Policies

Quick links:
Privacy
Cookies
Membership terms and conditions
Events terms and conditions

SSAT Privacy Notice effective 23rd March 2018

Your personal data

“Personal data” means any information relating to an identifiable living person who can be directly or indirectly identified through that information. SSAT processes personal data in accordance with the Data Protection Act and the General Data Protection Regulation 2016/679 (the “GDPR”).

Who are we?

SSAT (The Schools Network) Ltd. is the data controller, and for any queries in relation to the handling of personal data may be contacted via email at dataprotection@ssatuk.co.uk , or by post to Data Protection, SSAT, 5th Floor Central House, 142 Central Street, London EC1V 8AR.

Legal basis of processing

The data processing described in this notice is on the basis of GDPR Article 6(1)(f), the legitimate interests of SSAT as Data Controller to:

  • provide services to customers
  • evaluate service delivery
  • market to potential customers
  • maintain network and information security
  • meet our legal obligations

 

Your rights

You have the following legal rights in respect of how SSAT processes your personal data:

To access the data about you that SSAT holds ICO Guidance Contact SSAT using the details in the section “Who are we” above
To correct the details we hold ICO Guidance
To have data erased in certain circumstances ICO Guidance
To restrict the use SSAT makes of your data in certain circumstances ICO Guidance
The right to object to processing, including the right to object to marketing. ICO Guidance
To data portability in certain circumstances ICO Guidance
The right to complain to the supervisory authority (Information Commissioner’s Office) ICO Guidance Contact the Information Commissioner’s Office on 030 123 1113

 

When do we collect your personal data?

SSAT collects personal data in the following ways*:

  • Directly from individuals who contact us via telephone, email, social media, post, web site forms, or in person
  • Automatically, in the form of IP addresses, web browser details and web usage history, whenever you access any of our online services
  • When a school or other employer purchases a membership or other service and provides your contact details to us**
  • When you attend a group training purchased by your employer or other organisation and the data is collected for us by a delivery partner
  • When you or your employer purchase a service from another organisation (such as a teaching school) that provides services which have been franchised from SSAT, and who provide your data back to us**
  • From public sources such as school websites**

* SSAT also collects and processes personal data from individuals who are employed by SSAT, or who are contracted by SSAT to carry out specific services; separate privacy notices are provided to those individuals detailing the context-specific processing of personal data.

** In such cases we will contact you to inform you what data we have received and from what source.

What do we use your data for?

To record whether you (either directly or via your organisation) have an SSAT membership or have purchased other services.

To enable access to relevant paid-for resources and member benefits, some of which are provided electronically via email and/or online.

To record accreditations and engagement with our various products, services and networks.

To support targeted marketing of services that we believe will be of interest to you based on the data we hold. All electronic marketing communications contain instructions on how to opt out of further marketing.

To customise the content of web pages on our site to reflect topics we think will be of most interest to you based on the data we hold.

Some of our CPD programmes require further use of your data, you will be provided with further relevant information at the point of becoming a participant.

How do we protect your data?

SSAT takes all reasonable precautions and follows industry best practices to protect your personal information.  SSAT are certified to the UK Government CyberEssentials standard.

Data exchanged with our website and third-party providers is encrypted using transport layer security (TLS).

Service providers for our applications are all subject to security and data protection assessment.

SSAT assesses the minimum period to store personal data taking into account relevant laws and has processes to ensure data is securely deleted or anonymised when there is no longer a reason to keep it for the purposes for which it was gathered.

Sharing your data

Network Members

SSAT shares contact details of network members within school and special interest networks to facilitate the sharing of good practice amongst the members, and to support school-to-school introductions.

Delivery Partners

SSAT delivers some services using external partners and consultants. If you are attending an event or training delivered by a partner SSAT will provide them with attendee lists.

Some services delivered by SSAT involve third-party venues or other services such as transportation or accommodation. Where SSAT is contractually required to supply delegate lists to these partners then we will do so.

Third Party Services

SSAT uses the following third-party services that may contain your personal data:

Supplier / Service Details Location Supplier Security and Privacy Information
Microsoft Office365 Email, document management, collaboration tools, CRM Europe Trust and Privacy information
Microsoft Azure Cloud platforms Europe Security Information
Amazon Web Services Web content storage Europe Privacy

Security

Web content caching Worldwide
Thunderhead Web activity tracking Europe Security and Data Protection
MailChimp Email marketing USA Privacy plus SSAT’s agreement with MailChimp contains GDPR compliance clauses
Google Analytics Web activity tracking Worldwide Data Privacy and Security
KnowledgeHub Forums and collaboration UK Privacy
L-Soft Hosted email discussion lists Worldwide Privacy Policy
Typeform Web forms USA and Europe Privacy / GDPR
Xero Accounting software USA Security / Privacy
ApprovalMax Purchase management USA Privacy
SendGrid Transactional email (e.g. password resets) USA Privacy / Security

 

Other data sharing

Some programmes require us to share participant data, for example with funding bodies such as Department for Education. In such cases participants will be informed of this further sharing at or before the point of sign-up.

Cookies and usage tracking

A cookie is a small file, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device. Find out more about cookies.

SSAT may use cookies and similar technical means for collecting information about your use of our websites, for system administration and otherwise to tailor the websites for your requirements. No personal data is obtained from this software. You can disable cookies by modifying your browser settings, although this may affect your ability to access our sites.

We use cookies in the following ways:

1) The software that runs our websites uses cookies to allow the full operation of the website software and of our technical monitoring used to assure site performance

2) We use Google Analytics to allow us to see which pages and posts are most popular. Google state: “Like many services, Google Analytics uses first-party cookies to track visitor interactions. These cookies are used to store information, such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to the web page. Browsers do not share first-party cookies across domains.”

3) We use Thunderhead One Engagement Hub to help personalise content on the website based on the activities you have carried out with us in the past

We also log the IP address of all visitors to our sites.

Changes to this privacy policy

We reserve the right to modify this privacy notice at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.


Marketing opt-out

If you prefer not to receive marketing material from SSAT or receive information from our sponsor partners, please inform us of your name, organisation, address and whether you prefer not to receive this material by email, post or telephone, by sending an email to: dataprotection@ssatuk.co.uk


Membership terms and conditions

Full information on how any personal data that you supply as part of your SSAT (The Schools Network) membership can be found here.


Terms and conditions of event bookings

Cancellations made more than 8 weeks before the event incur a 50% cancellation charge. Cancellations made less than 8 weeks before the event incur 100% of the event charge. All cancellations must be made in writing. Replacement delegates may be nominated in writing at any time prior to the start of the event. If, for any reason, SSAT needs to cancel the event, delegates will be notified in writing and events fees will be fully refunded.

N.B. Terms and conditions are applicable at time of publishing and may be subject to change. Upon completion and submission of an event booking form, either online, by fax, email or post, SSAT will reserve a place for the named delegate(s). For events where a fee is payable, the named delegate(s) agrees to ensure payment will be made in full to SSAT as per the invoice payment terms. Non-payment in advance of the event date may result in the delegate not being able to attend the event. When placing a booking with SSAT you will always be asked to indicate your acceptance of these terms and conditions when making your booking. If you do not do so, your booking can not be accepted.