Open Menu

© 2018 Capita Business Services Ltd. All rights reserved.

Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.

GDPR Statement for SIMS-Partners.com

This document is intended to meet the requirements of ICO for GDPR DPIA Summary, namely to identify:

  • A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller.
  • An assessment of the necessity and proportionality of the processing in relation to the purpose.
  • An assessment of the risks to individuals.
  • The measures in place to address risk, including security and to demonstrate that you comply.
  • A DPIA can address more than one project.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

DPIA Summary

Product

www.sims-partners.com

Purpose                  

This is a public information portal which contains information about our products and services.  The only personal data that will be stored is within a contact form which allows members of the public to ask us about our products and services. The intent is to capture only the information required to service the enquiry and ideally should be work contact details rather than personal contact details i.e. data that is semi-public information.

Security

The Portal is a standard Druval implementation protected by it's standard security mechanisms.  It is not intended to hold / manage personal data except to enable requests for service to be made.

Requests for service will:

  • Forward the request to ESS Staff by email.
  • Send an automated response to the submitter.
  • Store the request for a period of time within the system

Whilst every effort will be made to secure the data provided, it should be viewed as insecure across email.  

Data at rest is encrypted.

Data Held

The data held is minimal but does constitute personally identifiable information (PII) because it contains the name and work contact details of the enquirer.

The extent of the data collected must allow ESS staff to contact the enquirer with regard to their enquiry.  It is acceptable but less desirable to record generic information for example:

                                         Forename:         Development

                                         Surname:           Manager

                                         Email:            development@partner.com

In the case of a live relationship with a partner company, the name of a real person would ease communications, for example a phone call for example to ESS asking for the ‘Development Manager’ would be ambiguous.

As a response to enquiries, ESS will create records of communications and requests within other ESS systems used to manage customer / potential customer relationships and to manage any requests for services. 

Data Usage:           

The data held will be used for the management of the system and contact with the company concerned with regard to the service provided and / or contracted. 

On occasion we may send automated mail relevant to the management of the system and/or the usage of this system. 

The data will not be provided to persons outside of ESS.

Assessment of Risk

On the assumption that users provide only the information requested and that contact information is for work and not personal/home contact information then the risk to individuals from the PII held is very low. The anticipation is that contact information provided would be work related contact information and the property of the company rather than the individual.

Data Retention      

  • Data within the system will be held for an unspecified period for the purposes of legal compliance and operational needs.
  • Data held within ESS's email system will typically be held for a period of up to 6 years for the purposes of legal requirements. 

Policy for Data Breach

  • The PPI data held is intended to identify a person in their normal place of work and to enable ESS to contact them. The remainder of the data is commercially sensitive rather than personally sensitive.
  • ESS will follow our corporate policy in case of any reported data breach.
  • ESS will happily change data held to a generic non-PPI version as discussed above upon request.
  • ESS will comply with all requirements of GDPR reporting in regard to any data breach reports.
  • ESS report any concerns to SIMSPartnerManagement@parentpay.com

 

Data held:     

Area

Field

Area

Field

Contact

Company Phone

Company

Company Name

Contact

Company email

Company

Website

Contact

Last Name

Company

Mailing Address 1

Contact

First Name

Company

Mailing Address 2

Contact

Title

Company

Mailing Address 3

 

 

Company

City/Town

 

 

Company

County

 

 

Company

Country

 

 

Company

Post Code

 

 

Company

Requirements for integration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Access to ESS Products

Partners may be granted access to ESS products for test, development, support and other purposes based on wholly fictitious training data as a result of the partner registration process; we refer to these as ‘Demo Systems’.  ESS will often allow data in Demo Systems to be updated but can not accept responsibility for data breaches of real data keyed or otherwise entered in to any Demo System provided. 

For example:A user chose to add the details of their child in to a ESS SIMS Demo System then it is possible that the data would be visible to other people and breach the rights of the data subject.

ESS expressly forbids users of Demo Systems entering details of living people.  Users are asked to make up example data.

For similar reasons, please ensure that any data ‘made up’ is inoffensive based assuming that any accidental viewer is easily offended.