This policy underpins the promises and contracts we make with schools, teachers and students relating to the education data that Carousel processes.
Carousel is a secure, cloud-based platform that helps teachers to set quizzes drawing questions from across a curriculum, and gives students an easy-to-use way of taking those quizzes.
Privacy and security are at the heart of everything we do at Carousel, and our approach incorporates data protection by design and default. This statement explains the key measures we’ve put in place to ensure that school data is kept secure and processed appropriately at all times. It also covers our commitments to you, and what we expect from schools in terms of privacy and data protection.
We DO NOT:
We take every reasonable measure to ensure we store data securely. The Carousel platform is developed using secure technologies, which include, but are not limited to the following:
Carousel does not look ‘under the hood’ or inspect any of the data we store. The only exceptions to this are where a school has explicitly given us permission to inspect their data; for example, to provide technical support to correct a technical problem.
All our staff and subcontractors are required to agree that they will abide by a Security and Data Protection Policy at all times.
We retain personal data on our platform for as long as necessary to provide the Carousel service. If a user requests that we delete their data , we delete their data within 5 working days. We will also delete accounts and all associated data if a user account has been dormant for 24 months.
The Carousel platform and any Question Banks created by Carousel are the property of Carousel. Question Banks created by users will remain the user’s property. By giving a Question Bank the sharing status of GLOBAL, you are agreeing to grant us a global, perpetual, royalty free license to use, reuse, sub-license, modify, display and distribute the content in any format we choose.
Question Banks may be withdrawn from the Community by their creators any time, from which point they will cease to be available for users to add to their Dashboard. However, any Question Bank already added to their Dashboard by a user at the time of withdrawal by its creator will remain indefinitely available to that user, and all quizzes created using that Question Bank will continue to exist and be unaffected by its withdrawal from the Community.
We take all reasonable and necessary precautions to ensure that your data is secure and to recognise and then mitigate the risks to security and privacy. However, it is not possible to 100% guarantee the security of any data transmitted or stored electronically. In the event that a significant breach of security or privacy did occur, Carousel will contact the Data Controller of the affected data, and inform the Information Commissioner’s Office (ICO), and other authorities without undue delay and within 72 hours.
Carousel, as the Data Processor, only has access to Personal Data or Sensitive Personal Data provided or authorised to Us by users, who remain the Data Controller, and only for the purposes of performing services on a user’s behalf.
If you have questions about how a student's data is being used or how a user is making use of our service, please contact the user directly. Any student or parent/guardian enquiries we receive will be directed to the relevant school as the Data Controller for that student's data.
The categories of personal data we process and the purposes for doing so are as follows:
|Staff contact information|
The categories of personal data we may process if such data is provided by the Data Controller and the purposes for doing so are as follows:
|Student email addresses|
(including UPN and admission number)
We receive personal data in one of two ways:
If you have expressed interest in Carousel on the Carousel website or signed up as a Carousel customer, and have supplied your email address, we may occasionally send you an email to tell you about new features, ask for feedback or keep you up to date with our products. If you no longer wish to be included on these communications, then You can opt out using the links on those communications, or email firstname.lastname@example.org and we will remove you from the list.
Carousel Learning Ltd may share user and student data with our development partners, Aircury Ltd (a company registered in England and Wales with Company No. 10641335) and Aircury SL (a company registered in Spain with Company No. B19713437) for the development and improvement of the Platform and to process technical queries and solve technical problems that are raised with us. We do not share your data with any other third parties except where explicitly requested by you or required by law. We will never rent or sell Your data for marketing purposes.
We may collect users’ full IP addresses for essential security management (for example, the prevention of Distributed Denial of Service attacks) and essential user support (for example, browser session tracking in order to spot and fix errors). We may also use IP addresses to assist with security and recognising trusted user devices.
In some limited circumstances We may collect data through third party services. For example, we may use website analytics traffic providers to analyse metadata such as platform usage. Where We do this, We audit the service to ensure they have a similarly high level of commitment to security and privacy, and comply with all Data Protection Legislation. Carousel may also collect, analyse or make available non-personal and non-sensitive data (for example aggregated or non-identifiable data) to third parties for school improvement or research purposes. We do not use or analyse this aggregate data in any way that would make data identifiable at an individual or school level.
We retain data on Our platform for as long as necessary to provide Our services. If a User requests deletion of their Carousel account, we will delete their data within 5 working days. We reserve the right to retain anonymised data for the purposes of research and development. (Note: data may remain stored in our backup system for up to three months following deletion from the platform.)
We take all reasonable, necessary precautions to ensure that your data is secure and to recognise and then mitigate the risks to security and privacy. In the unlikely event that a significant data or security breach were to occur, Carousel will contact the Data Controller and comply with all statutory reporting duties.
If You are a registered user of the Carousel website, or have expressed interest in Carousel on the Carousel website and have supplied Your email address and not opted out of receiving email communications, we may occasionally send You an email to tell you about new features, ask for feedback or keep You up to date with our products. If You no longer wish to be included on these communications, then You can opt out using the links on those communications or email email@example.com and We will remove You from the list within 15 days.
If you have any questions or grievances in relation to security or privacy, please email us on firstname.lastname@example.org.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Carousel is brought to you by Carousel Learning Ltd, a private company limited by shares registered in England and Wales. Company No. 12805855. VAT Registration No. 378545157.
© Carousel Learning Ltd, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA. All Rights Reserved.