MathsMap Limited

 

Privacy Notice

 

This privacy policy, updated on 24th May 2018, describes:

 

  • MathsMap Limited’s compliance with the General Data Protection Regulation (GDPR). We are committed to ensuring that your privacy is protected. Should we ask you when using this website to provide certain information by which you can be identified, you can be assured that it will be used only in accordance with this privacy notice.

 

  • MathsMap Limited’s compliance with the Privacy and Electronic Communications Regulations (PECR). This section explains how we set cookies, and what the cookies do and why. We give you the ability to consent to the use of these cookies. Your settings for this can be viewed and changed in the Cookie Control panel when it appears the first time you load a webpage, or by clicking the 'cog settings’ button in the bottom left hand corner.

 

Our compliance with GDPR

 

GDPR provides you with the following rights:

 

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

The full sets of legislation governing data protection and GDPR can be found here:

 

 

which is superseded by:

 

 

The lawful basis for our processing of your personal data is to fulfil our contract to you as a MathsMap user, or in regard to our legal obligations to pay tax and to be financially transparent.

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/

 

We do not obtain personal data from any other source.

 

Data Protection Officer

 

There are certain circumstances when an organisation must have a Data Protection Officer (DPO):

 

Under the GDPR, you must appoint a DPO if:

  • you are a public authority (except for courts acting in their judicial capacity);
  • your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
  • your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/

 

MathsMap Limited does not fall into any of these categories so we are not required to have a DPO and we have chosen not to appoint one on a voluntary basis.

 

Contracts

 

GDPR states that when a controller users a processor there must be a written contract in place.  Procurement Policy Note 02/18, published by the Crown Commercial Service, contains a more detailed explanation of what is required in section 12 here:

 

https://www.gov.uk/government/publications/procurement-policy-note-0218-changes-to-data-protection-legislation-general-data-protection-regulation

 

"A Processor will not be responsible for making the key decisions about the personal data and will only be processing the data under the direct, or implied, instructions of the Controller."

 

We do not have any direct written contract with any controller and it is not feasible in practice to create them because of the small amount of personal data which we collect and the very limited nature of the processing which we conduct.  We rely on an implied contract as described above, i.e. that when you place an online order for a licence, and we accept the order and provide the licence, we are both agreeing to comply with the Terms and Conditions on the website and the commitments in this Privacy Notice. This constitutes the contract.

 

The right to be informed - what personal data do we collect, and why?

 

The personal data which we collect are collected at two separate times:

 

  • when you buy a licence to log in to the MathsMap website for one year;

 

and:

 

  • when you give login details to other users in your school.

 

Collecting personal data for the main user and invoice payer

 

During the online purchasing process the website asks for two email addresses. One is used to send the login details to the main user of the website and the other is used to email an invoice to the person responsible for paying it. Against each of these email addresses we also record a name and a set of postal address details. Against the invoice payer we also record a telephone number. You are free to decide if the main user and the invoice payer are the same person, or different.

At any time the main user can log in and change any of his/her personal data, or for the invoice payer, by going to My Account.

The name and postal address details associated with the invoice payer’s email address are included in the invoice which is emailed to the given address.

When the main user logs in for the first time the website forces a password change. The new password is not checked for its strength but when it is saved it is encrypted. The main user can request a reset of the encrypted password by entering the given email address into the ‘Forgotten password?’ link screen on the home page. If this happens then the first login with the reset password forces a change and the new password is encrypted.

 

Collecting personal data for the MathsMap sublogins

 

In the My Account page (see above) you will find the other part of MathsMap that collects personal data. This is ‘View user login details’. Here you will see all the other logins that you have bought with your licence – so, for example, if you have bought a 5+1 licence then the main user is the ‘+1’ and the details of the other 5 logins are here. These are called sublogins.  

 

When a sublogin is used for the first time the user is forced to change the password and the new password is encrypted. The user also has to give an email address so that he/she can use the ‘Forgotten password?’ link in the future. Once the password has been changed the main user can no longer see it in ‘View user login details’, but he/she can see the sublogin’s email address to allow the sublogin’s user to be reminded what it is.

 

The personal data collected are used for the following purposes:

 

  • To email an original username and password to the main user to allow access to the website.
  • To email an invoice to the invoice payer.
  • To email reminders to the invoice payer, or to telephone the invoice payer, if payment has not been received on time.
  • To enable the main user or any sublogin user to request a password reset using the associated email address.
  • To email a renewal invoice automatically to the invoice payer if the main user has chosen automatic renewal during the purchase process, or later via My Account (see here).
  • To email up to three reminders to the main user during the month before account expiry if the main user has chosen not to renew automatically.
  • To email a renewal invoice to the invoice payer if the main user has not chosen to be renewed automatically but chooses to renew manually.
  • Rarely, to email the main user or write to the main user’s postal address with important news about the MathsMap licence.

 

We do not use any of the personal data for marketing purposes and we do not share it with any other parties except where we are required to do so by law, for example:

 

  • with our firm of chartered accountants Firth Parish for VAT returns, year end reporting purposes and compliance with taxation legislation.  We consider Firth Parish to be a third party processor (see below).
  • with Her Majesty’s Revenue and Customs (HMRC) in association with financial records enquiries.

 

The retention period for the personal data

 

All of the personal data described above is held in the MathsMap database while your account is active.

If your account is set to be renewed manually and it expires you can do this at any time up to 6 months after expiry. After this we automatically delete all of your personal data from the online database. Under this arrangement you will lose the ability to renew the licence in a simple fashion by logging in as the main user and clicking the prompt to renew – you would have to start again by buying a fresh licence.

 

An electronic copy of all the financial records associated with your account, with all the personal data deleted, will be held securely offline for at least 7 years in accordance with the advice given by the Chartered Institute of Taxation in section 13.3.4 here:

 

http://www.tax.org.uk/sites/default/files/PRPG%20-%20March%202011.pdf


The right to access

 

At any time you can email us, write to us or contact us by telephone to request a copy of all your personal data which we hold. If the request is verbal we record your contact details, the date and time of the request and the summary of the nature of the request.

 

Email address: contact@mathsmap.co.uk

 

Business address: MathsMap Limited, Peel House Gate, Stocks Lane, Luddenden, Halifax, West Yorkshire, HX2 6SP

 

Mobile: 07500 804895

 

We will respond within one month.

 

The right to rectification

 

Please note that you have online access to be able to rectify any errors in the personal data which you have supplied while using the MathsMap website. This does not alter your right to rectification described below. Please note that GDPR allows the recipient of a request for rectification to refuse it or to charge a fee as follows:

 

You can refuse to comply with a request for rectification if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.
If you consider that a request is manifestly unfounded or excessive you can:

  • request a "reasonable fee" to deal with the request; or

  • refuse to deal with the request.

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/

 

At any time you can email us, write to us or contact us by telephone to request rectification of any item of personal data which we hold which is inaccurate. If the request is verbal we record your contact details, the date and time of the request and the summary of the nature of the request.

 

Email address: contact@mathsmap.co.uk

 

Business address: MathsMap Limited, Peel House Gate, Stocks Lane, Luddenden, Halifax, West Yorkshire, HX2 6SP

 

Mobile: 07500 804895

 

We will respond within one month.

 

The right to erasure

 

This is also known as the right to be forgotten. Please note that GDPR allows the recipient of a request for erasure to refuse it or to charge a fee as follows:

 

You can refuse to comply with a request for erasure if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.
If you consider that a request is manifestly unfounded or excessive you can:

  • request a "reasonable fee" to deal with the request; or

  • refuse to deal with the request.

 

Please also note that this is not an absolute right and there are other circumstances in which we can refuse to comply with such a request. Examples of these can be found here:

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

 

For example, if we required access to the processing of your data in pursuit of a legal claim we could refuse to comply.

 

At any time you can email us, write to us or contact us by telephone to request erasure of any item of personal data which we hold. If the request is verbal we record your contact details, the date and time of the request and the summary of the nature of the request. If your account is active your access to MathsMap will cease from the moment of erasure. Please note that if your account has expired all of your online data will be deleted 6 months after expiry (see ‘The retention period for the personal data’ above).


Email address: contact@mathsmap.co.uk

 

Business address: MathsMap Limited, Peel House Gate, Stocks Lane, Luddenden, Halifax, West Yorkshire, HX2 6SP

 

Mobile: 07500 804895

 

We will respond within one month.

 

The right to restrict processing

 

Please note that GDPR allows the recipient of a request to restrict processing to refuse it or to charge a fee as follows:

 

You can refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.
If you consider that a request is manifestly unfounded or excessive you can:

  • request a "reasonable fee" to deal with the request; or

  • refuse to deal with the request.

 

Please also note that this is not an absolute right and there are other circumstances in which we can refuse to comply with such a request. Examples of these can be found here:

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/

 

For example, if we required access to the processing of your data in pursuit of a legal claim we could refuse to comply.

 

At any time you can email us, write to us or contact us by telephone to request the restriction of processing of any item of personal data which we hold. If the request is verbal we record your contact details, the date and time of the request and the summary of the nature of the request. If your account is active the restriction of processing might prevent access, depending on which item of data is being restricted. 

 

Email address: contact@mathsmap.co.uk

 

Business address: MathsMap Limited, Peel House Gate, Stocks Lane, Luddenden, Halifax, West Yorkshire, HX2 6SP

 

Mobile: 07500 804895

 

We will respond within one month.

 

The right to data portability

 

At any time you can email us, write to us or contact us by telephone to request us to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. We would do this by providing the data in a .csv (comma separated variable) file. If the request is verbal we record your contact details, the date and time of the request and the summary of the nature of the request.

 

Email address: contact@mathsmap.co.uk

 

Business address: MathsMap Limited, Peel House Gate, Stocks Lane, Luddenden, Halifax, West Yorkshire, HX2 6SP

 

Mobile: 07500 804895

 

We will respond as soon as possible and definitely within one month.  Please note that the file that you would receive would contain the personal data identifying the main user and the invoice payer as described above, and all the email addresses for the sublogins.  We find it hard to understand why you would want this - it is in the GDPR to enable you to do things like transfer your bank account easily.  But we will do it if you want us to!

 

The right to object

 

In certain circumstances you can object to the processing of personal data. MathsMap Limited does not fall into any of the categories under which you would have the right to object:

 

The GDPR is clear that you must inform individuals of their right to object at the latest at the time of your first communication with them where:

  • you process personal data for direct marketing purposes, or

  • your lawful basis for processing is:

    • public task (for the performance of a task carried out in the public interest),
    • public task (for the exercise of official authority vested in you), or
    • legitimate interests.

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/

 

We do not engage in direct marketing and our lawful basis for the processing of your data is the fulfilment of a contractual obligation.

 

Rights related to automated decision making including profiling

 

MathsMap Limited does not carry out any automated decision making or profiling using any of your data.

 

Transfer of data outside the EEA

 

The MathsMap website is hosted by M247 whose data servers are located in Romania, a member of the EEA.

 

The right to complain

 

You have the right to complain to the Information Commissioner's Office:

 

https://ico.org.uk/concerns/handling/

 

but we would be grateful if you could raise any concerns with us first using our contact details:

 

Email address: contact@mathsmap.co.uk

 

Business address: MathsMap Limited, Peel House Gate, Stocks Lane, Luddenden, Halifax, West Yorkshire, HX2 6SP

  

Mobile: 07500 804895

 

Our compliance with PECR

 

This section describes our usage of cookies. The details of PECR can be seen here:

 

https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

 

A cookie is a small text file stored by your web browser on your computer (or laptop, phone, etc.) when you use our website. Cookies are used to provide customised content, access to the full functionality of the website and information on the use of the website.

 

Site visitation tracking

 

Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. We have enabled Googles 'anonymise' function so we cannot identify from your IP address. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see below).

 

Placing an order

 

We request information from you during the ordering process. To purchase a MathsMap licence, you must provide contact information such as your name, email and telephone number. We will use this information if we need to contact you about your order. You will also need to provide details of the school to be licensed and If you choose to pay online, your payment will be processed by our third-party payment provider (PayPal), and the information you supply to them is used to make the transaction. We never have access to your financial information (such as credit card details).

 

Contact forms and email links

 

Should you choose to contact us using a contact form, or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors mentioned. Instead the data will be collated into an email and sent to us.

 

Cookies

 

This website uses a number of cookies, some of which are essential for the site to work and for us to provide a service to you. These are cookies set by the server (ASPSESSIONID) and the website when you order (MMAP). PayPal may also set a cookie called PYPF. This cookie is linked to the checkout process if you decide to use the PayPal option.

 

This website also uses Google Analytics and details of the cookies set can be found on Google’s developer guides. These are not enabled unless you accept them via the Cookie Control settings. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website, but may mean that other areas of the website have reduced functionality. The cookies that GA sets may include _ga, _gid, _gat, __utma, __utmb, __utmc, __utmt and __utmz.

 

Should you wish to restrict or block cookies which are set by our website you can do this through your browser settings. More information on cookies, including how to block them on a wide variety of browsers can be found at All About Cookies. Please be aware that restricting cookies may impact on the functionality of this website.

 

Server logs

 

As with most other web servers, when you access these web pages certain information may automatically be recorded. This could include your IP address, browser type, and information relating to the page you last visited. This information may be used in the event of a breach of security to aid detection.

 

How we store your personal information

 

If you purchase a MathsMap licence some personal information will be stored within this website’s database to enable us to fulfil your order and continue providing access to the MathsMap website. An email address is also required for any sub-logins your account has. The main account holder can login to the account using the My Account link to view the account information and edit details. If you wish your data to be removed at any time (or if you would like a copy of the information we hold), please email MathsMap giving your name, address and the main account email. Please note, we will do our best to comply with any removal request, but some information may need to be retained for legal or accounting reasons. We will remove as much personal data as we can.

 

About this website’s server

 

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

 

Our third party data processors

 

We use a number of third parties to process personal data on our behalf.

  • Google (Privacy policy)
  • PayPal (Privacy policy). PayPal is a well-known and well-respected payment service provider. This arrangement with PayPal does not require you to have a PayPal account; while your transaction is being securely processed it is known as a PayPal Guest transaction. The fees charged by PayPal are paid by MathsMap Limited
  • M247 (Privacy policy). The MathsMap website is hosted by M247 Limited in Romania, a member of the EEA.
  • Firth Parish Chartered Accountants (Privacy policy).

 

Data Breaches

 

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

 

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

 

Latest on MathsMap

GDPR and PECR compliance

 

We have updated our privacy policy to reflect the requirement to comply with the new General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).  You can view the new policy here.