Data Security Policy
1.0 Data Protection Act
DrStuartAtkinson.com Ltd is registered with the Information Commissioner’s Office (ZA329439) and processes data in accordance with the Data Protection Act 1998 and the Code of Practice issued by the regulators of England, Wales and Northern Ireland.
1.1 Software Data Usage
For users of DrStuartAtkinson.com Ltd “Atkinson Report Generator” software, DrStuartAtkinson.com Ltd does NOT directly access or handle any personal student data. All sensitive/personal data relating to students remains on the Users computer and does not leave their computer. This includes personal data relating to: candidates’ name(s), grades, gender and special educational needs (SEN) status and a school’s own internal pupil identifier in the context of progress analysis. This data is not shared with DrStuartAtkinson.com Ltd or any other 3rd parties. In this context, DrStuartAtkinson.com Ltd is not a “Data Processor” under Article 28 of the GDPR but instead provides software for securely processing data by the User locally.
The software provided by DrStuartAtkinson.com Ltd does collect Usage, Account and Service data. This includes the user account data (username and encrypted password, email and usage statistics) that integrate the software to the online user account database. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, software and business. Further details can be found on the privacy and cookies policy on Our website.
1.2 Bespoke Development & Software Troubleshooting
Under some situations it may be necessary for a User to share student data with DrStuartAtkinson.com Ltd. This includes personal data relating to: candidates’ name(s), grades, gender and special educational needs (SEN) status and a school’s own internal pupil identifier. This could be for one or more of the following administrative activities in relation to the processing of candidates’ personal data: troubleshooting or bespoke software development in the context of progress analysis. This process will only be undertaken with the prior agreement with the User/Customer via a secure and agreed method of data transfer or remotely via secure screen sharing. In this instance such data received will not be used for any other purposes by DrStuartAtkinson.com Ltd. In the aforementioned instances of data access by DrStuartAtkinson.com Ltd, We:
• will only act on the Customers written instructions (unless you are legally required to act without our prior instructions), including the transfer of any personal data to a country outside the European Union
• will ensure that all persons engaged in processing Your data are under a strict duty of confidentiality
• will take appropriate measures to ensure the security of personal data
• will only engage a sub-processor with our prior written authorisation and the sub-processor must be subject to a written agreement which meets all the requirements of Your contract
• will assist a Customer in responding to any requests from individuals exercising their rights under the GDPR
• will assist a Customer in meeting Their obligations under the GDPR, in particular, Their obligations relating to the security of processing, the notification of a personal data breach and data protection impact assessments
• will delete or return all personal data to a Customer at the end of the Contract period
• will submit to audits and inspections, provide the Customer with whatever information we need to ensure that both organisations meet our respective obligations under Article 28 of the GDPR and will inform the Customer if We are asked to do something with Your personal data which We believe would infringe the GDPR or other applicable data protection laws.
It is recommended that schools/colleges include DrStuartAtkinson.com Ltd within their ‘fair processing notice’ (please see example below).
1.3 Fair Processing Notice
The following is an example of a ‘fair processing notice’ entry that existing customers should feel free to use within their school’s notice.
“DrStuartAtkinson.com Ltd: a third-party organisation called DrStuartAtkinson.com Ltd provides Software and services that are valuable in helping educational organisations to monitor and improve the quality of education they provide by allowing them to analyse student, class and subject performance in great depth. DrStuartAtkinson.com Ltd does not handle student data for most services, whereby sensitive data remains securely under the control of the School and is analysed through use of the Software locally on the Users computer.
In addition, the school may request the services of one or more of DrStuartAtkinson.com Ltd Data Consultants to assist with the provision of software products in terms of bespoke development or troubleshooting. This may require the School to send information about learners to DrStuartAtkinson.com Ltd. The information required by DrStuartAtkinson.com Ltd in this context includes the pupil’s first name, surname, gender, ethnicity, grades, SEN code and other factors such as ‘Pupil Premium’ and ‘Children in Care’ status. The purpose of this may also require authorised remote access to the school’s management information system (MIS) or Data handling system (4Matrix/SISRA), which could mean access to sensitive personal data. The school will fully supervise any access while the Data Consultant provides services and remain responsible for any data processing that the Data Consultant might perform.
Data Protection Officer, DrStuartAtkinson.com Ltd, 35 Drake Avenue, Teignmouth, Devon, TQ14 9NA”
2.0 Data Storage
3.0 Data Encryption
DrStuartAtkinson.com Ltd uses a combination of the Secure Hypertext Transfer Protocol (HTTPS) along with the Secure Sockets Layer (SSL) protocol to provide encrypted communication and secure identification of our web servers.
Please also see our Privacy and Cookies policy for details on how we use data on our website.