The Foundation Stage Forum Ltd is registered with the UK Information Commissioners Office, reference Z1783069.
Schools and nurseries pay The Foundation Stage Forum to provide them with a service that allows them to create online learning journals for children under their care and to share them with their staff and, if the school or nursery wishes, the children’s parents and relatives.
For each school or nursery, we store:
· The name and address of the school or nursery
· The name, email address and telephone number of the person at the school or nursery who pays for our service.
We store this information in order to administer and charge for our service.
The school or nursery may then store some or all of the following data on our service:
· The names and email addresses of their staff
· The names, dates of birth and addresses of their children
· The names and email addresses of the parents and relatives of their children
· The contents of a learning journal:
o assessments of children’s performance
o notes, photographs and videos of the children
The school or nursery stores this information in order to record, analyse and, if they wish, share the progress of their children. The school or nursery has the freedom to choose which of the above data they store, and are able to delete it at will. The school or nursery choose who has access to the data.
In providing the service, we will send automated emails to staff and parents in order to confirm email addresses, reset passwords and notify them of events relating to the school or nursery (such as when a new observation is added about a child). We never send any marketing information, though we do send staff a newsletter about Tapestry.
We ONLY access the data stored by the school or nursery about staff, children or relatives when we have to in order to maintain the service to the school or nursery or to fix faults.
We collect the following information from visitors to our sites:
· IP addresses
· Information about their web browser and computer
· What pages people look at (e.g., the list of observations), but not the content of those pages (i.e., we could not tell directly from the data whether the list of observations contained information about a particular child, though given time and access to the data above it would be possible to figure that out)
We use this information to monitor the security of our service, to help us figure out how to improve the service (e.g., what browsers should we support? how much capacity should we add?) and to improve the way we market the service (e.g., what search terms were used to discover our site).
We collect the following information from users of our phone and tablet applications:
· The make and model of the device
· The version of the operating system
· Details of any crashes that occur in the application
· What screens people look at in the application (e.g., the list of observations), but not the content of those screens (i.e., we could not tell directly from the data whether the list of observations contained information about a particular child, though given time and access to the data above it would be possible to figure that out)
We use this information to to help us figure out how to improve the service (e.g., what causes crashes? which crashes need fixing most urgently?)
We collect the following information about people who contact us by email or through our support ticket system:
· The person’s email address and the contents of the email
We use this information to respond to questions or problems raised by our users.
When people pay for our services, we pass them to a Payment Service Provider (PSP), currently SagePay who will collect the appropriate credit card and address verification details. We do not hold any of that information ourselves.
The school or nursery own the data they place in our service. We do not. Formally, in ICO terms, the school or nursery are the “Data Controller” and we are the “Data Processor”.
We do not share data, except as explicitly requested by the school or nursery.
If they wished, the school or nursery might give staff, parents or relatives access to data. They might download or print some or all of the data and share it with their staff, parents or the government. They might transfer some of the data to a different nursery that uses Tapestry.
We, the Foundation Stage Forum Ltd, ONLY access the data stored by the school or nursery in order to carry out the school or nursery’s instructions, to maintain the service to the school or nursery, or to fix faults.
Most of the data is entered by the staff at the nursery or school directly into our website or through our phone and tablet applications. The nursery may, if they wish, permit parents and relatives of children to add data to the service.
We store cookies on users’ computers in order to verify that the user is logged in and to store their preferences. The cookies themselves do not contain any identifiable information about the user or about what they are looking at.
Payment information is given directly to a Payment Service Provider (PSP), currently SagePay. We do not hold any financial information ourselves.
Yes. The school or nursery can correct or delete the data they store about their staff, children or parents.
The school or nursery can correct the information we store about them through their Foundation Stage Forum account. They can also contact us and we will correct or delete it on their behalf.
The process of deletion is gradual: initially deleted data is moved to a ‘deleted’ area in case it was deleted in error. After a delay, it is then permanently deleted from our main systems. After a further delay, it is then permanently deleted from our backups.
The school or nursery that uses our service has overall responsibility for complying with the Data Protection Agency requirements (or the equivalent in other countries).
When they take out a Tapestry
subscription, they agree to our terms and conditions, which are available from
within the Tapestry control panel at any time.
It is important that the school or nursery have taken care to:
· Think about what information it is appropriate to share with whom, given their situation and that of the children under their care.
· Ensure they have permission from parents or carers for the data they store about them and the way that they use that data.
· Train their staff about sensible security and confidentiality precautions:
o Taking care of passwords
o Taking care not to install software on computers that may compromise security.
o Taking care not to access material from inappropriate places where it can’t be kept appropriately confidential.
o Prevent access to Tapestry for parents whose children have been made inactive or have been deleted, unless they have other children at your setting.
· Give parents instructions for keeping the data protected, eg by insisting no photos are uploaded to social media sites without the written permission of the parents whose children are depicted in photos, videos or text.