Contact

Office Address: UK Office:
Newcastle Enterprise Centres,
6 Charlotte Square, Newcastle upon Tyne NE1 4XF

Contact: Call +44 191 338 7830 or info@gcsepod.com

Who we are

Our website address is: https://www.gcsepod.com

Privacy and Cookie notice

Click here to view our Privacy and Cookie Notice.

 

GDPR

Your data is safe with us. We process your data in accordance with the new General Data Protection Regulation (GDPR).
Additionally, we are a CyberEssentials certified provider.

Full details on how we process data can be found in our data sharing agreement (see downloads section), but here are some details about how we process data on your behalf:

 

  • We are registered with the ICO: Z1442893
  • All data is held within the EU (see 5.3.1 of the data sharing agreements)
  • You retain full control over what bits of data we can access
  • All data in transit is encrypted using SSL/TLS
  • Data at rest is encrypted with AES
  • All data is processed fairly for the purpose of running GCSEPod
  • The data we take is minimised, so we only take the data we need to run GCSEPod (see Schedule 2 of the data sharing agreements)
  • All personal data is returned or destroyed (your choice) at the end of your license – if we receive no instructions, we destroy it as standard after 6 months (see 5.3.7 of the data sharing agreements)

Downloads

 

FAQS

 

What’s GDPR?

GDPR is the ‘General Data Protection Regulation’ – a regulation created by the EU that will be passed into UK law separately. It’s very complicated, but in basic terms, it is a strengthening of individuals’ rights in terms of what can be done by whom to their personal data.

Do I have to do anything about it?
If you’re a parent, you don’t really need to worry about what you do. If you’re a school or an institution that holds personal data in any form, absolutely. You need to take steps to ensure the data you hold on people is secure and reasonable, and that the person in question is aware of what data you have on them for what purpose. You also need to ensure that any organisations you use to process (that is to say, interact with in any way) that data is up to scratch. Like us!

When’s it happening?
Technically, it’s already happening. Legally, it’s enforceable from the 25th May – many organisations are working right now to ensure they’re up to scratch before then, however.

So, what are you allowed and not allowed to do in principle?
Any personal data an organisation has is regulated – if you’re going to have the data, you need their explicit consent for it, and you need to tell them exactly what’s going to happen to it. You cannot do anything outside of what you said you were going to do – it’s all about consent.

So if a school wants to use GCSEPod, GCSEPod needs to ask every student for consent?
No. We don’t control the data, we process it on your behalf. If you use GCSEPod, it is your responsibility to gather the consent of any data you pass to us for processing. We’ll ask if you’ve gathered that consent, and only process the data if you confirm you have. Individuals must have the right to opt out.

Is there a document that lays out what you do with data in full?
Yes! It’s called a Data Sharing Agreement or a DSA, and you get one as part of the setup process. This FAQ is intended only as a primer before you read the more in depth version.

How and where is our data stored and what security used to ensure its safety
Dublin, Ireland. GDPR requires we keep it within the EU. Here’s some of our general security measures:

  1. access to administrative functions is restricted to authorised individuals in the office and operatives in specific remote locations through the firewall
  2. database access restricted to internal servers only with a proxy for remote management
  3. web traffic is transferred over HTTPS
  4. passwords are stored using one-way encryption
  5. Servers are kept up to date with the latest security fixes

How long is personal data kept?
At the end of your subscription, we can destroy or return the data at any time of your choosing. As standard, we anonymise data of all personal information after 3 months. This is to allow for any ongoing renewal discussions – we don’t want to delete data that’s going to be used again very soon!

How is the data destroyed when no longer needed?
All personal data is anonymised so that it’s completely impossible to tie an individual to any remaining data (like number of Pods watched). This renders it inert for GDPR’s purposes.

How do schools access the relevant data sharing agreements
Your data integration service (Wonde/XoD) displays the data sharing agreement during the setup process.

What data do we take (wonde and XOD)
We only take the data required for GCSEPod to run, mostly centred around identifying who is permitted to use which account. The full list of data we take is displayed on the data sharing agreement, which also outlines what we do with it.

What is your ICO registration number?
Z1442893