Our procedures covering the storage and disclosure of your information are designed to comply with the Data Protection Act 2018, the Applied General Data Protection Regulation 2018/EU679 (GDPR) and all other regulations applying to personal data use.
Behaviour box is committed to safeguarding the privacy of your information. By 'your information' we mean any information about you that you or third parties provide to us.
Under instruction from the data controller, we process:
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The list below explains the cookies we use and why.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
The behaviour box system processes data provided by Data Controllers to allow them to:
Behaviour box acts as a Data Processor and the school/academy transferring data to us acts as a Data Controller.
We will not share, sell or distribute any of the information you provide to us without instruction from the Data Controller, except where disclosure is required by law.
Behaviour box will not sub-contract any processing to third parties without the written consent of the school/academy.
Behaviour box does not transfer data outside the European Economic Area (EEA) unless the data is being accessed by a behaviour box user outside the EEA.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures.
We restrict access to personal information to behaviour box employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
If a school ends their behaviour box subscription, data held within the live system and any backups will be deleted within 4 weeks of cancellation. Student data is deleted immediately following the first synchronisation between behaviour box and the school's Management Informaiton System (MIS) after its deletion on the school's MIS, unless instructed otherwise by the Data Controller. Behaviour data is deleted annually after one full academic year has passed during the school summer holidays; this means behaviour data recorded in September 2020-July 2021 would be deleted during August 2022 and therefore persists on the behaviour box system for a maxiumum of 47 months.
The General Data Protection Regulation (GDPR) outlines several rights. More information about these rights, including the conditions under which they apply, can be found here.
You have the right to:
You should address such requests to your school/academy which acts as the Data Controller.
None of the data within the behaviour box system is subject to the right for data portability.
Last modified: 22 May 2020