Darllen Co. respects and understands the importance of your privacy. We are committed to affording complete protection to the personal information of our clients (schools) who use our platform and services, the learners whose information we collect, and the visitors to our website. Darllen Co. has standardised policies and procedures to manage and protect the data that we process on behalf of our clients. We have significant experience in the education sector, specifically working with primary schools. Our policies are driven by our inherent knowledge of schools and our existing data protection compliance through our ICO registration. We ensure total transparency in all our dealings.
No personal Information is collected about a visitor to the website, apart from the personal information submitted by the visitor himself/herself in a ‘contact us’ form. We shall use such Personal Information for the purpose you share it with us. However, at times, certain information may be collected from you when you visit the website. Such information is aggregated to measure the number of visits, average time spent on the website, pages viewed etc. This gives us an idea of which parts of our website users are visiting, in order that we may improve the content to offer you better services. We do not link IP addresses to anything personally identifiable. This means that a user’s session will be tracked, but the user will be anonymous. This Policy applies to the Personal Data that we collect from you when you submit information to us via the Website or during the registration process. This policy does not apply to the information that the System stores or holds about any school staff or pupils which is stored in accordance with our terms and conditions and Data Protection Agreement.
When you use the Website, submit a ‘contact form’ or when you otherwise deal with us, we may collect the following information about you
The new laws require both Data controllers (such as Schools) and Data processors (such as Darllen Co.) to update their processes and technology to meet the specified requirements. Schools are the data controllers for staff and pupil related data. The data controller is the person or organisation who determines what data is extracted, what purpose it is used for and who is allowed to process the data. Darllen Co. is the data processor of the data made available in our software product purchased by the school/s. This is data we are trusted with but do not control. We collected the minimum data needed to fulfil the school’s educational needs.
Our platform and client data are stored on approved and compliant cloud infrastructure. Our servers are hosted by IONOS in UK data centres to ensure client data is retained within the European Economic Area (EEA). We use multiple protective layers within the platform to protect our services, including encryption and firewalling to ensure the highest standards of safety and security – confirmed in the UK by ISO 27001 certification.
We routinely carry out vulnerability and penetration testing on our platforms and promptly address any issues identified. All transfers of client data use the SSH protocol whilst being transmitted over public and private networks. All data is encrypted with AES256 block-based encryption and SHA-2 hashing algorithms. We do not share, sell, or lease ANY kind of information collected by us to any third parties for any kind of use. Where it is necessary to access client data, for example to investigate a support case, only approved Darllen Co. staff (in this case the DPO) can access it. Darllen Co. staff are vetted and are subject to contractual data access policies and confidentiality clauses. We carry out DBS checking on all staff.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
Staff and pupil data is obtained from The Data controller (the school). School account administrators can correct user data generated within our platform. If you would like to contact us directly, support and assistance is also available from our DPO at email@example.com We aim to reply as promptly as we can and, in any case, will always reply within the legal maximum of 40 days.
Where Subject Access Requests and/or Right to be Forgotten are applicable to client data in a Darllen Co. product we provide, or will provide, means for authorised client users to carry out activities directly. For assistance, please contact firstname.lastname@example.org If your school would like further information on GDPR compliance in Darllen Co. then please contact our DPO at email@example.com
We do contact organisations or executives as a part of our marketing campaigns. We do so, as we believe we have legitimate interest to promote our products and services and it also benefits our prospects. We do not do any mass mailing and carefully reach out to selected professional with a personalised approach. The emails we send you as part of our marketing campaigns allow us to know if you have received or opened the email or clicked a link within the email. If you do not want us to collect this information from marketing emails, you can opt out of receiving such emails by clicking on the unsubscribe button in the emails.
Right to complain to the ICO
You can contact the ICO if you have any concerns about how Darllen Co. has handled your personal data and you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO via their helpline on 0303 123 1113. You can find out more information about your rights as a data subjects, their regulatory powers and actions they can take on their website https://ico.org.uk/
Notification of changes
Where links are provided to other websites it should be noted that they are not and cannot be governed by our Privacy Statement. We cannot guarantee your privacy when you access other websites through any link provided on this website.