Parent Pay Data Processing Agreement

Violation Notification In the event of a data breach, Schoolcomms will follow the direction of the Office of the Information Commissioner. The RGPD defines consent as “any specific, explicit and unequivocal indication of the wishes of the person concerned with whom it means, by a clear statement or positive measure, consent to the processing of personal data concerning him.” There are 12 high requirements for processing cardholder data and maintaining a secure network. Spread over six broader objectives, all are necessary for a company to be compliant. We will be aware of our reasons for demanding the data and how we will use it. There are contractual, legal and regulatory opportunities where there is no need for consent. We have appropriate technical and organizational measures in place to protect the privacy, integrity and availability of your personal data during storage, processing and transfer. As the Academy Trust, lutterworth Academy Trust (the “Trust”) is an authority that has an obligation to have a privacy policy that explains how we collect, manage and use data on students, staff, parents, facilitators and other third parties. In the event of a data breach, we must follow a separate policy and procedure in order to take immediate action to remedy the situation as quickly as possible. This is a person or organization that uses, collects, accesses or changes the data that the processing manager is authorized to collect or collect. With a global increase in cybersecurity threats and increased data leakage and system compromises within knowledge organizations, we are proud to offer internal security functions that are usually found only in large companies and large disciplines.

Processing managers should collect only the minimum amount of data needed for a given task or reason. We only manage the data with the consent of the (school) processing manager. We use and update data processing security measures and introduce privacy requirements to our employees. We will help fulfill the rights of those involved. “Treatment is necessary for the legitimate interests of the person in charge of the treatment.” The protection of data and respect for the rights of the individuals concerned are the objective of this policy and related procedures. Under the Data Protection Act, processing managers (i.e. schools) must prove compliance, which means that they must assess compliance with all their service providers. All database records are deleted 1 month after a customer`s contract is terminated. You can complain if you asked us to delete, correct and not process data, and we did not accept your request.

All staff, contractors and third parties who control the lockable areas must exercise the necessary diligence to prevent data breaches. Questions about the data we hold in the school do not transfer data to countries outside the EEA. The cloud providers we work with are only treated in the EEA or expressly comply with the regulations. Please share your data protection concerns dataprotection@parentpay.com The General Data Protection Regulations (GDPR) and the Data Protection Act 2018 govern our data collection, use and storage. There is the right to complain if you feel that the data was transmitted without consent or legal authority. As an Academy Trust, we will receive the consent of staff, volunteers, youth, parents and facilitators to collect and process their data. Some of our support services may use cloud platforms operated by third countries outside the EEA (z.B ZenDesk and SendGrid). In this case, we will ensure that adequate security measures are taken to protect your data. For more information, please see www.parentpay.com We explain this in the prot notices