This policy underpins the promises and contracts we make with schools, teachers and students relating to the education data that Carousel processes.
Carousel is a secure, cloud-based platform that helps teachers to set quizzes drawing questions from across a curriculum, and gives students an easy-to-use way of taking those quizzes.
Privacy and security are at the heart of everything we do at Carousel, and our approach incorporates data protection by design and default. This statement explains the key measures we’ve put in place to ensure that school data is kept secure and processed appropriately at all times. It also covers our commitments to you, and what we expect from schools in terms of privacy and data protection.
We DO NOT:
We take every reasonable measure to ensure we store data securely. The Carousel platform is developed using secure technologies, which include, but are not limited to the following:
Carousel does not look ‘under the hood’ or inspect any of the data we store. The only exceptions to this are where a school has explicitly given us permission to inspect their data; for example, to provide technical support to correct a technical problem.
All our staff and subcontractors are required to agree that they will abide by a Security and Data Protection Policy at all times.
We retain personal data on our platform for as long as necessary to provide the Carousel service. If a school ceases to use Carousel, we delete their data within 5 working days. We will also delete all personal and sensitive data relating to former students automatically on their 25th birthday, regardless of whether a school has asked us to do so.
By default Schools and MATs retain ownership of all question banks they create and share using our platform. In some situations, we also give you the option of sharing your question banks with other schools, and/or allowing them to be combined with other question banks. All users creating question banks on the site are responsible for ensuring that they have the necessary rights and permissions to use and share the questions they contain.
Question bank owners may withdraw their banks from the Platform at any time, in which case they will cease to be available for users to create new quizzes from that point onwards. However, any quizzes that had already been created from a question bank by a user at the point of removal will remain available to that user indefinitely. Similarly, if a question bank owner wishes to change the status of a question bank from “global” to “private”, that change will apply from that point on but not retrospectively. In other words, any legitimate use of that question bank according to the terms of this policy prior to the status change will remain valid.
We take all reasonable and necessary precautions to ensure that your data is secure and to recognise and then mitigate the risks to security and privacy. However, it is not possible to 100% guarantee the security of any data transmitted or stored electronically. In the event that a significant breach of security or privacy did occur, Carousel will contact the Data Controller of the affected data, and inform the Information Commissioner’s Office (ICO), and other authorities without undue delay and within 72 hours.
Carousel, as the Data Processor, only has access to Personal Data or Sensitive Personal Data as requested by the school, as Data Controller, and only for the purposes of performing services on a school’s behalf.
Your child’s school remains the Data Controller of any pupil data we process. If you have questions about your or your child’s data or how your school is making use of our service, please contact the school directly. Any pupil or parent/guardian enquiries we receive will be directed to the relevant school as the Data Controller for that child’s or parent’s/guardian’s data.
The categories of personal data we process and the purposes for doing so are as follows:
|Staff contact information|
If you have expressed interest in Carousel on the Carousel website or signed up as a Carousel customer, and have supplied your email address, we may occasionally send you an email to tell you about new features, ask for feedback or keep you up to date with our products. If you no longer wish to be included on these communications, then You can opt out using the links on those communications, or email firstname.lastname@example.org and we will remove you from the list.
We cannot be responsible for the privacy policies and practices of other sites even if you access them using links on our website. We recommend that you check the policy of each site you visit and contact the owner or operator if you have any questions or concerns.
If you have any questions or grievances in relation to security or privacy, please email us on email@example.com.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.