O-Music Privacy and Data Protection Policy
O-Music Ltd is fully compliant with the GDPR law for the UK/EU from 25th May 2018
We keep securely the name and email address of the person or persons allocated by the school as the administrator(s) of the software for the school.
We supply a temporary password and username, which the administrator can then alter. All passwords are encrypted and as soon as the administrator changes it, only the administrator knows what it is.
It is the responsibility of the administrator to ensure no student or any other unauthorised person has access to these logon credentials.
The administrator can add the names, usernames and classes of students to the system. He/she can also add teacher details: names, usernames, email addresses and encrypted passwords.
The administrator can also attach teachers to classes so that the teacher can see a list of students in that class, with names and usernames. Passwords are hidden.
The administrator can also in certain circumstances ask O-Music Ltd to undertake some of these tasks, in which case the operation will be carried out by a member of O-Music staff trained in data protection.
Teachers have access to the names and usernames of the students in the classes to which they have been attached by the administrator. They can change their own details and those of the students in those classes. They do not have access to any secret student passwords but may change them, for instance if a student has forgotten theirs.
Each student has access to his/her name and username. The password is hidden but may be changed by the administrator. Students have no access to anybody else’s details unless they become aware of another person’s username and password.
The administrator can immediately delete any student, teacher or groups of students from the list, or delete all students and all teachers.
The administrator may in an emergency ask O-Music Ltd to suspend the software. This will be done by changing the access URL (web address) to a new secret version. This will have the effect of stopping any user making use of the software.
O-Music uses two servers:
•Server 2 in the US stores the O-Generator software, media and test results.
O-Music Ltd will keep securely names, addresses and email addresses of teachers who ask for trial versions or otherwise ask for more information. This information will be used in the following ways:
•To tell trial users their logon credentials and to remind them.
•To send further details including prices
•To warn users of the ending of trials
Administrators will also be contacted from time to time with newsletters and information about the expiry of their subscription.
All contacts will have the right to have their details deleted from the database.
Privacy impact assessment
O-Music Ltd has a number of strategies in place to secure data, with strict limits on the number of people who have access. Only the administrators have access to the full data, i.e. the list of students the administrator has assigned to O-Music Ltd. Class teachers only have access to data for individual classes to which they have been assigned. All data is protected by secret usernames and passwords. Passwords are hidden and encrypted.
In the extremely unlikely event of data being stolen, the impact will be limited to student names, usernames and classes. No student email addresses, phone numbers, gender information, age, date of birth or address are stored.
The only other data stored consists of the teacher’s names, school email addresses and school address.