Privacy Policy

We need to store information about current subscribers in order to fulfil our contractual requirements to you and grant you access to restricted content on the Website.

If you are a subscriber (including a subscriber on a trial basis), your personal information (such as your name, email address and other contact details) will be used to enable us to verify that you are a subscriber and to deliver any restricted content on the Website to you.

We also request personal information from you when you contact us with subscription management queries, technical problems, to comment on the Website, or when you ask for information about how to use the products and/or services made available on the Website. Personal information submitted by you via the contact us page will not be added to our customer databases and we request it simply so that we can respond to you about your query. Statistics regarding the types of queries submitted to us via the contact us page may be collated by us in aggregate form so that we can effectively monitor the Website and improve levels of service.


1 - What kind of information do we collect?

To the extent of what we are allowed under relevant law, we collect different kinds of personal data about you and any individual whose details you provide to us.

● Identity Data includes first name and last name - additionally if opting for Wonde Integration: email address (optional), UPI, and DOB (optional).
● Contact Data includes billing address, delivery address, email address and telephone numbers.
● Financial Data includes bank account details and details about payments from you.
● Technical Data includes IP address, login data, browser type/version, time zone setting/location, operating system and other technology on the devices you use to access the website.
● Profile Data includes your username, initial password (as soon as you modify your password, it gets encrypted) and orders made by your institution.
● Usage Data includes information about how you use our website.

The above types of data from/about you is collected via different methods when you:
● Subscribe to our service (including free trials);
● Place an order (website order form, fax, post, phone or email);
● Complete online forms;
● Contact us by phone, fax, email or post.

We may also, when necessary, add to the personal data we already have with information we obtain from third parties that are allowed to share that information (i.e. Department for Education). We will only collect what is allowed by relevant laws.

If you intend to give us personal information about someone else, you are responsible for ensuring that you follow any responsibilities and consent responsibilities under relevant data protections laws. As required by relevant data protection laws, you must ensure that you have their clear agreement to do so and that you explain to them how we collect, use, share and keep their personal information or tell them to read our Privacy Notice.


2 - How do we use your information?

Most commonly we will use your personal data in the following circumstances:

where we need to perform the contract we are about to enter into or have entered into with you, including account creation, saving tests and mark entry, product renewal notices, administration of accounts, payment validations, including taking and processing payments, statistical analysis and support.

Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.

Here are all the ways in which we intend to use your personal data:

3 - Use of cookies

Our website uses cookies. A cookie is a small file of letters and numbers that we put on your computer. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Our cookies
We use only browser-session cookies on our website.
The names of the cookies that we use on our website, and the purposes for which they are used, are set out below:
(a) we use connect.sid to validate authenticated users sessions, to track users as they navigate the website and to administer the website.
(b) we use _csrf to prevent fraud and improve the security of the website.
Analytics cookies
We use Google Analytics to analyse the use of our website.
Our analytics service provider generates statistical and other information about website use by means of cookies.
The analytics cookies used by our website have the following names: [_ga, _gat, __utma, __utmc and __utmz].
The information generated relating to our website is used to create reports about the use of our website. Our analytics service provider's privacy policy is available at:
http://www.google.com/policies/privacy/.

4 - How secure is your data?

We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

We will do our best to protect your personal information but we cannot guarantee the security of your information which is added to our website via an internet or similar connection.

If we have given you (or you have chosen) a password to access certain areas of our website, please keep this password safe – we will not share this password with anyone and we will never ask you to share your password under any circumstances.

We also expect our customers to adopt good security practices, such as ensuring that your computers are adequately protected from malware and potential misuse, and that login credentials and passwords are not shared.

If you believe your account has been compromised, please contact us at support@mathswatch.com


5 - Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We employ policies regarding the retention of your data in order to:

● Meet business continuity requirements to recover services and customer data in the event of business disruption;
● Retain customer and pupil data for the purposes of subscription renewal and statistical analysis;
● Retain personal information for ongoing subscriptions;
● Retain personal information related to your school orders for no longer than 3 years for lapsed or cancelled subscriptions;
● Retain personal information related to your pupils’ personal data uploaded to our products by your account administrator for no longer than 6 weeks for lapsed or cancelled subscriptions;
● Retain anonymised statistical information for no more than 5 years.

When a school terminates their subscription with us we will, unless requested otherwise, retain the data for a further 6 weeks past their ‘renewal’ date in order that any subsequent re-subscription will allow the customer to access their historical data. Past this period of 6 weeks, all the school’s associated data will be permanently deleted from our servers.


6 - Your information and your rights

We are registered with the information commissioner’s office, Registration Number: ZA318998

You have the right to:

● ask us to show you the personal data that we hold about you.
● ask us to correct any inaccuracies in any of the data we hold about you. If we hold any information about you which is incorrect or if there are any changes to your details, please let us know so that we can keep our records accurate and up to date though we may have to verify the accuracy of the new data you provide to us.

● ask us to erase any personal data that we hold about you where there is no good reason for us continuing to process it.
● request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
● request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
● withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw you consent. If you withdraw your consent, we may not be able to provide certain products to you. We will advise you if this is the case at the time you withdraw your consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


7 - When do we share information?

We do not sell your personal information to third parties.
We do not share your personal information with third parties.

If we believe that your use of the Website is unlawful or damaging to others, we reserve the right to disclose the information we have obtained through the Website about you to third parties to the extent that it is reasonably necessary in our opinion to prevent, remedy or take action in relation to such conduct.

We may also disclose or share your personal data in order to comply with any legal obligation; in order to enforce or apply any agreements or licences with you; or to protect the rights, property, or safety of MathsWatch Ltd. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

If any part of our business (including those of our affiliates) is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchasers and their advisers.


8 - Updating your details and contacting us

If you have any questions or queries regarding this privacy policy or if any of the information that you have provided to MathsWatch Ltd changes e.g. if you change your e-mail address, please contact us by sending an e-mail to support@mathswatch.com

9 - GDPR - FAQ

What type of data is held by MathsWatch?
We hold the following:
● First name and last name of each student and staff member.
● The year group of each student.
● The class each student is in.
● An initial password for each student and staff member - they are encrypted on upload.
Passwords can be changed by students and staff at any time and we recommend they do this.
Once changed we can never see the passwords, they are always encrypted.
It is possible for students and staff members to add their email address to their account but we never ask for email addresses and have no ability to upload them via a csv.
For schools opting for the Wonde Data Integration, we also collect UPI, DOB (optional) and email (optional). These are often used for the automatic process of username/password creation of new students joining the school.

Where does MathsWatch get that data from?
We get the data directly from schools.
We ask them to put student information on an upload template and return it to us.
If schools opt for the Wonde Data Integration then we get their data from Wonde which is directly and securely connected to their MIS (SIMS, Progresso, Arbor, etc...).

What is the purpose of holding the data?
We hold the data so that students and staff have an account with MathsWatch and can therefore use our product.

Data Controller or Data Processor?
We act as Data Processor as we only ever process a school's data on their behalf and when requested.

How is the data kept up-to-date?
Admin account holders at the school can update the information held.
They can also ask us to update the information for them.
Data of schools connected via Wonde is synchronised every day just after midnight.

How often is the data backed-up?
The data is backed-up every day between 3.30am and 4.30am (UK time).

Is it shared by MathsWatch with anyone?
It is NEVER shared with anyone.
Only five named people within the MathsWatch organisation can access any information at all.

Where and how it is stored?
It is stored on servers which are all within the UK.

How long it is kept for?
We keep it for as long as the account is active or until an administrator at the school deletes it.
At the end of each year, for instance, school admins will routinely delete all Yr 11 data in order to make space for new Yr 7 data.
If a subscription is cancelled we usually wait for 6 weeks and then delete all data for that school.
If an institution requests it be deleted sooner, we always do this.

How is the data destroyed?
It is permanently deleted.

Are you registered with the Information Commissioners Office?
Yes, we are. Our registration number is ZA318998