Thank you for your comments. We do appreciate and understand the concerns raised here, as you say, there may be some "dodgy operators out there". We obviously would like to state that we are not one of them!
We only use this information for the purpose of providing Orbit Services. We do not share this information with any third-party except unless we are required to do so for the purpose of complying with the law. Specifically, this information is not used for marketing, promotion, advertising, or any other revenue generating purpose."
With regard to the removal/destroying of information, through general use of the software, users/EYFS Practitioners with administration rights within their provider can access and delete information stored with us.
Thanks for taking the time to engage with us. I spent some time reading the T&Cs on your website last week and further to the comments above, I'm more reassured, but still not at a point where I could recommend going ahead.
Firstly, I'd need to know where you host your data and statements that you process data in line with EU law when you process it abroad - the ToS specifically mentions a worldwide licence to use and host the data.
Thirdly, while you have said above that users would be free to delete data whenever they choose, the ToS states that your licence to use our data would continue if we stop using your services. This doesn't seem compatible with allowing us to remove our data.
On the up side, your terms are commendably clear and concise and the product looks great. I'm not trying to be negative - if I didn't think you were concerned or thought that the product wasn't a good idea, I wouldn't bother taking the time to think about it. As schools we have legal responsibility to protect the data we hold and process about our pupils and take it seriously.
In the meantime, in response to your queries:
Our servers are located (and therefore our data is hosted) within the EU and we do process all data in line with EU law. The Terms and Conditions specifically mention a worldwide licence because we do have many registered users from countries outside the EU.
Regarding the use of data after users have stopped using the service: Our software allows the sharing (given the required permissions) of a child's data between their EYFS providers and parents, and in the future hopefully their Key Stage 1 and Key Stage 2 (and so on) education providers. As the data is related to the child and is important to the child we would hope that providers (even if they themselves have chosen to stop using Orbit) would not object to the data remaining associated with the child and therefore their parents and other education providers. That is the reason why this is included in the Terms and Conditions.
We hope that you do trial our software (it is free to register and start using), and as with all our users, we would be happy to hear your comments about it should you do so.
One of the things that I liked about your ToS was that they were concise and in straightforward language, so I feel slightly reluctant to ask for more information to be added. However, I think I'd need the extra level of detail to cover off my responsibilities.
The concept of sharing the data with the parents / carers and other education providers seems like a really good idea and arguably the data belongs to the child. I'm just trying to work out how we'd deal with permissions. I think we'd need to set up an agreement with parents. We'd also need to work out who had the rights to delete data. We wouldn't want to keep the data once the child had left, but the parents might want to. Anyone else have any thoughts?
as this is for Early Years then the children will be under 13 so the data belongs to their legal guardian / parent.
That's what I was assuming, but my query is how to deal with it. Presumably the same holds true for any / all pupil data that we collect or hold on our systems, but with all of the systems we currently use, we destroy the data when the child leaves our school - there's no process in operation to offer it to the parent or carer.
We'd like a system like this to record EYFS progress and had only really considered it for internal use. However the reply from Orbit suggests that the parents could continue to access the data after the pupil leaves our setting, which sounds like a "good" thing to do - an extension of the original plans to provide online reporting to parents. I haven't worked out how to deal with our obligation not to hold personal data for longer than needed for our business purposes and the fact that the data is not actually being held by us and the parent may also be using it. I think it might be something along the lines of "now that your child is leaving our school, we won't hold their personal data anymore. If you wish to continue to have access to the records held on the Orbit system, please let us know. Otherwise we will permanently delete it". I just hadn't thought through this scenario before.
Do we have an obligation to delete it, or is it not ours to delete in the first place?
I have seen with other folk in the market where the data is collected and processed by the data controller (a school), with the services provider being the data processor insomuch as their system performs that tasks at the request of the data controller. The data owner (the parent) is then included in the agreement and the services provider will also complete tasks for them ... which also makes the Data Owner into a separate Data Controller, but using the same data.
At the end of the agreement the school is removed as a data controller and that role is handed solely to the parent (who has already taken on the role). It is not between the parent and the services provider as to what happens with the data.
The school does need an end-of-agreement document which clearly shows that the sole relationship is between the parent and services provider and that they no longer have any role to play. The fact that the parent agrees to a separate agreement to start with helps.
It can be a tad murky and to some extent you are not requesting it be deleted but ensuring that you no longer have access to it and that the only people who do have access are the data owner / controller and the services provider. If this agreement cannot be put in place then yes, you have to insist that the data is deleted. Also you must make sure that if there is any data that the parents don't have the right to access (is data related to the teachers which the parents do not need such as dob, etc) then you have to ensure that this is deleted.
It gets a little murky and so you need to go through the data classes and data sets used and mark off which as just for the school, just for the parent or actually for both ... whilst the child is in the school / nursery. You also need to check your information and record management retention schedule to find out how long you have agreed to retain data ... remembering that this can also be in hard copy (ie print off reports and then get the online stuff wiped!)