DPOCOMS is committed to protecting the privacy and security of personal data.
The General Data Protection Regulation (GDPR) 2018 and Data Protection Act 2018 (DPA) sets out the law relating to data protection and the way we process your data is all carried out in accordance with that law.
This privacy notice relates to the data we collect/process when you visit our website and sign up for DPOCOMS.
Where we do collect personal data through our website, we make this clear and this privacy notice explains what we intend to do with that data.
DPOCOMS (Data Protection Officer’s Compliance and Online Management System), is a web-based software solution designed to assist schools and multi-academy trusts with data protection compliance.
DPOCOMS is owned by The DP Advice Service Ltd a limited company incorporated in England and Wales under company registration number 11203202, whose registered office address is The Elsie Whiteley Innovation Centre, Hopwood Lane, Halifax, United Kingdom, HX1 5ER.
The DP Advice Service is the controller for the personal information we process, unless otherwise stated. This means that we are responsible for deciding how we hold and use the personal information we collect about you.
You can contact us at info@thedpadviceservice.co.uk.
It is the role of the Data Protection Officer to monitor internal compliance with data protection legislation and inform and advise The DP Advice Service Ltd of its data protection obligations.
If you have any questions about the information in this privacy notice or how we collect and process your personal data, please contact our Data Protection Officer.
Our Data Protection Officer is Debbie Pettiford, Director and founder of The DP Advice Service Ltd. You can contact the DPO at dp@thedpadviceservice.co.uk.
When you visit our website www.dpocoms.co.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.
The information collected in this way includes:
We do this to find out such things as the number of visitors to the various parts of the site and to make improvements to our service to ensure we are providing the best visitor experience.
This information is only processed in a way that does not directly identify anyone.
The information collected is classed as personal data as Google assigns a unique identifier to each visitor. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
We have measures to protect the information collected, which include limiting the amount of data that is collected, setting a retention schedule for the data collected, restricting access to our Google Analytics data and regularly reviewing our use of analytics.
We keep analytics data for 14 months from the visitor's last visit.
Cookies are small text files that are placed on your computer by the websites that you visit.
We do not use cookies on our website; we use browser sessions. Browser sessions don’t contain personal information, they are always considered necessary for the website functionality. Unlike traditional cookies, they are deleted on the browser-side instantly or, approximately within 20 minutes after the last requested page from the website has been closed.
We use Google Analytics, which does use its own cookies. Further information about these cookies can be found here - https://support.google.com/analytics/answer/11397207.
If you wish to opt out of all Google Analytics tracking then you can do so, here: https://tools.google.com/dlpage/gaoptout.
We use a server-based firewall called ModSecurity, by Apache Foundation, to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as we would expect. The service will block traffic that is not using the site as expected.
We host our website in a London data-centre, operated by Rackspace Ltd and managed by QWeb Ltd. Traffic information is retained for 7 days.
When you register for a DPOCOMS licence we will ask you for the following information:
Other information we will collect via DPCOMS is:
This information is collected to create and assign staff users to your account.
We may also collect the following information if you provide this to us:
If you have signed up for the software++ package, then you may provide more personal information and special category data to seek advice and assistance with the requests that you log. You will remain the data controller of this information, we will be the data processor. This personal data will be covered by The DP Advice Service Privacy Notice which can be found here.
We collect all personal information directly from you when you provide the information to set up, manage and use your DPOCOMS account.
We will always make it clear when we are asking you to provide personal information.
The purpose for collecting the analytical data and using cookies is to maintain and monitor the performance of our website and to constantly look to improve the site and the services we offer to our users.
The purpose for collecting the personal data is:
The lawful basis we rely on to process your personal data to:
Article 6(1)(a) UK GDPR – which states that we will process your personal data with your consent.
If we process your personal data on the lawful basis of consent, you have the right to amend that consent and change your preferences at any time.
Article 6(1)(b) - which states that we will process your personal data as you have entered into a contract with us or taken steps to enter into a contract with us and processing the data is necessary for us to fulfil that contract.
Article 6(1)(f) UK GDPR – which allows us to process personal data when it is necessary for our legitimate interests. For example, to maintain the integrity of our website, IT systems and the continuity of our business and to create and maintain your account.
We will only share the personal information that you use to create your account with third parties who help us to offer the software to you. This includes:
We will ensure that the appropriate data protection and security measures are in place with these third parties before any data is shared.
We will not share the information you provide when logging a request for advice or assistance.
We will not share any personal information relating to children or parents with any third parties.
The information we store is all obfuscated in a way that means the website code can decipher it back to plain text, but a human can’t easily do the same. Passwords are encrypted.
The dashboard ticket tools have built in redaction, once a ticket is closed any data that is redacted is retained for 30 days on backups before it will be permanently deleted. When an account is deleted, we have 30 days before the backups containing information about the account are also deleted.
When you register for a DPOCOMS licence, the information is retained for the duration of the time that you hold that licence plus 12 months.
If you allow your licence to expire and wish to reinstate this at any time within the 12 months, we will be able to restore any data that was previously held under your old licence, except any redacted data (which would have been deleted after 30 days).
If you wish to reinstate the licence after the account has been dormant for 12 months, any pre-existing data will no longer be available.
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we will contact you via the email address provided to set up the initial licence.
Please contact us if the member of staff who set up your DPOCOMS licence leaves employment with you so that we can transfer the account.
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law and ensure that the organisation outside the EEA is compliant with the GDPR.
We do not currently transfer personal data to a country outside the EEA and don’t propose to in the future but will liaise directly with any individuals if this becomes necessary.
Your right of access:
Individuals have a right to make a ‘subject access request’ to gain access to personal information that The DP Advice Service Ltd holds about them.
If you make a subject access request, and if we do hold information about you, we will:
Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.
Your other rights:
If you would like to make a request, please contact our Data Protection Officer (see details above in the ‘Our DPO’ section).
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with our DPO in the first instance.
Alternatively, you can make a complaint to the Information Commissioner’s Office: