Managing Privacy and Personal Data – classroom.cloud at a glance

Hi guys! We just wanted to give you a run-down on how NetSupport (as most humans know us) protects your users’ data and helps respect their privacy when you have, or are looking to get, a classroom.cloud subscription.

This guide is about where and how NetSupport Group uses your data – and these are your instructions to us.

Click here to read the full Data Processing Agreement.

Types of data we collect to use (Tell me why)

  • Contact details
  • Information we get from other systems
  • Information that identifies users
  • Information on how your users use classroom.cloud
  • Lesson activities
  • Possible safeguarding issues

How we use your data (How exactly?)

  • To provide you with an online, classroom management system for learning and teaching in lessons, including controlling access to applications and the internet.
  • To monitor and provide information/evidence about what learners are doing during and outside of lessons, which may indicate possible safeguarding issues.
  • To send nominated staff information about possible safeguarding issues.
  • To keep classroom.cloud running and improve the existing service and tools.
  • To give personalised customer support.

Sub-processors and partners who process your data (What do they do?)

NetSupport uses the following services to help us store and process your data on our behalf:

  • Infrastructure: Microsoft Azure
  • Analytics: Google Analytics
  • Integrations: Microsoft SDS, Google Classroom
  • Comms: Twilio Sendgrid, Tawk.to

We use cookies (How can I choose?)

  • We use only necessary cookies to run and improve the service.
  • We use only necessary cookies to run and improve how we manage our customer relationship with you.
  • Our third-party service providers use cookies too, which they control.
  • You can turn off cookies but this will mean, for example, that we can’t recognise you in in-app functions or we can’t resolve issues so efficiently.

When and how we collect data (Am I included?)

We collect data from people browsing our website, NetSupport customers and people who view or obtain support through NetSupport, when…

Helping you support user rights (What can users do?)

All users have to come through your organisation to make use of their rights. To support that, we make sure that:

  • You can access information we hold for you.
  • You can ensure information is held for you.
  • You can complain about us.

If you have any concerns about your data’s privacy at NetSupport, please get in touch via our contact form, email us at [email protected]  or hit the Chat button on our website to talk to us.

 

The classroom.cloud Data Processing Agreement

Our role in your privacy

If you are a NetSupport customer or subscriber, or just trialling our platform, this agreement applies to you. As part of the Terms of Service and Privacy Policy in our contract with you, you should check this agreement to make sure that this is understood to be the instructions that YOU (the Data Controller) give US (the Data Processor), as we are the provider of the classroom.cloud platform.

 

Our responsibilities

If you are a registered customer or using a trial, we act as the ‘Data Processor’ of personal data. This means that we provide you with a service that allows you to process personal data based on the purpose and means that you have decided on. We are registered with the UK Information Commissioner’s Office under number Z9139408

 

Your responsibilities

  • Read this Data Processing Agreement.
  • Check any contract between us or any other document we have asked you to look at, as these may also have specific information that you want.
  • Where you have provided us with personal information as part of our service, or where your end-users (staff and children) have provided us with personal data, it will only be used for the reasons it was provided to us. By submitting the information to us, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Data Processing Agreement.

What if I am just using classroom.cloud as a user (such as a member of staff or a learner)?

If you are signing into classroom.cloud because it is provided to you through your organisation (that is to say, the organisation is the Data Controller and we are the Data Processor), then this document will help you better understand how NetSupport handles your information on behalf of your organisation. In addition, your organisation will be able to explain more through things such as their Privacy Notice. You should be able to find this on your organisation’s website or it may have been provided to you as part of general organisation information. If you are being contacted by us as a customer (e.g. processing your order information), then we are the Data Controller and it is not covered within this guide. Please see NetSupport – Privacy for more information.

 

When and how we collect data

From the first moment your users interact with classroom.cloud, we are collecting data. Sometimes users provide us with data, sometimes your organisation provides us with data and sometimes data about users is collected automatically.

Here’s when and how this is done

 

What types of data we collect

Contact details

Your name, email address, role in the organisation, groups such as class/year/department, contact numbers, organisation details.

Data that identifies you

Your IP address, login information, browser type, time zone setting, browser plug-in types, geolocation information about where you might be, the device you are using, operating system and version, applications installed and used, websites accessed.

Data on how you use classroom.cloud during lessons

Images of your desktop whilst you are working; responses to surveys provided by your teacher/instructor; requests for help/chats with your teacher/instructor; rewards points; applications used and websites accessed.

Data on how you use your computer or device, for safeguarding purposes

Images or video of your desktop whilst you are working; matched phrases or keywords; requests for help/chats with your teacher/instructor; rewards points; applications used and websites accessed.

What about really sensitive data?

We know that you will be using classroom.cloud in lessons and other general activities as part of life in your organisation. When your learners are using their devices during lessons, talk with others via their devices and share how they are feeling or their particular experiences, then you may be sharing sensitive information. You may also include learners in particular groups based on ‘sensitive data’ (like racial or ethnic origin, political opinions, religious/philosophical beliefs, genetic data, biometric data, health data, or data about your sexual life). Where you share sensitive information or we use it, then it will be allowed based on how you, as an organisation, have agreed to it. We will process this information on the understanding that you have a Lawful Basis for processing it. This may include explicit consent or substantial public interest, but this will need to be shared by the organisation through the organisation’s Privacy Notice.

What about children’s data?

classroom.cloud is designed to provide organisations with resources to support the curriculum, tools to help with pastoral support and/or tools to support safeguarding. This means that both staff and pupil personal data will be used. We know this and take additional care as a result.

 

How and why we collect your data

Data protection law means that we can only use your data for certain reasons, where instructed by the organisation and where they have a lawful basis to do so. As part of the building of classroom.cloud, we have taken this into account and these are the areas we have identified and are likely to be used by your organisation. Where there are differences to our normal list, it is because your organisation has identified something differently, which you can do as Data Controller.

 

Giving you classroom.cloud and all relevant resources

This means making sure that classroom.cloud gives you all the available tools. This includes access to resources, interactions between teachers and pupils and helping you get assistance.

Lawful basis for this data usage: Public Task/Substantial Public Interest.

 

Improving classroom.cloud

This means making sure that classroom.cloud is the right tool for you and works as you need it to, including any improvements needed to make sure it continues to be the right tool. This will include technical support and analytical information.

This may also mean taking personal data and anonymising it so that when different people within NetSupport use it, we have protected it as much as we can.

Lawful basis for this data usage: Public Task/Substantial Public Interest.

 

Here is what each of the “lawful bases” means:

Public Task

This states:

“…processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”

This means that the organisation, as a public authority, has many things it does with children’s personal data. It has to do these things as it has been told that it needs to do it (by laws, regulations or statutory guidance) or it does the task as it is in the best interest of the children.

Substantial Public Interest

This states:

“…processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;”

This means that the organisation has taken extra measures to ensure that any information is safe (including having the appropriate policy documents). It also means that the organisation has taken the approach that the use of any ‘sensitive data’ is part of its work on safeguarding children and helping to identify and work with any who are at risk.

Other Lawful Bases

It may be that your organisation has decided it cannot use Public Task and/or Substantial Public Interest. This could be for a variety of reasons. If your organisation is an independent school, then it may be that you are using the contract between the parent and the school as the reason, or you have asked the parent/child for their consent (which has been freely given). Where ‘sensitive data’ is used, then it may be that explicit consent has been given.

Other options are available and the schools or organisations will have checked to see which is most appropriate, including anything needed to keep things safe.

 

Your privacy choices and rights

You have various rights about your personal data. These are all managed directly by your organisation and any questions about the rights would normally be dealt with by the organisation. These may vary, depending on the lawful bases mentioned in the previous section.

Your Choices

We will only use the personal data you give us. Where we have been given personal data by your organisation and instructions on what to do with it, giving us more personal data will depend on what your organisation says is needed. We will only use what has been provided.

Turning off cookies in your browser by changing its settings. There are various settings in your web browser that you can use to block or refuse cookies. You can also delete cookies through your browser settings as well. However, if you do delete cookies some of classroom.cloud may not work. We have already mentioned that we collect some information about your computer and how you use classroom.cloud, and any cookies we use really are needed.

No need to ask us not to use your data for marketing. Any information you provide to us or that you create when you use classroom.cloud is only ever used as part of giving you classroom.cloud. We do not use it for any marketing or anything else.

Your Rights

Please have a look at your organisation’s Privacy Notice for how you can exercise your rights.

 

How secure is the data we collect?

We have organisational and technical measures in place to safeguard and secure the information we hold, based on standard industry practices. More information can be provided about this on request, as we prefer not to publicly publish too much security information as a measure to protect our services.

And please remember:

  • Only share personal data where you need to.
  • You are responsible for your username and password, so keep them secret and safe!
  • If you believe that your privacy has been breached, then contact your Data Protection Officer or follow the guidance your organisation provides.

Where do we store your data?

The personal data we collect is processed at our offices in Peterborough or regional offices, or our platform, which is hosted by Microsoft Azure Services in the UK or US (depending on your geographic location).

By submitting your personal data, you agree to this transfer, storing or processing by us. No personal data is transferred or stored outside of the UK or EEA. If we do start to transfer data outside of the UK or EEA, we will notify you, including explaining any steps being taken to ensure that your privacy rights continue to be protected as outlined in this Data Processing Agreement.

For how long do we store your data?

We continue to hold all ‘active’ data (data that has been provided and is linked to active accounts on a verified licence) until the following:

  • If your subscription licence has run out and accounts are no longer active, personal data is kept for 30 days and then securely deleted.
  • We also operate a rolling backup that retains safeguarding data for 13 months.
  • We can extend the length of the rolling backup, but additional agreements and costs may be needed.

 

Partners (sub-processors) who process your data

Edtech businesses often use contractors and outside companies to help them host their applications, power their support tools, etc. Any company or individual that we use when processing information under this agreement is a “sub-processor”. This means that any agreement or contract we have with them is, at least, as strict as this agreement. We make sure that we are happy that they will also take the same level of care of the personal data you are trusting us with, including checking if they hold any certificates for their work.

Here are the details of the main sub-processors and service providers; what they collect, process and store; and a general explanation of why.

Infrastructure

Service provider
Data collected or processed
Purpose
Place of processing
  • Contact details
  • Use of the platform
  • Safeguarding information
This is a web hosting provider. We use it to store the application
UK, US, DE (location dependent on location of customer)
ServiceDesk
  • Contact details
  • Technical Information
To provide support and training.
UK
 
 

 

Analytics

Service provider
Data collected or processed
Purpose
Place of processing

Google Analytics

  • Device details
  • Ad ID details
  • Safeguarding information
Understand user activity to ensure the right solution works
US (TBC)

 

Integrations (optional)

Service provider
Data collected or processed
Purpose
Place of processing
Microsoft SDS/M365
  • Authentication ID
  • Groups
  • Safeguarding information
To enable access to the platform and access to relevant class groups
To provide monitoring of key aspects of M365
Regionally specific
Google Classroom

 

  • Authentication ID
  • Groups
To enable access to the platform and access to relevant class groups
Regionally specific

 

Comms

Service provider
Data collected or processed
Purpose
Place of processing
  • User Information
Email/notification of safeguarding triggers
US/Ireland
Tawk.to

 

  • Contact information
  • Support information
To provide support and training.
US/Ireland
 
 

How we use cookies

We use cookies. Unless you adjust your browser settings to refuse them, we (and our sub-processors) will issue cookies when you interact with classroom.cloud. These may be session cookies, meaning they delete themselves when you leave classroom.cloud or ‘persistent’ cookies which do not delete themselves and help us to recognise you when you return so we can provide you with a tailored service.

How can I block cookies?

You can block cookies by activating a setting in your browser allowing you to refuse the setting of cookies. You can also delete cookies through your browser settings. If you use your browser to disable, reject, or block cookies (including essential cookies), certain parts of our platform will not function fully. In some cases, our platform may not be available at all. Please note that where sub-processors use cookies, it is also to enable the service to work correctly. We do not allow third-parties to set cookies.

 

Which specific cookies do we use?

 Service provider
 Key cookies
 Purpose
 NetSupport
 ARRAffinity 
 Identity and authentication
 
 ARRAffinitySameSite
 Identity and authentication
 
 .AspNetCore.Antiforgery.w5W7x28NAIs
 Identity and authentication
 
 idsrv
 Identity and authentication
 Google
 _ga
 Performance and tracking
 
 _gat
 Performance and tracking
 
 _gat_gtag_UA_188169_27
 Performance and tracking
 
 _gid
 Performance and tracking
 Tawk
 __tawkuuid
 Support
 
 ss
 Support
 
 tawkUUID
 Support
 
 TawkConnectionTime
 Support

Making this DPA great

Well done for getting through this Data Processing Agreement and reviewing everything in it! It is designed to help you best understand what we do, under your instructions. Where you have instructions outside of this agreement, then they will be treated as support or account requests, as long as they do not fundamentally change anything mentioned in this agreement.

N.B. This DPA was built based on an open-source design for Privacy Notices from https://juro.com & https://stefaniapassera.com/. Get these patterns free at github.com/juro-privacy. This DPA pattern is open source and reuse is permitted when using the attributions above. Specific content relating to the service itself may not be reused without the permission of NetSupport.

 

Publication date: 23rd July 2021
Version: 1.1

 

Pointing animation

classroom.cloud - it's as easy as ABC...

Get the most out of your classroom technology – be up, running and delivering tech-enhanced learning in no time with classroom.cloud!