/results) is incrementally generated as and when students submit their work/scores.
- Students only enter/submit a typed identifier (name). No other details are submitted. TeachingGadget does not take responsibility for any other information submitted. All students access the website/material using the same generic/school username and password. This means that students don’t have their own unique login details and therefore don’t need to input any contact details/email address.
TeachingGadget's role as Data Processor:
Note: We define Customer, to mean the school, or peripatetic teacher.
In respect of personal data, schools/peripatetic teachers acknowledge that:
- TeachingGadget acts as a Processor
- The Customer acts as the Controller.
TeachingGadget only creates accounts upon the explicit instruction of the Customer and with their consent. The Customer can also amend and modify their account themselves. Assessment data is generated by students using the platform, where by teacher-initiated assignments or during independently instigated practices. Such data is only generated for the purposes of informing the Customer of the student’s progress. Students only need to use an identifiable entry on submission of work. In most cases this will be a full name, however; initials, nicknames or pseudonyms can also qualify as a valid identifiable entry. Students are not obligated to submit anything when accessing the material i.e. their name (and or any other identifier). All material found on TeachingGadget can be accessed and used without student (or other customer/teacher) data entry.
Where TeachingGadget receives an instruction from the school/peripatetic teacher that, in its reasonable opinion, infringes the GDPR, TeachingGadget will inform them.
Use of Data by Third Parties:
- No user data stored within our databases is passed on to any third parties.
- Only the Controller (teacher, peripatetic tutor) can access and view the data and edit the school’s account. Students can not see, download or edit any data.
Your right to delete stored data and account deletion:
- Student submissions can be edited, downloaded and deleted by teachers at their respective school.
Only name entry (see above for identifiable options), and classcodes assigned can be edited (by the teacher) post to student submission. Example: If a student misspells their name or submits work to the incorrect teaching group the teacher/controller can edit and amend where appropriate. Time stamp and mark/score can not be edited within TeachingGadget. This can be edited after downloading in CSV/Spreadsheet software if needed. Any edits/amendments of data can not be re-uploaded to the account. Any download of data is stored at the customer’s care and discretion. Once downloaded TeachingGadget can not take any responsibility of any data which may have initially been generated using the website.
Multiple sets of data/student’s submissions can be deleted simultaneously.
Once deleted (by the controller/teacher) data cannot be retrieved. All deleted data is permanently removed from TeachingGadget’s database.
Deleting of an account can be implemented by contacting our admin/technical team. This will only be validated by using the controller’s email address found on the school’s/peripatetic teachers account.
Your school/peripatetic login password can be changed at anytime by the controller (account holder/teacher). Doing so will instantly log out all students active on your account and deny access beyond this point to students trying to login.
How your data is protected
- TeachingGadget uses the wordpress engin is hosted using IONOS (1&1) a reputable hosting provider used by many EdTech companies/organisations.
- In the unlikely event of any data breach, the nature of the breach, in addition to the resulting action to remedy such a breach, will be clearly communicated to all controllers/customers.
- The server has an SSL certificate (the 'padlock' symbol that appears in your address bar on your browser), meaning that data is transmitted securely.
- TeachingGadget will provide assistance to the best of its capacity should there be an issue surrounding data.
- TeachingGadget is the only Data Protection Officer for the website.
Disaster Recovery Plan
In compliance with EU legislation:
- "(a) the pseudonymisation and encryption of personal data;"
As per "What data we store", the only personal data stored is email address and name, along with assessment data purely based on usage of the platform. Passwords are encrypted and cannot be unencrypted.
- (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Any code which accesses the database ensures appropriate permissions to view/modify/delete the data, as per "Who can access what data". The server is managed at a secure data centre by IONOS.
- (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
Backups are made daily by the server administrator, which can be restored as necessary.
- (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
I review code as per (b) to ensure access to data is appropriate restricted as described. With regards to the effectiveness of the server, this is as per the host provider's IONOS’ own GDPR compliance.
ICO number and Data Protection Complaints
TeachingGadget’s ICO (Information Commission Office) number is: ZB258996
If you have further questions about safeguarding or data protection
Please contact: info@TeachingGadget.com for any further queries.
All rights reserved - Teaching Gadget 2022