Overnet Data Ltd (we) are committed to protecting your personal data and respecting your privacy.
Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data. This information is provided in this policy and it is important that you read that information.
This policy applies to your use of:
- Edulink One mobile application software (App) available on IOS or Android as made available via an applicable app store (each an App Site), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device);
- Edulink One web version (Site); and
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
You can download a pdf version of the policy here: www.overnetdata.com/legal.
Important information and who we are
Our full details are:
- Full name of legal entity: Overnet Data Ltd
- Email address: firstname.lastname@example.org
- Postal address: Unit 2 Parkhill, Castle Ashby, Northampton. NN7 1LA
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
This version was last updated on 6 November 2018. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next start the App or log onto the Site. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the Services.
Our primary business is “data processing”
You are granted access to Edulink One as a result of our agreement with your Organisation. The Organisation has entered into a contract with us, pursuant to which we have agreed to provide various software solutions (including Edulink One) to the Organisation. The Organisation wishes to use our services in order to allow the Organisation to:
- make data about a student available via the App or Site to the student and their parents/guardians to support the student’s education;
- make data about students available via the App or Site to the Organisation’s staff to help them support students’ education and to work more efficiently;
- make data about students available to the Organisation’s Governing Bodies and/or Multi-Academy Trusts to help them support students’ education; and
- make data relating to the Organisation’s staff available to students and their parents/guardians and other members of staff.
In order to provide such services, the Organisation will provide us with certain information relating to its staff, students and parents / guardians. We are also required to process certain personal data (including personal data belonging to staff, students and parents/guardians), that you or another user uploads, inputs or otherwise shares via Edulink One.
This may include your:
- name, contact details, date of birth, images and/or payment details;
- family details;
- information relating to your lifestyle and social circumstances;
- employment and education details; and/or
- special categories of personal data (or “sensitive” persona data), including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data and/or information about criminal convictions and offences.
In respect of any personal data that you share via Edulink One:
- we process the personal data on behalf of the Organisation and only in accordance with the Organisation’s instructions (as set out in our contract with them);
- the Organisation determines what personal data to store, how it is processed and for what purposes, the applicable legal basis for processing such personal data and when it is deleted;
- we ONLY access the personal data shared via Edulink One and stored by the Organisation in order to carry out the Organisation’s instructions and to maintain or improve the services or to fix faults. We do not use the personal data for any other purposes;
- we don’t share the personal data with any third parties, unless the Organisation instructs us to do so or if we are otherwise required to do so by law; and
- we do not use sub-contractors to process the personal data on our behalf.
We will work with the Organisation, where necessary, in order to support your rights as a data subject.
The data we collect about you (acting as data controller).
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity Data: for example, your first name, last name, username or similar identifier.
- Contact Data: for example, your email address and telephone numbers.
- Device Data: includes data relating to your mobile device, for example, your time zone setting and device lock status.
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Site.
- Usage Data: includes details of your use of any of our Apps including, but not limited to, traffic data and other communication data, and the resources that you access.
Third party data
How is your personal data collected?
We will collect and process the following data about you:
- Information you give us. This includes any Identity Data that you provide when you report a problem with an App or our Services. If you contact us, we will keep a record of that correspondence.
- Information we collect about you and your device. Each time you use one of our Apps or interact with our Site, we will automatically collect personal data including Device, Technical and Usage Data.
- Information provided by third parties. We use a service provided by Google in order to provide push notifications on your Device. As part of this push notification service, we receive aggregated data from Google about the location of users who are receiving the push notifications (e.g. there are a specified number of users in Leeds).
Web browser storage
We use browser web storage (including HTML5) to store data relating to your use of the App or Site locally on your Device or computer (as applicable). This is essential in order for us to provide Services to you. For example, this enables us to remember your username and password, and the Organisation that you are affiliated to, each time that you use the App or Site. This helps us to provide you with a good experience when you use the App or Site. We do not download or otherwise centralise any information that we collect using HTML5, it is only ever stored on your Device or computer (as applicable). We do not share the information with any third parties.
How we use your personal data
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of the Organisation) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Purposes for which we will use your personal data
|Purpose/activity||Type of data||Lawful basis for processing|
|To deliver Services to you and the Organisation (including the provision of push notifications to your Device).||Identity |
|Performance of a contract with you |
Necessary for the Organisation’s legitimate interests (in order to provide their functions and services in a cost-effective, accessible and stream-lined manner)
|To administer and protect our business and this App including troubleshooting, data analysis and system testing||Technical|
|Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)|
|To measure and analyse the effectiveness of our Services |
To monitor trends so we can improve the App
|Necessary for our legitimate interests (to develop our products/Services and grow our business)|
Disclosures of your personal data
We will not share your personal data with third parties, except in the limited circumstances set out below:
- We may share personal data with third parties in limited circumstances where we are required to do so by law.
Subject to the below, we do not transfer your personal data outside the European Economic Area (EEA).
We may be required to transfer personal data out of the EEA, where you or the Organisation are based outside the EEA and where the processing is necessary either for the performance of our contract with you or the performance of our contract with the Organisation concluded in your interests.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
If you are provided with, or choose, a password and/or other log-in details in order to use the App, it is your responsibility to keep such password and/or other log-in details confidential and secure.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
On termination or expiry of our contract with the Organisation, your right to use the App and Site will automatically terminate. We will automatically delete your personal data within 90 days of the date of termination or expiry of our contract with the Organisation, with the exception of any personal data that we are required to keep for legal or regulatory purposes.
Your legal rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer or your personal data.
- Right to withdraw consent.
To find out more about these rights please refer to the ICO’s website at [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/]. In most cases, the Organisation (as defined in clause 3 above) is primarily responsible for making decisions about how your personal data is processed by use (see clause 3 above for further details). So, in most cases, you should contact the Organisation in the first instance if you wish to exercise any of your data rights. If your query relates to data where we are the controller, please also feel free to contact us at email@example.com and we will try to assist.