Behaviour box recognises that privacy is important. This privacy policy applies to the data held within the behaviour box system and lets you know how any personal information is processed and used by us.
Our procedures covering the storage and disclosure of your information are designed to comply with the Data Protection Act 2018, the Applied General Data Protection Regulation 2018/EU679 (GDPR) and all other regulations applying to personal data use.
Behaviour box is committed to safeguarding the privacy of your information. By 'your information' we mean any information about you that you or third parties provide to us.
Under instruction from the data controller, we process:
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The list below explains the cookies we use and why.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
The behaviour box system processes data provided by Data Controllers to allow them to:
Behaviour box acts as a Data Processor and the school/academy transferring data to us acts as a Data Controller.
The Data Controller has a legal basis for processing your data. You should refer to the Privacy Policy of your school/academy for details.
We will not share, sell or distribute any of the information you provide to us without instruction from the Data Controller, except where disclosure is required by law.
Sub-processors:
Behaviour box will not sub-contract any processing to third parties without the written consent of the school/academy.
Cross-border transfers:
Behaviour box does not transfer data outside the European Economic Area (EEA) unless the data is being accessed by a behaviour box user outside the EEA.
If behaviour box becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions and provide notice before personal information is transferred and becomes subject to a different privacy policy.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures.
We restrict access to personal information to behaviour box employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
If a school ends their behaviour box subscription, data held within the live system and any backups will be deleted within 4 weeks of cancellation. Student data is deleted immediately following the first synchronisation between behaviour box and the school's Management Informaiton System (MIS) after its deletion on the school's MIS, unless instructed otherwise by the Data Controller. Behaviour data is deleted annually after one full academic year has passed during the school summer holidays; this means behaviour data recorded in September 2020-July 2021 would be deleted during August 2022 and therefore persists on the behaviour box system for a maxiumum of 23 months.
The General Data Protection Regulation (GDPR) outlines several rights. More information about these rights, including the conditions under which they apply, can be found here.
You have the right to:
You should address such requests to your school/academy which acts as the Data Controller.
None of the data within the behaviour box system is subject to the right for data portability.
Behaviour box regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or behaviour box's treatment of personal information by contacting us via email: contact@behaviourbox.co.uk
Please note that this privacy policy may change from time to time. We will not reduce your rights under this privacy policy without your explicit consent, and we expect most such changes will be minor. Regardless, we will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes).
Last modified: 22 May 2020