Privacy Policy

Cymraeg

Darllen Co. Privacy Policy

 

Our compliance

Darllen Co. respects and understands the importance of your privacy. We are committed to affording complete protection to the personal information of our clients (schools) who use our platform and services, the learners whose information we collect, and the visitors to our website. Darllen Co. has standardised policies and procedures to manage and protect the data that we process on behalf of our clients. We have significant experience in the education sector, specifically working with primary schools. Our policies are driven by our inherent knowledge of schools and our existing data protection compliance through our ICO registration. We ensure total transparency in all our dealings.

 

What information is collected?
  1. Personal information collected on our website

No personal Information is collected about a visitor to the website, apart from the personal information submitted by the visitor himself/herself in a ‘contact us’ form. We shall use such Personal Information for the purpose you share it with us. However, at times, certain information may be collected from you when you visit the website. Such information is aggregated to measure the number of visits, average time spent on the website, pages viewed etc. This gives us an idea of which parts of our website users are visiting, in order that we may improve the content to offer you better services. We do not link IP addresses to anything personally identifiable. This means that a user’s session will be tracked, but the user will be anonymous. This Policy applies to the Personal Data that we collect from you when you submit information to us via the Website or during the registration process. This policy does not apply to the information that the System stores or holds about any school staff or pupils which is stored in accordance with our terms and conditions and Data Protection Agreement.

 

  1.  Information we may collect about you

When you use the Website, submit a ‘contact form’ or when you otherwise deal with us, we may collect the following information about you

  • personal information including first and last name;
  • contact information including primary email address and/or primary phone number;
  • job role and school details (school name/number of learners/school area)
  • technical information including IP address, operating system, browser type and related information regarding the device you used to visit the Website, the length of your visit and your interactions with the Website; and
  • We may monitor communications with you (such as telephone conversations and emails) for the purposes of provision of services

 

  1. Data controllers and Data processors

The new laws require both Data controllers (such as Schools) and Data processors (such as Darllen Co.) to update their processes and technology to meet the specified requirements. Schools are the data controllers for staff and pupil related data. The data controller is the person or organisation who determines what data is extracted, what purpose it is used for and who is allowed to process the data. Darllen Co. is the data processor of the data made available in our software product purchased by the school/s. This is data we are trusted with but do not control. We collected the minimum data needed to fulfil the school’s educational needs.

 

  1. Processing and protecting personal data

Our platform and client data are stored on approved and compliant cloud infrastructure. Our servers are hosted by IONOS in UK data centres to ensure client data is retained within the European Economic Area (EEA). We use multiple protective layers within the platform to protect our services, including encryption and firewalling to ensure the highest standards of safety and security – confirmed in the UK by ISO 27001 certification.

We routinely carry out vulnerability and penetration testing on our platforms and promptly address any issues identified. All transfers of client data use the SSH protocol whilst being transmitted over public and private networks. All data is encrypted with AES256 block-based encryption and SHA-2 hashing algorithms. We do not share, sell, or lease ANY kind of information collected by us to any third parties for any kind of use. Where it is necessary to access client data, for example to investigate a support case, only approved Darllen Co. staff (in this case the DPO) can access it. Darllen Co. staff are vetted and are subject to contractual data access policies and confidentiality clauses. We carry out DBS checking on all staff.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

 

  1. Correcting errors in user data

Staff and pupil data is obtained from The Data controller (the school). School account administrators can correct user data generated within our platform. If you would like to contact us directly, support and assistance is also available from our DPO at [email protected] We aim to reply as promptly as we can and, in any case, will always reply within the legal maximum of 40 days.

 

  1. Subject Access Requests and/or Right to be Forgotten

Where Subject Access Requests and/or Right to be Forgotten are applicable to client data in a Darllen Co. product we provide, or will provide, means for authorised client users to carry out activities directly. For assistance, please contact [email protected]  If your school would like further information on GDPR compliance in Darllen Co. then please contact our DPO at [email protected]

 

  1. Darllen Co. emails

We do contact organisations or executives as a part of our marketing campaigns. We do so, as we believe we have legitimate interest to promote our products and services and it also benefits our prospects. We do not do any mass mailing and carefully reach out to selected professional with a personalised approach. The emails we send you as part of our marketing campaigns allow us to know if you have received or opened the email or clicked a link within the email. If you do not want us to collect this information from marketing emails, you can opt out of receiving such emails by clicking on the unsubscribe button in the emails.

 

  1. Buttons or tools on our websites related to other companies and social media pages

Our websites may include buttons or tools that link to other companies’ services (for example, a Facebook or Google button). We may collect information about your use of these features. In addition, when you see or interact with these buttons, tools, or content, or view a Darllen Co. web page containing them, some information from your browser may automatically be sent to the other company. Please read that company’s privacy policy for more information, as these sites may have their own privacy statements in place, which we recommend you review if you visit any linked Web sites. We are not responsible for the content of linked sites or any use of the sites or for the privacy practices of those other Web sites.

 

Right to complain to the ICO

You can contact the ICO if you have any concerns about how Darllen Co. has handled your personal data and you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO via their helpline on 0303 123 1113. You can find out more information about your rights as a data subjects, their regulatory powers and actions they can take on their website https://ico.org.uk/

 

Notification of changes

If we decide to change our privacy policy, we will post those changes on this page so our users are always aware of the information we collect and how we use it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Where links are provided to other websites it should be noted that they are not and cannot be governed by our Privacy Statement. We cannot guarantee your privacy when you access other websites through any link provided on this website.