We take your privacy very seriously and base our business model on working with data according to fundamental data protection principles. This statement contains important information about how we handle data, especially those of Sparkjar users, and what your rights are.
‘We/Us’ means Touch Fantastic at Werks Central, 15-17 Middle Street, Brighton, BN1 1AL;
‘Personal Data’ is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller;
‘Data Subject’ is an identified or identifiable individual whose data is being processed and might be used to identify him or her; in the case of Sparkjar, typically a student or teacher, also referred to as ‘You/Your’ in this statement;
‘School’ is an education provider providing Touch Fantastic with data to enable students and teachers to use Sparkjar;
‘Apple’ is Apple Inc., an American multinational technology company that designs, develops, and sells consumer electronics hardware and software;
‘Wonde’ is an English software development company providing schools with a platform and tools to share their data and make sure only trusted suppliers have access to it;
‘Third Party’ means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process personal data;
‘Process/Processing’ is any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Services’ are the professional knowledge and specialist product(s) Touch Fantastic provides to clients who engage with the firm
‘Consent’ of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
‘Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
The following is a broad description of the ways we Process Personal Data.
We only process Personal Data which has been collected by Schools on at least one of the legal bases listed in the General Data Protection Regulation. As part of our responsibilities, we never use the data for any other reason, and maintain its security at all times.
We have built our product and business with data protection as a priority.
Although you acknowledge the use of the internet is never entirely secure, and for this reason we or any other service provider cannot completely guarantee the security or integrity of any data that is transferred to or from users via the internet, we will take all reasonable technical and organisational measures possible to safeguard user data. For example:
As with any system, the least secure part of Sparkjar is the password chosen by users. For this reason we strongly recommend that users, particularly teachers who will be able to use Sparkjar to communicate with young people, use a unique password with a combination of letters, numbers and symbols without reference to personal information or common words.
We do not underestimate the seriousness of a potential Personal Data Breach. Touch Fantastic has a detailed response plan to be followed by all employees and contractors in such an event.
Sparkjar is a communication tool that, amongst other things, allows one-to-one communication between a teacher and a student. We hope it never happens, but we are conscious that in the event of a safeguarding investigation undertaken by a School, we would want to be able to supply historical messages to those investigating.
Our policy under ongoing usage by a School is therefore to archive, rather than delete, data. If and when a School were to choose to stop working with us, we would offer a copy of data held by us, and then securely delete all data on our servers. This deletion would take place as soon as is practicably possible, and certainly within 14 days.
By default, every class in a School is set up with an ‘entire class’ group chat and individual chats between each student and the teacher(s) of the class. Teachers are then free to create more group chats within a class, each group chat containing the teacher(s) of the class and students of the teacher’s choosing. Students cannot create group chats and there is no way for students to send messages to one another that are not visible to a teacher.
Furthermore, teachers have the ability to hide from students any offensive messages they discover in group chats. For repeat offenders, a teacher can temporarily or permanently remove the ability for particular students to use the chat facility in their class.
Right of confirmation: to ask the Controller whether or not Personal Data concerning you is being processed.
Right of access: to obtain from the Controller information about your Personal Data stored at any time, a copy of the information, whether it is transferred to a third country or an international organisation. If this is the case, you have the right to ask for the safeguards employed to protect it.
Right to rectification: to ask the Controller for rectify inaccurate Personal Data without undue delay.
Right to erasure (right to be forgotten): to ask the Controller to erase Personal Data without undue delay where it is no longer necessary for processing, you have objected to processing, there are no overriding legitimate interests, consent has been withdrawn, it has been unlawfully processed, has to be erased for compliance with a legal obligation in European Union or Member State law to which you are a subject.
Right of restriction of processing: to ask the Controller to restrict processing where a statutory reason applies.
Right of data portability: to receive Personal Data concerning you, which was provided to a controller in a structured commonly used and machine-readable format.
Right to object: to object to the processing of Personal Data concerning you on grounds relating to your particular situation at any time.
Automated individual decision-making, including profiling: to you have the right not to be subject to a decision based solely on automated processing, including profiling.
Right to withdraw consent: to withdraw consent to the processing of your Personal Data, where consent forms the basis for processing, at any time. You can contact the Controller or any other employee to withdraw consent.
Right to complain to the supervisory authority: to lodge a complaint with a supervisory authority that the Processing of Personal Data relating to you infringes the General Data Protection Regulation.
You may not transfer any of these rights under this Statement to any other person. We may transfer our rights and obligations under this Statement where we reasonable believe your rights won’t be affected.
If any court or competition authority finds that any provision of this Statement (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will be considered deleted to the extent required. The validity and enforceability of the other provisions of this Statement will not be affected.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that or any other right or remedy.
This Statement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Statement will be subject to the exclusive jurisdiction of the English and Welsh courts.
This Statement was updated on 16 April 2018. We may change it from time to time. You should check this page frequently to ensure you are aware of the most recent version that will apply each time you use Sparkjar.
We welcome your feedback and questions. You are welcome to send an email to firstname.lastname@example.org, call us on +44 1273 921233, or write to us at Werks Central, 15-17 Middle Street, Brighton, BN1 1AL. Our registered office is 21 Langham Road, Bowdon, Altrincham, WA14 2HX.