Bounce Together Ltd have standardised policies and procedures that ensure the data we are processing on behalf of our customers is protected. These policies are maintained by using our inherent knowledge of schools and decades of experience in the education, as well as our data protection compliance through our ICO registration.
Bounce Together have robust plans and policies that help us achieve our continual GDPR compliance. We:
GDPR requires Data Controllers (schools using Bounce Together) and Data Processors (suppliers such as Bounce Together) to ensure that processes and technologies meet specified requirements.
Personal Data is any type of data that can be used to directly or indirectly identify an individual. Some examples include a name, address, as well as IP address or user name.
A Data Controller is a person, company or other entity that determines the purpose and means of processing personal data.
A Data Processor is a person, company or other entity which processes personal data on the data controller's behalf
The data controller is the person or organisation who determines what data is extracted, what purpose it is used for and who is allowed to process the data. In this context, the school is the data controller.
Bounce Together Ltd is the data processor of the data made available in our software products purchased by the school. We are trusted with this personal data but do not control it.
The information from your school is held inside the BounceTogether platform, which is hosted within the United Kingdom. It never leaves the European Economic Area (EEA).
Every effort is made to ensure the data held by Bounce is secure and our reputable hosting provider (Microsoft Azure) apply a number of robust techniques to ensure the data is kept safe. Many techniques are used to ensure the data is kept safe and secure at the application level (such as industry standard encryption and firewalls) as well as a plethora of techniques that ensure the data is physically secured in their data centres. You can find out more about Microsoft's procedures in their technical documentation.
The right of access (commonly referred to as "subject access") gives an individual the right to obtain a copy of their personal data to help them understand how and why you are using their data. In a product provided by Bounce Together Ltd, we provide a means of authorised individuals to supply this directly. For any assistance concerning a Subject Access Request, please get in touch.
The Right to be Forgotten (also known as the "right to erasure") is a right given to an individual under the GDPR to have their personal data erased upon request. If you require assistance with a right to erasure request that concerns Bounce Together, please get in touch.
If we can assist you further with GDPR compliance surrounding a Bounce Together Ltd product, please contact the team so we can help.