Our aim at onmaths is to store as little information as possible, without limiting user-experience and site functionality.
With this aim in mind, this document sets out what information we require, and why, and how we have built this website around GDPR compliance.
All passwords are completely encrypted for every account. This means that we do not have any access to a users password, and can only reset them to a default. Users must change their passwords from the default to access their account to ensure security.
School Accounts Data
Schools/Establishments are able to view and remove students and teachers accounts, reset passwords and read data. This is essential to the function of the site, and we expect all schools/establishments working with us to share this with their users/students when they add them to our site.
We backup our data on a regular basis in case the main server is destroyed/damaged. This is done securely and is common with every major website on the internet.
Our website is built on wordpress, which we use for all the security functions within the site. The reason we do this is we have found this network to be very fast to react to any security concerns, and our website applies these updates very quickly. WordPress is used by about 25% of the internet, so we are very confident in it. Our back-end servers also have a lot of security within it, which are also very popular tried-and-tested applications.
We do, however, review our security on an ongoing-basis.
We never share personal data with anyone else. Only one person at onmaths can access user information.
All the data on the site is stored on a secure server within the UK.
The data is stored for a long period of time, unless a user requests its destruction. We do, on occasion, remove user information if they have not logged in for a while.
All users on the site must know what it is they are signing up for and have the right to opt out. We are working with facebook to ensure students who sign up on an individual basis are old enough to give consent, otherwise to use their parent's/ward's facebook account to ensure that they have the require permission. For school's accounts we require schools to make sure that they have the required consent from parents before setting accounts up. We recommend sending out a letter to parents/wards asking for permission to sign their children up for our site.
If anyone contacts us with any concerns with their data, we will always act.
There are four distinct types of users, and the policies will be laid out separately below.
School Users (Teachers)
As part of our security measures, we store a number of details about the main user within a school account. There is only one 'main user' per school/establishment and this is normally the user who set the account up. Details stored by us are as follows:
- Email address for main user (normally the user who set up the account)
- School name and URN (if available).
- Name for all users, so their accounts can be managed by the schools.
- Class names and which students are in each class
- Student marks information
The email address, school name and URN is part of our security measures to ensure that data is only shared with the school/establishment which should access it.
School Users (Students)
We have successfully managed to remove almost all identifiable information by students. The only information we hold, apart from scores on the online tasks, is their first name and surname. It would be impossible to run this site without the teacher being able to identify who got what mark. We do not, however, take any issue with schools/establishments giving each student an anonymous name-code, and using these.
We allow students to directly sign up with us. At the moment we require email addresses and names. These are not used or shared with anyone else can are only used to log students into the site.
We will be phasing this out very soon, in favour of facebook-only logins. The benefits of this is that we will not store any identify information about students at all.
Personal information is not stored for users who do not sign-up or log in.
What do we do with your information?
Your personal information is never shared with anyone outside of onmaths.
The main information we store is 'marks' on our tasks. The information is stored in a database holding all users' scores, but does not store anything aside a user id. This ensures that if a user decides to leave the site, that data becomes completely anonymous.
Controlling your data
If you wish to obtain, remove or update any information, most can be done whilst logged into the site. If there is anything that you cannot do on the site, please email us and we will ensure that we will help you, assuming you have the required access.
Minor changes to our policies may be made and updated on the relevant pages. For major updates, we will notify uses upon logging into the site.
We follow and are governed by the laws of England and Wales and subject to the exclusive jurisdiction of the court of England and Wales, and by using the site you agree to this.