WWW.TEACHERSSTANDARDS.COM GDPR Policy
Outset Teacher Education provides a web-based portfolio service www.teachersstandards.com. This system collects personal data. The functionality of this system is determined by Outset Teacher Education; however, the purposes for which the data is used are determined by the clients of Outset Teacher Education. Outset Teacher Education does not collect data on its own behalf; it collects data on behalf of its clients.
The nature of the business between Outset Teacher Education and its clients means that there is not a straightforward Data Controller/Data Processor relationship. The overall functionality of www.teachersstandards.com means that Outset Teacher Education has determined the overall nature of the data that is put into the system, making it the Data Controller. However, the teacher training providers who are its clients do not process that data on behalf of Outset Teacher Education; rather they process the data on their own behalf. They also determine the precise nature of the data that is collected on the system (e.g. Evidence Types). This means that they also act as Data Controller for the data.
The nature of the relationship between Outset Teacher Education and its clients, therefore is one between Joint Controllers, as determined by Article 26 of the GDPR (https://gdpr-info.eu/art-26-gdpr/). Both parties have responsibility for control of the data. This document sets out the various responsibilities for both parties.
Outset Teacher Education's responsibilities as Data Controller
- Outset Teacher Education determines the overall nature of the data to be collected on its website www.teachersstandards.com. It is responsible for maintaining the integrity of the site and ensuring the data is secure and private under the terms of the GDPR. The site is hosted on the Microsoft Azure cloud-based platform. The data centre is in southern England.
- Outset Teacher Education collects and shares data with the teacher training providers which are its clients. Data subjects give consent for their data to be shared with the teacher training provider they nominate when they register on the website www.teachersstandards.com.
- Outset Teacher Education will not share personal data with any third party other than the teacher training provider nominated by those registering on the site, unless it gains the permission of the data subject.
- Outset Teacher Education does not process the personal data of its data subjects on its own behalf.
- Outset Teacher Education is not responsible for decisions taken by the Client over whom the personal data of the data subject is shared with or the purposes for which the data is used.
- Personal data will be stored on this website for a maximum period of 3 years following registration. The Data subject may request to have all data removed at any time.
- The Data Controller for Outset Teacher Education is Neil Brading, email firstname.lastname@example.org, telephone 07904 284436. The address is as registered with Companies House: Company number 09670807. Complaints over compliance with the GDPR may be raised at any time.
The Client's responsibilities as Data Controller
- The Client determines the purposes for which the data on www.teachersstandards.com is used. The Client will make these purposes clear to the Data subject.
- The Client determines with whom the data collected on www.teachersstandards.com will be shared. The Client makes clear to the Data subject through its own GDPR and privacy policies the circumstances under which personal data may be shared.
- The Client may use www.teachersstandards.com to process the personal data of its data subjects.
- The Client is responsible for nominating any data processors it uses.
- Where data held on www.teachersstandards.com is used to inform individual decision making, the Client will be mindful with regard to its responsibilities under Article 22 of the GDPR (https://gdpr-info.eu/art-22-gdpr/).
- The Client is responsible for its decisions concerning with whom the personal data of the data subject is shared. The Client undertakes to ensure the security and privacy of the data for which it is responsible.
- The Client is not responsible for any loss or breach of data due to any technical failure of the website www.teachersstandards.com.
The Data Subject
- The Data subject consents to their data being made available to the Client (the teacher training provider they nominate). This is made clear in the Terms and Conditions when registering on www.teachersstandards.com.
- The Data subject enters into a separate agreement with the Client over whom their data may be shared with (e.g. mentors, verifiers etc.) and the purposes for which their data may be used.
- The Data subject undertakes to ensure the security and privacy of her/his data (e.g. ensuring the password is not shared or known to others).
Breach or loss of data
- In the event of any breach or loss of data or alleged breach or loss of data, the first step is to try to ascertain whether the data breach has been the responsibility of Outset Teacher Education, the Client or the Data subject.
- Outset Teacher Education takes its responsibilities for data security very seriously and will report to the Client and the Data subject the outcomes of its investigations into any data breach or loss of data or alleged data breach or loss of data.
- In accordance with Article 77 of the GDPR, Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.