We are committed to protecting the data of our customers and of individuals. Bounce Together Ltd have taken several steps, including organisational and technical measures to ensure the data we are processing on behalf of our customers is secured at all costs and doesn't fall into the wrong hands. This page summarises our ongoing commitment to GDPR and data protection.
It was a positive step forward when GDPR was introduced on the 25th May 2018. It requires Data Controllers and Data Processors, by law, to ensure that processes and technologies meet specified requirements and gives organisations and individuals transparency around the use of their own data. There are 3 key terms used frequently within our policy documentation and this page.
Personal Data is any type of data that can be used to directly or indirectly identify an individual. Some examples include a name, address, as well as IP address or user name.
A Data Controller is a person, company or other entity that determines the purpose and means of processing personal data. They determine what data is extracted, the purpose it is used for and who is allowed to process the data. In the case of BounceTogether, the school is the data controller.
A Data Processor is a person, company or other entity which processes personal data on the data controller's behalf. Bounce Together Ltd is the data processor of the data made available in our software products purchased by the school. We are trusted with this personal data but do not control what happens with it.
The right of access (commonly referred to as "subject access") gives an individual the right to obtain a copy of their personal data to help them understand how and why you are using their data. In the product provided by Bounce Together Ltd, we provide a means of authorised individuals to supply this directly. For any assistance concerning a Subject Access Request, please get in touch.
The Right to be Forgotten (also known as the "right to erasure") is a right given to an individual under the GDPR to have their personal data erased upon request. If you require assistance with a right to erasure request that concerns Bounce Together, please contact us.
We appreciate that our customers take their own due diligence concerning the review of software that they use. We aim to support our customers with these reviews and make our information/documentation as available and as readable as possible.
BounceTogether collects personal data to provide a school with what it requires in order to be able to run unlimited digital surveys across school. We only collect the minimum data that's necessary allowing us to fulfil the contract and deliver the solution to the school. The data collected is used to provide the customer with:
Provisioning user accounts on the platform
Reporting on year, class and demographics
User identification
Identification and set up
The entire set of fields is disclosed to you as part of the set up process/data sharing and you have granular access in controlling who is provisioned on BounceTogether (i.e. down to pupil level through a consent process). See more information in our data-sharing agreement.
Bounce Together Ltd is the data processor of the data made available in our software products purchased by the school. We are trusted with the data but do not control it. The school is the data controller.
We require a small set of data enabling us to set up BounceTogether for you to use. You are able to see the full set of data/fields that we require when you share your data. We use GroupCall Xporter On-demand to faciitate this data sharing, which gives you full visibility on the data that is shared and enables you to revoke access at any time.
We only retain personal data on behalf of the school for the duration of their contract with us. In most cases the contract term is 12 months. In the event the contract ends, all personal data is deleted.
The data is securely stored in Microsoft’s Azure data centres (UK – South and West).
Our lawful basis for processing is granted to Bounce Together through a consent/data sharing process, which enables us to deliver the service/platform to you as detailed in the contract/terms of use.