Product Privacy Policy

 

Smoothwall Filter

Smoothwall Monitor

Safeguard Record Manager 

 

Smoothwall Filter 

1. About Smoothwall Filter 

Smoothwall is a Digital Safety organisation (company number 04298247) with a registered office at Avalon House 1 Savannah Way, Leeds Valley Park, Leeds, England, LS10 1AB.

Smoothwall Filter is used alone or in conjunction with the On-Premise Filter to extend functionality.

In providing the Smoothwall Filter, Smoothwall acts in the capacity of a data processor. The organisation using Smoothwall Filter is the data controller of any personal data introduced to or stored in the system.

Smoothwall is committed to protecting and respecting privacy and complying with the principles of the GDPR and is registered with the Information Commissioner’s Office (www.ico.org.uk) under registration number Z6048580.

2. What are we doing?

Data is encrypted and securely transferred from the on-premise filter device, or from the cloud filter client to the Smoothwall Filter service. The information transferred to the Smoothwall Filter service comprises:

  • Timestamp
  • URL
  • IP
  • Username / email address & user group
  • Content category
  • Filtering result: Page blocked or allowed

3. Why are we doing this?

The data transferred to the Cloud Service Reporting Service is used to produce detailed reports on browsing activity and compliance with any applicable acceptable usage policies and regulatory controls applicable to the users of the protected devices.

4. Information that we share

We share this data with Smoothwall Limited (this is the company which provides our monitoring software) and Smoothwall Inc. so that these companies can provide support to us when required. We will also share this data with third parties as required by law.

5. Retention of your information

We will keep your personal information for the contracted period, or until you ask us to delete it by setting a retention period. You can set your required data retention for log data. On the expiry of the contract, your data will be securely deleted within 28 days.

6. Where your information will be held

Your data will be held on hosting services located entirely within the UK.

7. Your rights

You have the following rights in connection to your information subject to the law: the right to access, correct, delete, limit, transfer and object to what we do with your information. You also have a right to complain to a supervisory authority.

Please contact dpo@smoothwall.com if you want to exercise these rights.

 

Smoothwall Monitor 

1. Contact details

Your personal information is collected by [insert name of school] (“we”/”us”/”our”). You should speak to [the Head Teacher ] if you have any questions on the below.

2. What are we doing?

We collect information to monitor your online activities and ensure your online safety. If we see that you are could be at risk (e.g. of bullying, self-harm, etc.) we screenshot the internet pages you have open and send these to [insert role of the individual notified (e.g. Head of IT)] along with a notification and a decision will be made how to respond. Information collected includes:

  • Information provided / generated when you use our IT system including: your keystrokes (what you type), and your school IT log-on details.
  • Special categories of personal data including: in monitoring your online activities we may be able to infer information, or you may provide information on your health, sex life, religion, disabilities, etc.

3. Why are we doing this?

We will use the information collected from you because: (1) we have a legal obligation to keep children safe online; (2) we have a legitimate interest in safeguarding children at school and ensuring staff only visit appropriate websites. We use the special information collected about you because we have a legal obligation to keep you safe online and an interest in preventing unlawful acts or where this is necessary to protect your vital interests.

4. Information that we share

We share this data with Smoothwall Limited (this is the company which provides our monitoring software) and Smoothwall Inc. so that these companies can provide support to us when required. We also share the data with Crisp Thinking who assist Smoothwall in providing our monitoring services. We will also share this data with third parties as required by law.

5. Retention of your information

We will keep your personal information for up to 15 months.

6. Where your information will be held

Your information will be primarily held in the UK, and may be accessed by Smoothwall Inc. in the USA. When we transfer data to the USA we ensure that your data is adequately protected (e.g. by ensuring that there is an appropriate contract in place or that the party to which we are sending data to meets a specified privacy standard). Let us know if you have any questions on this. We will also share this data with third parties as required by law.

7. Your rights

You have the following rights in connection to your information subject to the law: the right to access, correct, delete, limit, transfer and object to what we do with your information. You also have a right to complain to a supervisory authority.

Please contact us on the details above if you want to exercise these rights.

 

Safeguard Record Manager  

1. About Safeguard Record Manager 

Smoothwall is a Digital Safety organisation (company number 04298247) with a registered office at Avalon House 1 Savannah Way, Leeds Valley Park, Leeds, England, LS10 1AB. Safeguard Record Manager (Safeguard) is an on-line database system used by education institutions for managing information relating to the safeguarding of their students. In providing the Safeguard software as a service (Saas), Smoothwall acts in the capacity of a data processor. The organisation using Safeguard is the data controller of any personal data introduced to or stored in the system.

Smoothwall is committed to protecting and respecting privacy and complying with the principles of the GDPR and is registered with the Information Commissioner’s Office (www.ico.org.uk) under registration number Z6048580.

2. Data Protection Officer

If you have any questions about this Notice or if you require more information, please contact our Data Protection Officer: dpo@smoothwall.com.

3. Personal data processed by Safeguard

Safeguard is used to manage safeguarding information about vulnerable people. This is generally the accepted data processing purposes recognised by the data controller.

Safeguard is designed to store the following types of information:

  • Name, address, phone number, email address
  • Profile-based information such as eligibility for free school meals
  • IP address, MAC address, cookie IDs
  • Internet browsing activity where such browsing raises safeguarding concerns
  • Device type, browser, location
  • Data concerning health
  • Data revealing religious or philosophical beliefs, political opinions, or sexual orientation
  • Notes of professional advisors relating to the data subject
  • Information and personal details about other people such as next of kin.

The data controller will create or authorise the creation of user accounts for its employees or staff who will enter a variety of information including personal data into Safeguard. The data controller may also authorise Smoothwall to automatically collect information in Safeguard from its internet monitoring products such as those set up on individual school sites.

The data controller is responsible for ensuring that it has a lawful basis for processing personal data and for providing sufficient information as necessary for the subsequent processing by it and by Smoothwall to be fairly and transparently undertaken. The lawful bases for such processing might include compliance with the substantial public interest conditions set out in the Data Protection Act 2018 (Schedule 1 Part 2 Section 18) or legal obligations under the Children’s Act 1989.

The Controller determines the retention and deletion of data during the lifetime of the contract. On cessation of the contract, all data will be securely deleted within three months of the contract termination or, as soon as the Controller confirms that a copy has been successfully retrieved and the data is no longer required.

4. Smoothwall as a Data Processor

Smoothwall will enter into a data processor agreement with the controller in accordance with Article 28 of the GDPR which will detail Smoothwall’s specific obligations. Smoothwall will only process personal data stored in the Safeguard system in accordance with the written instructions received from the data controller unless required to do so by law to which it is subject in which case Smoothwall will inform the data controller of that legal obligation prior to processing.

Smoothwall are a UK-based company and all processing of personal data by Smoothwall takes place in the UK. If your company is based in a country outside of the EEA which is subject to an adequacy decision it will be your responsibility to ensure your compliance with local data protection laws, as Smoothwall ensures its own compliance with UK data protection laws.

5. Sub-processing

Smoothwall will comply with Article 28 of the GDPR in relation to selecting, commissioning, and decommissioning sub-processors such as database hosting services. Smoothwall will maintain a list of sub-processors which shall be made available to the data controller from time to time or as required.

6. Access control

Smoothwall personnel will only be able to access personal data stored in Safeguard if there is a business reason for them to do so, such as providing technical support to data controllers.

7. Cross border processing

Smoothwall will not transfer any of the personal data stored in Safeguard outside of the United Kingdom.

8. Data security

Smoothwall will implement sufficient organisational and technical controls so as to ensure that personal data in Safeguard is processed confidentially and maintains its integrity. Smoothwall shall ensure that the Safeguard service is available as set out in the Service Level Agreement it has with the data controller.

9. Personal data breaches

Smoothwall will notify the relevant data controller of any personal data breaches it becomes aware of in accordance with the data processor agreement between the parties.


10. Information rights requests

Smoothwall will notify the relevant controller of any requests it receives from data subjects to exercise their rights (such as subject access request or erasure request) and will act only on the instructions of the relevant controller to support information rights requests.

11. ROPAs

In accordance with Article 30(2) of the GDPR, Smoothwall will maintain records of processing activities carried out on behalf of the data controller.

12. Document owner and approval

The Data Protection Officer owns this document and is responsible for ensuring that it is reviewed on a regular basis.

13. Addendum

Sub-Processors: Smoothwall does not engage any sub-processors in respect of the Safeguard platform and / or Safeguard data stored by the customer on the Safeguard platform.

Geographic Storage: The Safeguard platform and data are hosted entirely within the UK by OVHCloud.

 

 

 

Site URL: https://www.smoothwall.com/education | Locale is :

Get Support Button