Being an online organisation and with digital technology at the heart of everything we do, online safety for our customers is paramount, especially as the majority of our users are students of primary school age. EducationCity complies with the General Data Protection Regulation.
In-Product Data Collection and Use
EducationCity provides a personalised experience for its users. Account information for EducationCity users including administrators, teachers and students are password-protected so that only the user, account administrators and teachers have access to this personal information. By requiring users to log in, students using EducationCity can access the relevant content and their progress can be monitored.
We recommend that you do not disclose your password to anyone to keep your data secure. EducationCity will never ask you for your password when contacting you by phone or email. EducationCity automatically logs users out after one hour of inactivity if they are logged in as an individual user. When you have finished using EducationCity, we recommend that you log out. This is to ensure that others cannot access your account information if you share a computer with someone else or are using a computer in a public place such as a library.
EducationCity’s backup procedure allows for storage for typically up to nine days and includes a full backup at the end of every working day, which is stored securely off-site.
EducationCity collects the following data and stores it securely:
Teachers and Administrators
EducationCity enables teachers and administrators to create and set up their own account. This allows teachers to upload and manage their own classes, set work and monitor progress with added security. We ask teachers for their title, first name, last name, email address, username and password, with the collection of their role and subject interests as optional.
At all times, within the definition of the General Data Protection Regulation (GDPR), the school and its employees retain the status of Data Controller for the data stored on our cloud service. The data obtained from the school’s systems always remains in the ownership of the school, or that of the individual (employed) users. EducationCity shall be the Data Processor for the purposes of the GDPR.
When creating a new student account we require a first name, last name, username, password and class, with academic level, date of birth and gender as optional fields. It is strongly recommended that this information is securely uploaded directly via your web portal.
We do not encourage schools to email attachments containing student data to EducationCity, but if you do so, it is the responsibility of the individual concerned to follow their organisation’s internal data protection protocol and ensure either whole email encryption or robust protection of any attachments.
Following teacher feedback, optional fields have been made available to record useful and relevant data against the student’s name. Data is input by the teacher and any work completed by the student (when logged in) is saved and stored against their profile.
Marketing Data Collection and Use
On our website, we request personal information in the following areas:
Mailing List – Your email address in order to send you relevant news and updates.
Free Resources – Your first name, last name and email address. We use this information to send you a copy of the free resource you have downloaded.
Support – Your title, first name, last name, email address, school name, postcode, country and telephone number. We use this information to link your question to your school account so that we can contact you with a relevant and timely response.
Free Trial – Your title, first name, last name, email address, school name, postcode, country and telephone number. We use this information to either link you to your school account, or set up a new school account in order to provide you with trial access.
When providing us with your information, you will also be given the option to opt in to a number of different communications from us, which fall into the following categories: free resources, product updates, events and training, free trials, special offers. However, your chosen action is not dependent on opting in to these communications.
In all cases, the information will be stored within our marketing information system (Marketo) and subscriber management system.
Updating Your Information
You can update your account information by calling the team on +44 (0)1572 725080. This is available to the account administrator or head teacher only. The administrator has control of all users in its school and can add/change/delete on request.
Data kept for marketing purposes can be changed at any time by clicking on the unsubscribe link on any email from us. From this link, you will be able to access the marketing preferences linked to your email address, meaning you can limit contact to free resources, product updates, events and training, free trials and/or special offers, or deselect yourself from all non-account based emails entirely. Alternatively, you can email firstname.lastname@example.org to update your information.
How long does EducationCity keep data?
Why We Delete Data
EducationCity stores data for its users. To ensure that EducationCity does not hold user information in perpetuity, it has set criteria for the deletion of unused data. This information will be deleted daily.
EducationCity holds data for Teacher, Student and Admin user accounts. If these accounts are left inactive for two years they will be deleted. The definition of inactive is if the user has not logged in (via any route) for two years.
Any saved score data will be deleted after five years on a rolling basis. Even if the student is still active, we will only hold five years’ worth of results per child; if more is required, the export data feature should be used. If a student is deleted as a result of being inactive for two years, all score data held for that student is also deleted. Data to be deleted includes Activity, Test and PlayLive scores, and Revision Journals.
If a Teacher or Admin user is deleted due to being inactive for two years, or a Teacher or Admin user is deleted via the user interface/front end, then their MyCities become ‘un-owned’. Any MyCities that contain no content will be deleted after two years. No MyCities will be deleted for an active user.
- Usage Statistics
Usage statistics of EducationCity at school level will be stored in EducationCity’s subscriber management system and will be kept in perpetuity. No personal/user level information can be extracted from this data.
EducationCity has a strict policy of not sharing any information about students with anyone outside the organisation. EducationCity will not share data with third parties unless explicit instruction is given by the school in question, for example, to integrate with a VLE provider, and we will never sell user information or data collected from our website.
EducationCity uses a number of data processors to facilitate communications and support of your subscription. We remain the data controller of your data and these processors only process your data in accordance with our strict instructions. We periodically audit our data processors to ensure they comply with the GDPR and our contract.
We use the following data processors:-
- Marketo (www.marketo.com) – provide marketing services that allow us to manage Teacher & Administrators communication preferences, including delivery and tracking of email campaigns.
- Click4Assistance – (www.click4assistance.co.uk) – provide our in-product instant messaging/assistance service to Teachers & Administrators.
Security and Protection of Your Information
All remote access to the EducationCity web application is conducted over HTTPS, an encrypted web link secured using Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception.
External Data Storage
EducationCity stores data on our secure database servers. The servers are housed in secure data centres, trusted and used by many of the country’s leading organisations. Physical access to our servers is strictly limited to data centre staff, our own IT staff and accompanied external contractors when needed, in order to maintain the servers. Access to the servers in the data centre requires proof of identify (photo ID) and is controlled by magnetic card readers and keys to both the cages and individual cabinets that surround the server racks, all of which are monitored by the data centre security staff using CCTV. Remote access to the data is limited to the tools needed by the IT support staff to maintain and operate the servers and is restricted to known users (identified by usernames and secure keys) connecting from known locations (IP addresses).
Transfer of Data Outside of the European Economic Area
All data entered and saved on the EducationCity product is stored and backed up on secure database servers within the UK. Any email communication with us will go through our email system (Microsoft Office 365) which is held on Privacy Shield compliant servers held in the USA – the US Privacy Shield policy is available to view on request. Wherever possible we request our customers to upload their data directly to the EducationCity product rather than emailing it to us. If you do choose to send us data via email we undertake to delete such data once actioned.
Access to Information
The General Data Protection Regulation gives you the right to access information held about you. Your right of access can be exercised in accordance with the regulations.
To ensure that the user receives the best customer care, EducationCity’s staff have access to user data (dependent upon their role). Staff access is controlled via documented System Access Requests and is only granted on a need-to-know basis.
EducationCity and Cookies
A cookie (also called a HTTP cookie, web cookie or browser cookie) is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website, which is subsequently sent back to the same website by the browser.
To function, a cookie asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and will subsequently recognise you when you return to a particular site and/or help EducationCity analyse its web traffic.
Overall, cookies help us provide you with a better product, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Visiting EducationCity could result in one or several of the following types of cookie being set:
- Session Cookies
- Google Analytics, Hotjar and New Relic Cookies
- Marketo’s Munchkin Cookie
- Local Shared Objects (Flash Cookies)
Please follow this link for more detail.
Session cookies allow users to be recognised by our website and securely store authentication and subscription information so that you maintain continued access to content and records that are correct for and relevant to you.
Google Analytics, Hotjar and New Relic Cookies
Each and every time a user navigates around the EducationCity website, Google Analytics, Hotjar and New Relic set anonymous analytics cookies to record information about the pages he/she has viewed. These cookies give us an insight into how the website is being used, give us information about whether a visitor is a first-time user or not, tell us where they found us from and where they spent their time on the website, all of which can help us improve our site over time.
Marketo’s Munchkin Cookie
Every time a user visits the EducationCity website from an email, Marketo sets a cookie to record information about the pages that have been viewed. This information gives us an insight into which pages are being accessed and allows us to react with tailored automated marketing campaigns, which meet the information needs of that specific user.
Local Shared Objects (Flash Cookies)
Local Shared Objects, commonly known as Flash cookies, are pieces of data that websites and online products like EducationCity, which use Adobe Flash, may store on a user’s computer. To improve the user experience, Local Shared Objects can be stored or retrieved whenever a user accesses a page containing a Flash application and store their user preferences. Flash cookies are stored on a user’s device much the same as cookies are, however it is not possible to manage them at browser level in the same way.
First Party Cookies Used on EducationCity and What They Do
||Description / Purpose
||Used to save the country that the user last selected at login, so that he/she doesn’t have to select it each time.
||Used to store authentication information so that the user can log in and access their subscription.
Third Party Cookies Used on EducationCity and What They Do
||Description / Purpose
||Used to distinguish users.
||Used to manage request rate.
||This cookie is typically written to the browser upon the first visit to this site. If the cookie has been deleted by the browser operator, and the browser subsequently visits this site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to this site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. This cookie usually has an expiry date set to two years from the first visit.
||This cookie is used to establish and continue a user session with this site. When a user views a page on this site, the Google Analytics code attempts to update this cookie. if it does not find the cookie, a new one is written and a new session is established. This cookie expires when a user pauses on a page on the site for longer than 30 minutes.
|__utmc [and __utmb]
||The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters this site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires.
||This cookie stores the type of referral used by a visitor to reach this site, whether via a direct method, a referring link, a website search, or a campaign such as an advertising or email link. It is used to calculate search engine traffic, advertising campaigns and page navigation within this site. The cookie is updated each page view to this site.
In addition to the cookies listed above, EducationCity also uses third party cookies on its website from:
a) New Relic and Hotjar domains. Much like Google Analytics, these are used to anonymously collect usage and performance data for the platform.
b) Marketo’s marketing platform. These tracking cookies are set upon the user interacting with emails from EducationCity and collect de-anonymised data when users log in having followed links in certain emails.
How to Control and Delete Cookies
EducationCity relies on cookies to authenticate its users and provide you with the correct content. Should you wish to control the cookies that are set, stop them being used or delete them altogether, you can do but restricting or preventing any cookies may negatively affect your experience of the site.
All the latest browsers allow you to change your cookie settings. This is usually within the Settings section of the browser menu but accurate information for each browser can be found by clicking on the links below:
How to Disable Flash Cookies
For information on how to manage or disable Flash cookies, click here to access Adobe’s website.
To find out more about cookies and their various uses on the Internet, click here.
You may contact us at any time via email (customerservice@EducationCity.com) or post. Our postal address is: EducationCity, 8/9 Saddlers Court, Oakham, Rutland, LE15 7GH, UK.