Infinity+ uses essential pupil information to operate. Here's an overview of how we ensure full compliance with data protection requirements.
When you use Infinity+, your school will provide us with access to certain personal data relating to your pupils (we refer to this as School MIS Data in our Infinity+ terms and conditions). This will be done by your school granting us access to the necessary data via Wonde.
The School MIS Data will include certain personal data relating to your pupils such as their name, gender, year group, class, age at time of taking quiz and unique pupil number (UPN) or other identifying code (where UPN is unavailable) which is required by us for you to use Infinity+.
Your school remains the data controller in respect of the School MIS Data. White Rose handles it as a processor of the school.
The General Data Protection Regulation (as adopted into UK law and tailored by the Data Protection Act 2018) (UK GDPR) requires that the processing of personal data by a processor on behalf of a controller is governed by certain minimum contractual provisions.
We have included the necessary provisions in our contract with your school. Please refer to our Infinity+ terms and conditions clause 6 (School MIS Data Protection) in particular, which sets out the provisions applicable to our processing of School MIS Data (as data processor) on behalf of your school (as data controller).
We also have a contract in place with Wonde, which includes additional provisions around confidentiality and security. Please see Wonde’s 'Security and Privacy' policy.
Nothing herein or within our terms and conditions relieves your school of its own direct responsibilities and liabilities under UK GDPR or otherwise. The school is responsible for notifying us if there is a change of controller (for example, if the school joins or transfers to a new MAT). Please get in touch should this occur.