Privacy Policies and GDPR Information

We ensure you that data security remains important to us

Overview

Weduc, part of Accrosoft, is committed to delivering quality products and services to the education sector.

Weduc complies with data protection laws, including GDPR compliance, and takes its responsibilities in relation to client data, seriously.
Weduc provides self-service tools and services for education establishments to communicate and engage with their staff, pupils and parents/carers.

The subscribing educational establishment acts as the Data Controller for the information within Weduc.
Weduc acts as the Data Processor.

Weduc’s lawful basis for processing personal data is to fulfil the contract with the subscribing educational establishment.

All personal information processed within Weduc is provided either by the education establishment or via the data subjects within the system. It mirrors the data held within the subscribing educational establishment’s School Management Information System, along with any other data added by data subjects including, but not limited to, text comments, digital images, multimedia videos and other digital files.

Weduc does not sell or use the personal data for any purpose other than to carry out its contractual obligations with the subscribing education establishment.

All Weduc employees undergo GDPR training so that they are aware and confident in their responsibilities in relation to personal data.
Any employees that have access to children’s data undergo enhanced DBS checks.

Weduc currently hold the UK Government’s recommended Cyber Essentials certification and are an authorised supplier under the UK Government G Cloud Framework, which denotes that Weduc has been approved by the UK Government as meeting all required standards, including those for data protection and security.

For further detail and information on GDPR legislation, please visit the UK Information Commissioner’s Office website www.ico.org.uk

 

What personal data does Weduc process?

We only obtain and process information on a need-to basis in order to carry out our contract with subscribing schools/educational establishments. For these reasons, information we process can vary from one establishment to another, depending on what data the subscribing establishment chooses to share with us and the tools they want to use within the Weduc platform.

The personal data that we process is based on pupil, staff and parent/carer information for a school. This usually includes, but is not limited to: contact information such as name, address, phone number, email address, gender, date of birth (pupils only); parent/carer links (pupil’s only), parental responsibility (parents/carers only); attendance and behaviour data (pupils only).

Further details on all the data we can process on behalf of a subscribing establishment and why we process it is available on request from: support@weduc.co.uk

 

Sharing information with third parties

Weduc uses some trusted 3rd party systems in order to host and fulfil some of the functionality requirements within Weduc.

All of Weduc’s suppliers are subject to appropriate safeguards, operating in accordance with our instructions and in compliance with Data Protection Law. They do not use personal data provided by Weduc for any other purposes other than fulfilling their contract with Weduc.

These service providers include:

  • Hosting providers – To host the Weduc platform and associated back-up services (personal data is stored within the UK and Governed by UK Law).
  • SMS Service Providers – To enable schools/establishments to send out SMS notifications to users from the Weduc platform.
  • Email providers – To enable schools/establishments to send external email notifications to users from the Weduc platform.
  • Security providers – To protect our systems from attack and monitor product availability, durability, scalability and security.
  • Support Desk Portal providers- to enable schools/establishments to ask for support, access support materials and receive communications in relation to any support tickets raised.
  • Payment Processors – to enable users to seamlessly make card payments within the Weduc platform that are securely processed. Weduc do not see, or store card payment details.
  • Parents evening booking providers – to enable parent users to seamlessly sign on to such a system.

Further details on the third parties we share data with and why is available on request from: support@weduc.co.uk

Subscribing establishments can also integrate, if desired, other 3rd party providers’ systems into their Weduc platform such as Google Mail, Microsoft Office 365, One Drive, or an alternative school payments or parents evening booking system. Weduc does not pass personal data to these third parties in these cases. Any data shared is controlled by the data subject.

 

Subscribing Establishments and Data Subject’s Rights Under Data Protection Law

Right to Access

Under Data Protection Laws, data subjects have the right to access personal information that Weduc processes.
Users within Weduc can access their data directly within Weduc itself. However, should this not be possible then a data subject can raise a Subject Access Request.

To ensure that Weduc can validate the source of the request the request must be submitted by the subscribing establishment’s data controller using one of the following methods:

  1. A written letter using official school headed paper addressed to: The Data Controller, Weduc, 21 Jubilee Drive, Loughborough, LE11 5XS
  2. An email sent from the Data Controller’s official school email account to support@weduc.co.uk

Validating the source of such a request is particularly important as Weduc do not want to unwittingly disclose personal information to the wrong person. Such an example could be a student that has a grievance against a particular staff member and may try to surreptitiously obtain data within a SARS report for malicious intent.

Right to Rectification

Data subjects have the right to request that information is corrected if it is inaccurate.

Personal Data within Weduc is provided by the Data Controller within the subscribing educational establishment. Any requests for data changes by the data subject should therefore be made via their educational establishment.

Right to be Forgotten

Data subjects have the right to request that their information be removed from Weduc.

Data retention needs vary greatly between different schools, trusts, and local authority regions.

Weduc therefore provides tools within its system to enable individual subscribing schools/ educational establishments to control their users’ data and how long this data is retained for within their Weduc entity.

Responsibility therefore lies with the subscribing school/educational establishment in terms of managing data for users that have left the establishment or no longer require access to Weduc.
Depending on the circumstances, Weduc and the subscribing education establishment may, or may not be obliged to action this request.

Where agreed, removal of data will only be carried out by Weduc if requested in writing from the Data Controller of the subscribing establishment.

Weduc implements a strict Data Retention policy and only retains user’s information for as long as necessary and in line with the contract entered into with the subscribing educational establishment.

Further details on Weduc’s Data Retention policy is available on request from: support@weduc.co.uk

Right to Object

Data subjects have the right to object to the data processing of their information.
All such requests should be made to the Data Controller at the data subject’s educational establishment.

Depending on the circumstances, Weduc and the subscribing educational establishment may, or may not, be obliged to action this request.

Right to Data Portability

On termination of their subscription subscribing education establishments have the right to receive personal data from the Weduc system in a structured, commonly used machine readable format.

To ensure that Weduc can validate the source of such a request the request must be submitted by the subscribing establishment’s data controller using one of the following methods:

    1. A written letter using official school headed paper addressed to: The Data Controller, Weduc, 21 Jubilee Drive, Loughborough, LE11 5XS
    2. An email sent from the Data Controller’s official school email account to support@weduc.co.uk

Right to Lodge a Complaint with a Supervisory Authority

If a subscribing establishment or a data subject thinks that Weduc has infringed their privacy rights then a complaint can be lodged with the relevant supervisory authority.

A complaint can be lodged in the country where you live, your place of work or place where you believe Weduc infringed your rights.

A subscribing establishment or a data subject can exercise their rights by sending an email to support@weduc.co.uk

Data Protection Officer Details

The designated Data Protection Officer for Weduc is:

Jon Brookes

Any correspondence in relation to data protection should be emailed to support@weduc.co.uk and addressed for the attention of Jon Brookes.

ICO Registration Details

Weduc is registered with the Information Commissioners Office.

Details for this are:

Organisation nameWeduc UK Limited
Registration referenceZA137152

Read Our Cookie Policy

If you would like to view a copy of our Cookie Policy, please click the link below.

Read Our Privacy Policy

If you would like to view a copy of our Privacy Policy, please click the link below.

Need to know more?

 

For more information about GDPR compliance, please fill out the form below and we will get back to you ASAP:

11 + 10 =