Capita Education Software Solutions is a trading name of
Capita Business Services Ltd. Our Registered office is 30
Berners Street, London, W1T 3LR and our registered number
is 02299747. Further information about Capita plc can be
found in our legal statement.
ESS Partner Management Portal (accessed by ESS staff)
ESS Partner Registration Portal (accessed by the general public – for applications only)
Partner Portal (Accessed by partners)
Purpose:
This is a set of public/internal facing websites which enables ESS and their Partners to manage access to SIMS Primary and other APIs. In so doing these portals will enable ESS and Partners to manage access to school’s data held in SIMS by partner products.
Security:
Azure AD including 2 factor authentication where appropriate.
Data at rest is encrypted.
The SIMS Partner Management Team control access to the limited data stored.
Data Held:
The data held is minimal but does constitute personally identifiable information (PII) because it contains the name and work contact details of ESS’s contact at the partner’s company.
The extent of the data collected must allow ESS’s Partner Team to contact the partner with regard to their development. It is acceptable but less desirable to record generic information for example:
In the case of a live relationship with a partner company, the name of a real person would ease communications, for example a phone call for example to ESS asking for the ‘Development Manager’ would be ambiguous.
In the case of a partner choosing to end their relationship with ESS, we would ask that at PII be replaced with a valid generic set of details.
Data will be extended to record support details for specific products which will be released for live usage. We would urge partners not to provide personal emails for this purpose but to provide generic but targeted product contact details(PCD):
The data held will be used for the management of the system and contact with the company concerned with regard to the partner service provided and / or contracted.
On occasion we may send automated mail relevant to the management of the system and/or the usage of this system.
The data will not be provided to persons outside of ESS and more specifically outside of nominated members of the partner team.
At a future point in time we will provide the PCD to end users to enable them to easily onboard the partner’s products and obtain support when required.
Assessment of Risk:
On the assumption that users provide only the information requested and that contact information is for work and not personal/home contact information then the risk to individuals from the PII held is very low.
The information that we would expect would often be available on public web sites and ‘Contact John Smith at John.Smith@example.com for further information’ is not uncommon as an addition.
Data Retention:
Partners are welcome to replace PII with generic addresses at any time and at that once this has been affected, ESS will no longer hold PII within the system for registrants.
Data within the system will be held for an unspecified period for the purposes of legal compliance and operational needs.
Policy for Data Breach:
The PPI data held is intended to identify a person in their normal place of work and to enable ESS to contact them. The remainder of the data is commercially sensitive rather than personally sensitive.
ESS will follow our corporate policy in case of any reported data breach.
ESS will happily change data held to a generic non-PPI version as discussed above upon request.
ESS will comply with all requirements of GDPR reporting in regard to any data breach reports.
Data held:
Area
Field
Area
Field
Contact
Company Phone
Company
Company Name
Contact
Company email
Company
Website
Contact
Last Name
Company
Mailing Address 1
Contact
First Name
Company
Mailing Address 2
Contact
Title
Company
Mailing Address 3
Company
City/Town
Company
County
Company
Country
Company
Post Code
Company
Requirements for integration
Future Data
As discussed above we intend to extend the data held, however will ask partners not to use PII.
Product: ID
Support Email: Non-personal email for support of the product
Support Phone: Non-personal phone for support of the product
Forename: Use generic e.g. School
Surname: Use generic e.g. Support
Access to ESS Products
Partners may be granted access to ESS products for test, development, support and other purposes based on wholly fictitious training data as a result of the partner registration process; we refer to these as ‘Demo Systems’. ESS will often allow data in Demo Systems to be updated but can not accept responsibility for data breaches of real data keyed or otherwise entered in to any Demo System provided.
For example:
A user chose to add the details of their child in to a ESS SIMS Demo System then it is possible that the data would be visible to other people and breach the rights of the data subject.
ESS LTD expressly forbids users of Demo Systems entering details of living people. Users are asked to make up example data.
For similar reasons, please ensure that any data ‘made up’ is inoffensive based assuming that any accidental viewer is easily offended.
Feedback
Have something to say? Want to suggest improvements?