sparkPRO


[ Log In ]

PRIVACY POLICY

Introduction:
spark software is registered and works within the regulations of the Data Protection Act (1998 and 2010). This policy also reflects the GDPR (2018). You have the right to request our help to include spark in your data protection audit and we are happy to assist but may charge you for our time in assisting you with this process. We advise this policy is read in conjunction with our Safety Policy and the Terms and Conditions which also highlights further detail.

Terminology:
"Setting": an individual/establishment/organisation offering care and education for children under eight years old
"Designated Supervisor": generally the business owner or one or more designated persons decided by the business owner. They 'take charge' of the software within the establishment. This will include setting-up passwords and permissions for those who are able to have access to the software
"Permissions": information requested by the software in relation to that person's restrictions in the use of the software, controlled by user name and password
"sparkCUSTOMER": this is the business owner/committee chair/person who tells us they run the business
"sparkUSER": any member of staff, including the sparkCUSTOMER or parent using spark software

Part One - Collecting Information
We may ask for certain information and it is for you to choose, to give to us. This is to enable us to process the information to set up your spark software and to ensure we are able to provide a quality ongoing service/support and training to meet your personal needs, and to ensure we are able to process payments alongside the software being used. It is important that you keep your details with us up to date, otherwise you may not receive important information from us.

If you contact us by email or through our websites then we will store and process the information you provide to enable us to provide a service to you via, personal conversations, emails, resources and newsletters.

Information given to us is not shared with any other party outside our company. All information held is in the strictest confidence. Your logo, with permission, as one of our customers is added to our website and we hope you may give a testimonial for us to publish alongside it in the future.

From time to time, we may gather information via surveys and undertake research projects with particular settings, who choose to opt in to provide us with information. We use this information to improve our service or to gain statistical information to promote the software. In all cases the source is never disclosed without your permission.

spark staff will only interact with sparkCUSTOMER’s personnel where the sparkCUSTOMER has given permission and where we can verify who we are communicating with. We will try to assist parents using spark@HOME but generally, we will not have access to passwords etc so will need to refer them back to the setting.

On terminating a contract, only information pertaining to financial records will be preserved after the end of our financial year which is August 31st.

Part Two – Supporting You
MP4 recordings in relation to demonstrations or for training are shared with the person that takes part in the process, unless permission is otherwise given. Links to these recordings are kept for as long as possible for the sparkUSER but are destroyed when a purchase isn’t made within a year, or when we are aware a potential customer has purchased elsewhere and immediately a contract is terminated.

Periodically, we make resources to support processes and the use of the software in your setting. Word documents may be changed to suit your own requirements.

These recordings and resources are made for your use and you are welcome to use them with your team to make management decisions and support practice. Furthermore, some are designed to share with parents and external professionals at your discretion.

We will invite you or encourage you to befriend Catherine Lyon on Facebook, so in turn we can invite you to the spark and/or sparkUSERS Facebook Groups. This is your choice and not a compulsory element of using spark software. Both are private groups, organised to deliver information to you about spark and information pertinent to early years. You are responsible for the data you choose to share with others in the groups.

Part Three - spark Software
The data on your spark software is protected by a secure password system that enables a Designated Supervisor to change passwords for staff if they wish and delete personnel as appropriate.

Passwords, considered to be ‘strong’ have to be given to each sparkUSER. Designated Supervisors and individual users may change passwords periodically. Passwords cannot be seen by the Designated Supervisor once they are set. Parents should be encouraged to change their temporary passwords given by their setting. As staff leave the setting they should be removed from the system by a Designated Supervisor, thereby preventing access to the data stored within the system. Repeated incorrect entry of passwords disables spark for that setting - a reset request has to be made to spark support team. A ‘time out' feature closes spark, forcing a new log-on if the software is left without logging out.

Personnel of spark cannot access the data of individual settings. The Designated Supervisor may choose to give personnel from spark access to their data by assigning a temporary user name and password. After use, this password should be deleted by the Designated Supervisor in order to preserve data privacy.

The data is stored on secure servers within the UK with Microsoft Azure. Information within the software is requested to serve the purpose of supporting children's well-being, learning and development via the various features to support your setting in your EYFS curriculum delivery. The software only requests data to meet that aim.

The setting as the DATA CONTROLLER
By using spark software the sparkCUSTOMER is the Data Controller. Anyone using the spark software must do so in compliance with the current data protection legislation in force at that time. The Data Controller must respond to any lawful data request in accordance with that legislation and spark will assist you with any such request. It is important you ensure the temporary passwords given to first log into your software are changed to keep your software totally secure. You decide what data to enter, including extra sparkUSERS and what reports you wish to analyse. You also have the opportunity to download and distribute information from the software as you wish, as appropriate. You can add extra information about observations, on reports, change, delete, correct etc. You can also download information in response to requests to see data.

It is important also that you enter accurate email addresses into the software for parents, carers and external professionals to ensure they receive the information you send them and give sparkLINK codes and initial passwords for spark@HOME to the correct family so they only see their child’s records. Also, we would advise you to seriously consider if it is appropriate to upload photographs containing other children as evidence for a child’s learning journey.

The data belongs to your setting, not spark. It is advised you gain parental/guardian’s permission to enter details onto the software and explain why this is desirable in your role with your customers as their Data Controller. Therefore, it is your responsibility for the data entered on spark and where appropriate, to remove data if consent is withdrawn. As the Data Controller you must comply with data protection law. As a consequence, you should respond to data protection requests (informing people, giving access, providing rectification, erasing data, restricting processing, and confirming that spark does not provide for automated profiling and decision making beyond suggesting the 'next steps' in planning for each child's learning and development).

Any request for data by the family/legal guardian of the child, must be carried out in accordance with the current data legislation, at no cost, to receive the data. We will assist you to exercise their rights under the data protection legislation. On termination of the Contract we will destroy all data pertaining to the customer, after six weeks unless you request, in writing for the data be returned to you, within that six week period.

Any breach in security in relation to data held must be reported to spark, within 72 hours.

spark as the DATA PROCESSOR
Data entered is not used for any other purpose. It is not downloaded by us and is not shared with a third party. All data entered on spark is rarely or never accessed by our team (then only with your permission). We do not share it, sell it or use the detail for advertising purposes as it is your data. It is all stored securely as per our security policy.

In our role of Data Processor we monitor statistical data; such as the frequency of use and over a period of time, for payment reasons, general marketing purposes and to ascertain the amount of storage space currently used to predict future storage requirements. Should this information be used in a public manner it is anonymously given and in a generalised manner.

Child records and all associated achievement and reporting records are deleted automatically when the child reaches the age of nine, together with all photographs.

Records are kept for the 'lifetime' of the software licence (as determined by the terms and conditions within the software), after which the setting’s data is deleted (following opportunities to download information).

Sensitive data in transit between client browsers and server is encrypted by SSL. Data is encrypted at rest by Transparent Data Encryption (TDE) using AES and 3DES. Cookies are used, but are deleted automatically after one hour if unused. In the unlikely event of any Data Breach, we would inform you immediately. All complaints in relation to Data Protection should be made to Catherine Lyon, Data Protection Officer (catherine@sparkearlyyears.co.uk)