deleted: contract for the tapestry online learning journal€¦ · 01/05/2018 · standard...
TRANSCRIPT
Contract for the Tapestry Online Learning Journal FoundationStageForumLtd
18April2019
Table of Contents Anoteonthiscontract...........................................................................................................................................5AnoncontractualnoteonBrexit.......................................................................................................................6IfyouareacustomerintheEU,butnotintheUK................................................................................6IfyouareacustomerintheUK......................................................................................................................6
YourcontractwithusfortheuseofTapestry..............................................................................................6Whatyouget..........................................................................................................................................................7Whatyoudonotget............................................................................................................................................7Tapestry,ouronlinelearningjournal.........................................................................................................7Ourtutorials...........................................................................................................................................................8OurBillingandSupportSystem....................................................................................................................8OurDiscussionForum.......................................................................................................................................8Fees............................................................................................................................................................................8Termination............................................................................................................................................................8Changesanddisputes.........................................................................................................................................9
AnnexA:TapestryDataProtection...................................................................................................................9ThelegallyrequiredtermsinaDataProcessingAgreementorContract...................................9Ourjurisdiction..................................................................................................................................................10Whereisdatastored?.....................................................................................................................................10WhatdataisplacedintoTapestry?...........................................................................................................11Whoisresponsibleforwhat?......................................................................................................................11Whatweexpectofyou....................................................................................................................................12YoumusthavealawfulbasisforputtingdataintoTapestry...................................................12YoumustuseTapestryinawaythatiscompliantwithdataprotectionlaw....................12Youmustrespondtodataprotectionrequests..............................................................................13YoumustkeepyourcontactdetailsonTapestryuptodate.....................................................14
Whatyoucanexpectofus.............................................................................................................................14Wewillonlyprocessdataonyourwritteninstructions.............................................................14
Deleted: 1May2018
Deleted: ¶
Deleted: Anoteonthiscontract➝5¶YourcontractwithusfortheuseofTapestry➝6¶Whatyouget➝7¶Whatyoudonotget➝7¶Tapestry,ouronlinelearningjournal➝7¶Ourtutorials➝8¶OurBillingandSupportSystem➝8¶OurDiscussionForum➝8¶Fees➝8¶Termination➝8¶Changesanddisputes➝9¶AnnexA:TapestryDataProtection➝9¶ThelegallyrequiredtermsinaDataProcessingAgreementorContract➝9¶Ourjurisdiction➝10¶Whereisdatastored?➝10¶WhatdataisplacedintoTapestry?➝11¶Whoisresponsibleforwhat?➝11¶Whatweexpectofyou➝12¶YoumusthavealawfulbasisforputtingdataintoTapestry➝12¶YoumustuseTapestryinawaythatiscompliantwithdataprotectionlaw➝12¶Youmustrespondtodataprotectionrequests➝13¶YoumustkeepyourcontactdetailsonTapestryuptodate➝14¶Whatyoucanexpectofus➝14¶Wewillonlyprocessdataonyourwritteninstructions➝14¶Wewillensurethatpeopleweusetoprocessyourdataaresubjecttoadutyofconfidence➝16¶Wewilltakeappropriatemeasurestoensurethesecurityofourprocessing➝16¶Wewillengagesub-processorsonlywithyourpriorconsent➝16¶Wewillassistyouinprovidingsubjectaccessandallowingdatasubjectstoexercisetheirrightsunderdataprotectionlaw➝16¶Wewillassistyouinmeetingyourlegaldataprotectionobligations➝17¶Wewilldeleteorreturnallpersonaldatatoyouasrequestedattheendofthecontract➝18¶Wewillsubmittoyourauditsandinspections➝18¶Wewillprovideyouwiththeinformationtomeetyourlegalobligations➝18¶Wewilltellyouifwebecomeawareofadatabreach➝18¶Wewilltellyouimmediatelyifweareaskedtodosomethinginfringingdataprotectionlaw➝19¶Ifsomethinggoeswrong➝19¶Complaints➝19¶OurDataProtectionOfficer➝19¶FrequentlyAskedQuestions➝19¶WithregardtoBrexit:willthedatabehostedandbackedupintheUKonceBrexitisfinalised?➝19¶AnnexB:TapestrySecurity➝19¶SecurityResponsibilities➝19¶Whoarewe?➝20¶TheFoundationStageForumLtd➝20¶ ... [1]
Wewillensurethatpeopleweusetoprocessyourdataaresubjecttoadutyofconfidence.......................................................................................................................................................16Wewilltakeappropriatemeasurestoensurethesecurityofourprocessing.................16Wewillengagesub-processorsonlywithyourpriorconsent.................................................16Wewillassistyouinprovidingsubjectaccessandallowingdatasubjectstoexercisetheirrightsunderdataprotectionlaw...............................................................................................16Wewillassistyouinmeetingyourlegaldataprotectionobligations..................................17Wewilldeleteorreturnallpersonaldatatoyouasrequestedattheendofthecontract..............................................................................................................................................................................18Wewillsubmittoyourauditsandinspections...............................................................................18Wewillprovideyouwiththeinformationtomeetyourlegalobligations.........................18Wewilltellyouifwebecomeawareofadatabreach.................................................................18Wewilltellyouimmediatelyifweareaskedtodosomethinginfringingdataprotectionlaw...............................................................................................................................................19
Ifsomethinggoeswrong...............................................................................................................................19Complaints......................................................................................................................................................19OurDataProtectionOfficer.....................................................................................................................19
FrequentlyAskedQuestions.............................................................................................................................19WithregardtoBrexit:willthedatabehostedandbackedupintheUKonceBrexitisfinalised?...............................................................................................................................................................19
AnnexB:TapestrySecurity...............................................................................................................................19SecurityResponsibilities...............................................................................................................................19Whoarewe?........................................................................................................................................................20TheFoundationStageForumLtd.........................................................................................................20Director:StephenEdwardsMSc............................................................................................................20Director:HelenEdwardsDPhil..............................................................................................................20DataProtectionOfficer:LaurenFoley.................................................................................................21
DataProtectionLaw........................................................................................................................................21Accesstodata.....................................................................................................................................................21Deletingdatawhenitisnolongerneeded.............................................................................................22Organisationaldatasecurity........................................................................................................................22ISO27001........................................................................................................................................................22Staff....................................................................................................................................................................22Procedures......................................................................................................................................................23Passwords.......................................................................................................................................................23
Technicaldatasecurity...................................................................................................................................24Physicalsecurity...........................................................................................................................................25Softwaresecurity.........................................................................................................................................26Encryption.......................................................................................................................................................26Partitioning.....................................................................................................................................................26Logging.............................................................................................................................................................27Verification(alsoknownasPenetrationTesting).........................................................................27
Capacity,RedundancyandBackups.........................................................................................................27Keepingintouchaboutsecurity.................................................................................................................28Frequentlyaskedsecurityquestions.......................................................................................................28Canyoufilloutthissecurityquestionnaireforme?.....................................................................28Doyouofferaservicelevelagreement?............................................................................................29Areyouinsured?..........................................................................................................................................29Whathappensifmyaccountsubscriptionshouldexpire?........................................................29DoyoustoredataoutsideoftheEU?...................................................................................................29Whatencryptionprinciplesareusedfordataintransit?...........................................................29HaveyoudisabledTLS1.0support?....................................................................................................29Whatencryptionkeymanagementprocessesareinplace?.....................................................29ThedatacentrehostingTapestryisISO27001accredited.WhichversionofISO27001isit,andwhoistheaccreditingcompany?.......................................................................................29Doyoufollowanyotherstandardsorholdanyothercertifications?...................................30Whichboardmemberisresponsibleforsecurity?.......................................................................30Doyouhaveadocumentedframeworkforsecuritygovernance,withpoliciesgoverningkeyaspectsofinformationsecurityrelevanttotheservice?.............................30Canyouprovideevidencethatsecurityandinformationsecurityarepartofyourfinancialandoperationalriskreportingmechanisms,ensuringthattheboardwouldbekeptinformedofsecurityandinformationrisk?...........................................................................30Canyouprovideevidenceofprocessestoidentifyandensurecompliancewithapplicablelegalandregulatoryrequirements?..............................................................................30Doyoutrackthestatus,locationandconfigurationofservicecomponentsthroughouttheirlifetime?.................................................................................................................................................30Doyouassesschangestotheserviceforpotentialsecurityimpactandmonitorthatimpacttocompletion?................................................................................................................................31Howarepotentialnewthreats,vulnerabilitiesorexploitationtechniqueswhichcouldaffecttheserviceassessed?.....................................................................................................................31
Doweuserelevantsourcesofinformationrelatingtothreat,vulnerabilityandexploitationtechniques,egNIST,NCSC?...........................................................................................31Howareknownvulnerabilitiesprioritisedandtrackeduntilmitigationshavebeendeployed?........................................................................................................................................................31Whatarethetimescalesforimplementingmitigations?E.g.inpatchingpolicy?............31Otherthanforfault-finding,areactivitylogsmonitoredforsuspiciousactivity,potentialcompromisesorinappropriateuseoftheservice?...................................................32Dowehaveanincidentmanagementprocess?..............................................................................32Whatistheprocessforthevendortoreportincidentstothecustomer?..........................32Is2-factorauthentication(2FA)availabletoendusers?............................................................32CanwerequirepasswordstobechangedeveryXdays?...........................................................32WhichNSCCsystemarchitecturedoyouuse?................................................................................32Whatprovisionismadeforcustomerstoaccess/monitorauditrecordsforsystem/dataaccess?....................................................................................................................................................32Doesyourorganisationhavedifferentiatedaccesstodatadependingonthesensitivitylevel?..................................................................................................................................................................33
AnnexC:TapestryPrivacy.................................................................................................................................33TheService..........................................................................................................................................................33Whatdatadowecollect?...............................................................................................................................34Whatisthelawfulbasisforstoringthisdata.......................................................................................35Whosedataisit?................................................................................................................................................35Whodowesharedatawith?........................................................................................................................36Howdowecollectthedata?.........................................................................................................................36CanIseemydatathatisstoredonyoursystem?...............................................................................36CanIhavemydatacorrectedordeleted?..............................................................................................36Whatareourcustomer’sresponsibilities?............................................................................................36ContactingUs......................................................................................................................................................37
AnnexD:TapestrySub-processors................................................................................................................37Listofsub-processors.....................................................................................................................................38Changestosub-processors...........................................................................................................................38
AnnexE:Billingandsupportdata..................................................................................................................38Whatdatadowecollect?...............................................................................................................................38Whydoyouneedthisdata?.........................................................................................................................39Whodoyousharethisdatawith?.............................................................................................................39Whereisthedatastored?..............................................................................................................................39
Howlongdoyoukeepthisdata?...............................................................................................................39HowdoIexercisemyrightsunderdataprotectionlaw?................................................................39
AnnexF:Useofourdiscussionforum..........................................................................................................40Liability..................................................................................................................................................................40Contentandownershipofyourmessages.............................................................................................40PrivacyandDataProtection.........................................................................................................................41
Changestothiscontract......................................................................................................................................42Nextversionofthecontract(releaseTBD)...........................................................................................422018May1..........................................................................................................................................................43TapestryDataProtection..........................................................................................................................43TapestrySecurity.........................................................................................................................................43TapestryPrivacy...........................................................................................................................................43TapestrySubProcessor.............................................................................................................................43
2018March12(SecondDraft)....................................................................................................................44Acrossallsections........................................................................................................................................44Anoteonthisdraft......................................................................................................................................44Overview..........................................................................................................................................................44AnnexA:TapestryDataProtection......................................................................................................44AnnexB:TapestrySecurity.....................................................................................................................45AnnexC:TapestryPrivacy.......................................................................................................................45AnnexD:TapestrySub-processors......................................................................................................45AnnexE:Billingandsupportdata........................................................................................................46AnnexF:Useofourdiscussionforum.................................................................................................46
2018January5(Firstdraft).........................................................................................................................46
A note on this contract ThisisthenewcontractbetweentheFoundationStageForumLtdandourcustomerswhouseTapestry.
Ifyouhavereadthepreviousversion,youcanseealistofchangesattheendofthisdocument,oraversionwith“TrackChanges”athttps://tapestry.info/draft-contract.
Therearenofundamentalchangesinthisversion.Thekeyonesare:
Deleted:
Deleted: a
Deleted: draft
Deleted: Wearen’ttryingtochangeanything
Deleted: aboutourrelationshipandwhatwedoforyou.Butwearetryingto:¶Improvetheclarityofthecontract.¶Makeitunambiguouslyclearhowweworktogethertoensurewearecompliantwiththe
Deleted: todataprotectionlawintheEU(knownastheGDPR).…
1. Mentionthataforthcomingregisterfunctionmeansyoumight,ifyouwish,bestoringattendancedata.
2. MentionthatthenewTapestryappsmeanthatyoumight,ifyouwish,besendingpushnotifications.ThosenotificationswouldgoviaApple,GoogleorAmazon(dependingonthedevice)andmightgooutsideoftheEU.
3. MentionthatwehavechangedemailproviderforourbillingandcustomersupportfromFastmailtoZohoMail.
YouwillbeaskedtoagreetothiscontractthoughtheTapestryControlPanel.
A non contractual note on Brexit
If you are a customer in the EU, but not in the UK IntheeventofBrexit,wewillprobablyneedtoissueanewcontractwiththesetofstandardcontractualclausesthattheEuropeanCommissionhasprovidedthatallowdataprocessingintheUKtoremaincompliant.
Restassured,yourdatawillcontinuetobestoredwithindatacentersintheEU.ThereforealmostalloftheprocesssingwedoforyouwillcontinuetohappenwithintheEU.AdatatransferoutsidetotheUKwillonlyhappenifweneedtolookatyourdatainordertoprovideyouwithsupport.
If you are a customer in the UK IntheeventofBrexit,itisunclearwhatchangeswillberequiredforourcustomersintheUK.
Atthetimeofwriting,theUKgovernment’sintentionissuchthatnochangestoTapestrywouldberequired.Specifically,theprocessingofdataaboutpeopleintheUKcancontinuetohappenintheEU.
Unfortunately,theUKgovernmenthasnot,atthetimeofwriting,passedalltherequiredlegislation.Iftheyfailtopassthelegislation,orpassdifferentlegistation,thenwewilldowhatittakestobecompliantanddoourbesttogiveyouasmuchnoticeaspossibleaboutwhatchangesmightberequired.
TheUKInformationCommissioner’sOfficeisprovidingguidanceonhowtoprepareforBrexitthatyoumaywishtoread:https://ico.org.uk/for-organisations/data-protection-and-brexit/.
Your contract with us for the use of Tapestry 1. WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwith
companynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.
2. Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.
What you get 3. Thiscontractisfora12monthsubscriptiontoTapestry,ouronlinelearningjournal,
togetherwith:– Ourtutorials– EmailsupportduringUKbusinesshours– Accesstothehttps://eyfs.infodiscussionforum
What you do not get 4. Wedonotprovidetelephoneorfacetofacesupport.However,atourdiscretion,we
mayoffertocallyouifwefeelaquerycouldbebetterresolvedoverthephone.Wealsodoofferbookabletelephonesupportsessionsforafee.
4. WedonotprovidedirectsupporttoanyrelativesthatyouaddtoTapestry.Iftheycontactus,wewillusuallydirectthembacktoyou.Wedothisbecauseitisdifficultforustoknowwhethertheirrequestsareauthorisedbyyou.
4. WedoourbesttoprovideTapestryatalltimes(seeourAnnexB:TapestrySecurity),butwecannotguaranteethis.
Tapestry, our online learning journal 7. YoumustbetheDataControlleroftheinformationthatyouenterintoTapestry(as
youareforyourpaperrecords);wewillbetheDataProcessor.Ifyoudon’tknowwhatthosetermsmean,itisessentialthatyoufindout.Astartingpointforfindingoutishttps://ico.org.uk.
7. Youagreewithourapproachtodataprotection,privacyandsecurityandtodoyourpart.Wedescribeourapproachandwhatweexpectofyouintheselinkedannexes:– AnnexA:TapestryDataProtection– AnnexB:TapestrySecurity– AnnexC:TapestryPrivacy
7. Youagreetoourcurrentsub-processors:– AnnexD:TapestrySub-processors
7. WearecompliantwithUKdataprotectionlegislation(sometimesreferredtoasthe‘GDPR’).
7. ThiscontractcontainsthetermsrequiredforadataprocessingagreementunderUKdataprotectionlegislation.
7. WewillhelpyoutocomplywithyourdutiesunderUKdataprotectionlegislation.Inmostcasesyoucanusethetoolsweprovide.Ifyouaskusforextrahelpincomplyingwewillgiveittoyou,butwemaychargeyouourcostsinhelping.MoredetailisprovidedinAnnexA:TapestryDataProtection.
7. IfyouwishtoauditusunderUKdataprotectionlegislation,youmaydoso,butwemaychargeyouourcostsinparticipatinginyouraudit.
Our tutorials 14. Youmaycopy,store,shareandadaptourtutorialsforthepurposeofmakingbetter
useofTapestry.
Our Billing and Support System 15. Ifyoucontactusbyemailorthroughourwebsitesthenwewillstoreandprocessthe
informationyouprovideinourbillingandsupportsystem.UnlikethedatayouenterintoTapestry,wearetheDataControllerforinformationinourbillingandsupportsystem.WedescribehowweusethatdatainAnnexE:Billingandsupportdata.
Our Discussion Forum 16. Youdonotneedtouseourdiscussionforum.Butifyouchooseto,thenyouagreeto
theconditionssetoutinAnnexF:Useofourdiscussionforum.
Fees 17. YoumustpayourfeeinfullbeforewewillstartyourTapestrysubscription17. Ourfee,assetoutonourwebsite,isbasedonthemaximumnumberofchildrenyou
wishtohaveinyourTapestryaccountduringthe12monthsubscription.17. Youcanaddorremoveindividualchildrenthroughouttheyearsolongasthe
maximumnumberofchildrenisnotexceededatanyonemoment.17. Ifyouhavenotpaidyourfeeinfullthen:• wemaynotprovideaccesstoTapestry.• after90days,wewilldeletethedatathatyouhaveenteredintoTapestry.21. Ifyouwishtoincreasethemaximumnumberofchildrenyoucanhaveinyour
Tapestryaccountduringthe12monthsubscriptionthenwewillchargeyouthedifferencebetweenwhatyouhavepaidandthecurrentfeeforanaccountwiththeincreasednumberofchildren.Thiswillnotextendyoursubscription.
21. YoumustpayusUKPoundsSterlingincludinganyapplicableVAT.Ifyouchoosetopaybybanktransferyoumustbearallcurrencyconversionandbanktransfercosts.
Termination 23. YoucanstopusingTapestryatanytimeandaskustoreturnand/ordeletethedata
youhaveenteredintoTapestry,butwewillnotrefundanyfeesthatyouhavepaidunless:– YouarewithinthefirstmonthofyourTapestrysubscription– Wemateriallychangethiscontracttoyourdetriment
23. Wemay,afterdiscussingthesituationwithyou,stopprovidingyouwithTapestryifyou:– misuseoursystemsor– createanunreasonableloadonoursystemsor– causeusunreasonablecostsor– abuseourstaffor
– breachthiscontract.
Changes and disputes 25. Ifsomethinggoeswrong,unlessotherwiserequiredbylaw,ourtotalliabilitytoeach
otherislimitedtotheannualfeethatyouhavepaidusforTapestry.25. OneexampleofwherethelawrequiresdifferentliabilityisinbreachesofUKdata
protectionlaw.Wecanbothbeinvestigatedandfinedbytherelevantsupervisoryauthoritiesandwebothmaybeliabletopaycompensationfordamagescausedbybreachingthislaw.Ifitlaterturnsoutthatoneorotherofuswasn’tresponsibleforthebreach,thenwecanclaimbacktheshareofliabilityfromtheresponsibleparty–evenifthatismorethantheannualthatfeeyouhavepaidus.
25. OurcontractwithyouisunderEnglishlawandanydisputewillbesettledbyanEnglishcourt.
25. Thisdocument,togetherwithitsannexesareourentirecontractwithyou.Ifyouwanttovarythiscontract,oraddadditionalterms,thentherewillneedtobewrittenandexplicitagreementbetweenyouandoneofourcompanydirectors.Tokeepourcostsandpricesdown,werarelydothis.Inparticular,unlessexplicitlyagreedtobyoneofourcompanydirectors,wedonotacceptanystandardpurchasingtermsandconditionsthatyoumayusuallyapply.
25. Wemaychangethiscontract,butwillgiveyoureasonablewarning.
Annex A: Tapestry Data Protection WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwithcompanynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.
Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.
ThisAnnexrelatestotheuseofTapestry,ouronlinelearningjournal.AnnexErelatestodatainourbillingandsupportsystem.AnnexFrelatestodatainourdiscussionforum.
WeneedtoworktogethertoensurewearecompliantwithdataprotectionregulationswhenusingTapestry.
Thisannexshouldbereadinconjunctionwithouroverallcontractand,inparticular,AnnexBwhichexplainingourapproachtosecurityandAnnexDwhichlistsoursubprocessors.
The legally required terms in a Data Processing Agreement or Contract IfyouareintheEU,thenyoumusthaveawrittencontractwithus(sometimesknownasaDataProcessingAgreement)and,legally,mustincludesomeparticularbitsofinformationandcommitments.Thiscontractactsasthatwrittencontractandcontainstherequiredinformationandcommitments.
Tohelpyoufindthem:
• Thesubjectmatteranddurationoftheprocessingissummarisedbelowunder‘WhatdataisplacedintoTapestry’andsetoutindetailinAnnexC:TapestryPrivacy
• Thenatureandpurposeoftheprocessingissummarisedbelowunder‘WhatdataisplacedintoTapestry’andsetoutindetailinAnnexC:TapestryPrivacy.
• Thetypeofpersonaldataandcategoriesofdatasubjectissummarisedbelowunder‘WhatdataisplacedintoTapestry’andsetoutindetailinAnnexC:TapestryPrivacy.
• Theobligationsandrightsofthecontrollerissetoutin“Whatweexpectofyou”and“Whatyoucanexpectofus”below.
• Thestandardrequirementsondataprocessors(e.g.,toactonwritteninstructions,submittoaudit,notifyofbreachesetc)aresetoutin“Whatyoucanexpectofus”below.
Our jurisdiction WeareheadquarteredintheUK.ThiscontractisunderUKlaw.
OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).
Where is data stored? OurprocessingandstorageofyourdatahappenswithintheEU.
TheprimaryprocessingandstoragelocationisinIreland.
OuroffsitebackupsarestoredinGermany.
OurofficeisintheUK.
Fortheavoidanceofdoubt:Thestoragelocationispartofyourcontractwithus.Ifwewishedtochangewhereyourdataisstored,wewouldneedtochangethiscontract,andcontractchangesalwaysrequireagreementfrombothyouandus.
Toprovidealittlemoredetail:
• AlmostallstorageandprocessingiscarriedoutoncomputersandnetworksprovidedbyAmazonWebServices(AWS)asub-processorwhowelistinAnnexD.WeinstructthemtoonlystoredataoncomputersintheirdatacentreslocatedinIreland(fortheprimarysystem)andGermany(forthebackupsystem).Theyarecontractuallyboundnottomovedataelsewherewithoutourpermission.
• Theexceptionsare:– Onveryrareoccasions,andsubjecttostrictsafeguards,wemaystoreand
processsomedatalocallyinourofficesinordertodiagnoseorfixabug.OntheseoccasionsdatawillbestoredandprocessedinLewesintheUK.Someofthesafeguardsare:weonlydoitwhenwehaveto–itisneverroutine;westoretheminimumpossibleamountofdatalocally;weonlystoreitonencryptedsecuremachines;wedeleteitassoonaspossible.
– IfyoulogintoTapestrywhenyouareoutsidetheEU,datawillbetransferredoutsideoftheEUtogettoyou.Thisisunlikelytobeaconcernifyouareanon-EUschoolornurserybecauseyouwon’tbestoringdataaboutpeoplewhoareintheEU.Itisalsounlikelytobeaconcernifitonlyhappenseverynowandagainandonlyconcernsafewchildren(i.e.,aparentdoesit).However,ifyouareanEUbasedorganisation,youshouldconsideryourpoliciesforallowingstafftologintoTapestryiftheyareoutsidetheEU.
– ThecontentsofPush NotificationstoiOS,AndroidandAmazonappswillgoviaApple,GoogleorAmazonserversrespectivelywhichmaybeoutsidetheEU.ThisonlyhappensifALLofthefollowingaretrue:1)‘AllowPushNotifications’isenabledintheTapestryControlPanel;2)‘Includenamesinpushnotifications’isenabledintheTapestryControlPanel;3)Apersonisusingaversionofourappthatsupportspushnotifications;4)Thepersonusingourappenablespushnotificationsforthatdevice;5)Thepersonusingourappconsentstonamesbeingincludedinourpushnotifications.
What data is placed into Tapestry? AnnexC:TapestryPrivacysetsoutthesubjectmatteranddurationofourprocessing;thenatureandpurposeoftheprocessing;thetypeofpersonaldataandthecategoriesofdatasubject.
Insummary:
• ThecategoriesofdatasubjectarethepeopleyouaddtoTapestry.Typicallychildren,staffandrelativesofthechildren.Youchooseexactlywho.
• Thesubjectmatterandtypesofpersonaldataaretypically:names,emailaddresses,datesofbirth,postcodes,contentsofanonlinelearningjournal,recordsofachild’scare,recordsofachild’sattendance.Youchooseexactlywhatdata.
• Thenatureandpurposeoftheprocessingistypically:toprovideanonlinerecordofchildren’sattendance,progressandcareinordertomonitor,shareandanalysethatattendance,progressandcare.Youchooseexactlywhatisdonewiththedataandwhoitissharedwith.
• Thedurationoftheprocessingis,atmost,thedurationofthiscontractplusthetimetakenfordatatoleaveourbackupsystem.Itcanbeshorterifyouchoosetodeletesomeorallofyourdatasooner.
Who is responsible for what? Thefirstthingtoagreeisthat:
1. Youarethedatacontrollerfordatayou,orthepeopleyougiveaccess,addtoTapestry.1. Wearethedataprocessor.
Ifyoudon’tknowwhatthosetermsmean,itisessentialthatyoufindout.Astartingpointforfindingoutishttps://ico.org.uk.
Deleted: .
Youmust:
• HavealawfulbasisforenteringdataintoTapestry.• UseTapestryinawaythatiscompliantwithdataprotectionlaw.• Respondtodataprotectionrequests.• KeepyourcontactdetailsonTapestryuptodate.
Wemust:
• Onlyprocessdataonyourinstructions.• Ensurethatpeopleweusetoprocessyourdataaresubjecttoadutyofconfidence.• Takeappropriatemeasurestoensurethesecurityofourprocessing.• Onlyengagesub-processorswithyourpriorwrittenconsent(seeAnnexD).• Assistyouinprovidingsubjectaccessandallowingdatasubjectstoexercisetheir
rightsunderdataprotectionlaw.• Assistyouinmeetingyourlegaldataprotectionobligationsinrelationto:
– thesecurityofprocessing.– thenotificationofpersonaldatabreaches.– dataprotectionimpactassessments.
• Deleteorreturnallpersonaldatatoyouasrequestedattheendofthecontract.• Submittoyourauditsandinspections.• Provideyouwiththeinformationtomeetyourlegalobligations.• Tellyouifwebecomeawareofadatabreach• Tellyouimmediatelyifweareaskedtodosomethinginfringingdataprotectionlaw.
What we expect of you
You must have a lawful basis for putting data into Tapestry
WerelyonyoutoensureyouhavealawfulbasisforputtingdataintoTapestry.Ifyouhaven’tworkedoutwhatyourlawfulbasisis,pleasedosoimmediately.Onceagain,theUKInformationCommissionersOffice,https://ico.org.uk,isagoodstartingpoint.
Pleasedon’tleaptoassumingconsentistheonlylawfulbasisforyou,butcarefullyconsiderthesixpossiblebasesdescribedinlawandworkoutwhichisright,givenwhatyouintendtostoreinTapestryandhowyouintendtouseandshareit.
Ifyouarerelyingonconsentasyourlawfulbasis,thenwerelyonyoutohavegainedtheconsentforwhateverdatayouintendtoputonTapestryandtoremovedataifconsentislaterwithdrawn.
You must use Tapestry in a way that is compliant with data protection law
AsthecontrollerofthedatayouputinTapestry,youmustcomplywithdataprotectionlaw.Thisincludesensuringthatthedatais:
1. Processedlawfully,fairlyandinatransparentmannerinrelationtoindividuals.1. Collectedforspecified,explicitandlegitimatepurposesandnotfurtherprocessedina
mannerthatisincompatiblewiththosepurposes;furtherprocessingforarchivingpurposesinthepublicinterest,scientificorhistoricalresearchpurposesorstatisticalpurposesshallnotbeconsideredtobeincompatiblewiththeinitialpurposes.
1. Adequate,relevantandlimitedtowhatisnecessaryinrelationtothepurposesforwhichtheyareprocessed.
1. Accurateand,wherenecessary,keptuptodate;everyreasonablestepmustbetakentoensurethatpersonaldatathatareinaccurate,havingregardtothepurposesforwhichtheyareprocessed,areerasedorrectifiedwithoutdelay.
1. Keptinaformwhichpermitsidentificationofdatasubjectsfornolongerthanisnecessaryforthepurposesforwhichthepersonaldataareprocessed;personaldatamaybestoredforlongerperiodsinsofarasthepersonaldatawillbeprocessedsolelyforarchivingpurposesinthepublicinterest,scientificorhistoricalresearchpurposesorstatisticalpurposessubjecttoimplementationoftheappropriatetechnicalandorganisationalmeasuresrequiredbytheGDPRinordertosafeguardtherightsandfreedomsofindividuals.
1. Processedinamannerthatensuresappropriatesecurityofthepersonaldata,includingprotectionagainstunauthorisedorunlawfulprocessingandagainstaccidentalloss,destructionordamage,usingappropriatetechnicalororganisationalmeasures.
Source:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/
Wewilldoourpartinhelpingyoutocomply(describedbelow).
You must respond to data protection requests
UsingTapestrynormallyinvolvesprocessingdataaboutpeople(children,possiblystaff,possiblyrelatives).Thosepeoplehaverightsunderdataprotectionlaw,including:
1. Therighttobeinformed1. Therightofaccess1. Therighttorectification1. Therighttoerasure1. Therighttorestrictprocessing1. Therighttodataportability1. Therighttoobject1. Rightsinrelationtoautomateddecisionmakingandprofiling
Source:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/
Youareresponsibleforrespondingtothoserequests.Wehavedesignedoursystemtohelpyoutorespond.
The right to be informed
Inparticular,pleaseensureyouproactivelydealtwiththe“righttobeinformed”–youmustnotwaitforpeopletoaskyou.
TheUKInformationCommissioner’sOfficehasadviceonthis:https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/.
Youmaywishtouseour‘AnnexC:TapestryPrivacy’asastartingpointforinformingyourstaffandtherelativesandchildrenwhosedatayouaddtoTapestry.Butyouwillprobablyneedtoadaptittocover:yourcontactdetails,yourlawfulbasisforaddingdata,whoyouintendtosharethedatawithandwhyandwhenyouintendtodeletethedata.Sincethenewdataprotectionlawcoversalldata,whetheritisoncomputeroronpaper,youmaywishtoincorporatethisintoasinglewiderdocumentthatcoversallthedatayouprocess.
You must keep your contact details on Tapestry up to date
YoumustkeepyourcontactdetailsuptodatewithinTapestry.Weusetheseto:
1. Contactyou1. Verifythatinstructionswereceivecomefromyou
Iftheyarenotuptodate,youmaynotreceiveourmessages.
Inparticular,wesometimesreceiverequestsfromcustomersstatingthattheonlymanagerregisteredonaschool,childminderornursery’sTapestryaccounthasleft,andrequestingthattheownershipbetransferredtoanewperson.Inordertoverifythattherequestislegitimatewehavetotakeseveralsteps.Evenifthesestepsaresuccessful,theymaymeanadelayofweeksduringwhichtimeTapestrymaynotbeaccessiblebyyou.Toavoidthis,pleaseensureyouupdatecontactdetailsbeforeamanagerdepartsand,ideally,alwaysregistermorethanonemanagerontheTapestrysystem.
What you can expect of us
We will only process data on your written instructions
Tapestryonlydoeswhatyoutellit.Wedonotdoanyprocessingthatyoudonottellustodo.
Tobeabsolutelyclear:wedon’tlicenseorclaimownershipofyourdata;wedon’tsellyourdata;wedon’tuseyourdataforadvertising;wedon’tpassonyourdataexceptwhenyouinstructusto.
YoucanadduserstoTapestrywho,dependingonthelevelofaccessyougivethem,canthenalsoinstructTapestry.Youcanadjustwhatdatathoseusersseeandwhattheycandowiththedata.
PeoplewhosedatayouhaveaddedtoTapestryhavearighttorestrictprocessing.Ifyouhavebeentoldbysomeonetorestrictprocessingoftheirdata,thenyouareresponsiblefornotusingTapestrytodoanyfurtherprocessingofthatperson’sdata.YouareresponsibleforensuringanyusersthatyouhaveaddedtoTapestrydonofurtherprocessing.TheeasiestwaytodothatistouseTapestrytomarkthechildoruserasinactive.
Who can instruct us
WeprefertoacceptinstructionsthroughtheTapestrywebinterfaceorapps.Thisinterfacehasoptionsforauthorisingdifferentusersandgivingthemdifferentlevelsofpermissionaboutwhattheycaninstructustodo.
Wemayalsoacceptinstructionsthroughoursupportticketsystemorbyemailiftheycomefrom:
• SomeonewhowehaveverifiedisregisteredontherelevantTapestryaccountwiththestatusofa‘manager’.
• Someonewhowehaveverifiedisanappropriaterepresentativeoftheaccountowner(e.g.,theheadofaschool,orthedirectorormanagerofanursery).
Dependingonthenatureoftheinstructionandtheroutebywhichwereceivetheinstruction,wemayneedtotakeextrastepstoverifythattheinstructionislegitimate.Thismayleadtoadelayinuscarryingouttheinstruction.
Ifsomeonewhoisn’tauthorisedtriestoinstructustodosomething,wewilltellyouaboutit.Forexample,thismostcommonlyappliestorelativesyouaddtotheTapestryaccountwhoaskusforaccesstotheirchildren’sdatabecausetheycannotloginoryouhaven’tprovidedthemwithdatatheythinktheyareentitledto.Wewilldirectthoserelativesbacktoyou.
What does only ‘written’ instructions mean?
Underdataprotectionlaw,wearenotallowedtoacceptverbalinstructionsfordataprocessing.
Ifyouspeaktousfacetofaceorbytelephone,youwillneedyoutoconfirmanyinstructionsyougiveusby:
• CarryingthemoutyourselfthroughtheTapestrywebinterfaceorapp• Replyingtoouremailedsummaryofyourinstructions,confirmingthatyouwishusto
proceed.• Repeatingyourinstructionsinamessagethroughoursupportticketsystem,• Repeatingyourinstructionsbyemail,• Repeatingyourinstructionsinalettertous.
Instructions we do and don’t accept
Sometimesourcustomerswritetouswitha‘dataprocessingagreement’or‘dataprocessingschedule’thatsetsouthowtheyintendtouseTapestry(e.g.,theyintendtouse
Tapestrytostoreassessments,butnotpicturesandvideosandintendtosharethosewithotherstaffbutnotrelatives).Itisimportanttonotethatwhilewedon’trequireyoutostoreanyparticulardataaboutanyparticularperson,wealsodon’tpreventyoufromstoringanyparticulardataaboutanyparticularperson.So,inthecaseoftheexample,ifanauthorisedmemberofstafflaterchosetouploadavideoorshareanobservationwitharelative,wewouldnotstopthem.
WhatthismeansisthatwecannotlimityouruseofTapestrybeyondtheoptionswegiveuserswith‘manager’accountsonTapestrytosetpermissionsforotherusers.Ifyouinstructustoapplyfurtherlimitations,forexamplebysendingusascheduledescribinghowyouintendtouseTapestry,wecannotcomply.However,wearealwayshappytoprovideyouwithhelpandguidanceinhowtosetpermissionswithinTapestrytomeetyourneeds.
Similarly,whilstwearealwayskeentoreceivesuggestionsabouthowtoimproveoursecurity,wecannotacceptinstructionstoapplyparticularsecuritymeasurestoyouraccountthataren’talreadyavailableintheTapestrycontrolpanel.Forexample,wecannotcurrentlyacceptinstructionstorestrictaccesstoTapestryforparticularuserstoparticularlocationsortimesofday,thoughwehavegotfeatureslikethatonourtodolist.
We will ensure that people we use to process your data are subject to a duty of confidence
Ourstaffwhoprocessyourdataare:
1. Contractuallyboundtokeepyourdataconfidential.1. Vettedbyus.ThisincludesaDBScheck,whichisupdatedannually.1. Appropriatelytrainedindataprotection.
We will take appropriate measures to ensure the security of our processing
ThemeasureswetakearedescribedinAnnexB.
WehavestartedtheprocessofbecomingcertifiedasISO27001compliant.Whenwehavebecomecertifiedwewillupdatethiscontracttoconfirmthatweare.
We will engage sub-processors only with your prior consent
Weusesub-processorsinawaythatiscompliantwithUKdataprotectionlaw.Oursub-processors,whattheydo,andourprocessforseekingyouragreementtoanychangesaredescribedinAnnexD.
We will assist you in providing subject access and allowing data subjects to exercise their rights under data protection law
YoucandownloadalltheinformationthathasbeenenteredintoTapestry.
WeprovideasectioninthecontrolpanelwhereyoucandownloadasinglefilethatbringstogetheralltheinformationTapestryholdsaboutaparticularchildoraparticularuser.
YoucancorrectalltheinformationthathasbeenenteredintoTapestry.
YoucandeletealltheinformationthatyouhaveenteredintoTapestry.
We will assist you in meeting your legal data protection obligations
The security of processing
WedescribeourcurrentsecurityapproachinAnnexB.
IfyoubelievethatthereissomethingthatshouldbedescribedinAnnexBbutisnot,pleaseletusknow.
Ifyouwishustodescribeoursecurityinaparticularway(suchasbyfillingoutformsforyou)thenwemaypassonourcostsindoingso.
Wedonotusuallyimplementbespokesecuritymeasures.However,wearealwaysinterestedinimprovingourservice,sopleasedoletusknowofanythingthatyouwouldliketosee.
Notification of personal data breaches
Ifwebecomeawareof,orsuspect,adatabreach,wewilltellyouwithoutunduedelay.Ifyoubecomeawareof,orsuspect,abreach,pleasetellusassoonasyoucan.
Ifthereisapersonaldatabreach,wewill:
1. Helpyoutopreventfurtherbreaches(e.g.,ifsomeonehasstolenacomputerusedbyyoutologintoTapestry,andyouareconcernedthatyourTapestrypasswordwasstoredonthatcomputer,wecandisabletherelevantaccountsandchangetherelevantpasswords).
1. Helpyoutoworkoutwhohasbeenaffected.1. Helpyoutoworkoutwhatdatamayhavebeenbreached.1. Helpyoutodeterminethecauseofthebreach.1. HelpyouinyourdealingwiththeInformationCommissionersOffice.
TheInformationCommissionersOfficerequireyoutonotifythemofanydatabreachthatis“likelytoresultinarisktotherightsandfreedomsofindividuals”within72hoursofyoubecomingawareofit.Wewillprioritiseourworktohelpyoutomeetthatdeadline.
Ifyouwishustogofurtherthanthat,wewilldoourbestbutmayhavetopassonourcostsinhelpingyou.
Data protection impact assessments
Wecannotcarryoutadataprotectionimpactassessmentforyou,becausewedonotknowwhatdatayouintendtoplaceinTapestry.
Ifyouwishustogofurtherthanthat,wewilldoourbestbutmayhavetopassonourcostsinhelpingyou.
We will delete or return all personal data to you as requested at the end of the contract
Youcandeletedataatanytime.Youcandownloaddataatanytime.
Attheendofthecontractourstandardpracticeistodeleteyourdatafromoursystemsafter90days.Thedatawillbedeletedfromourbackupsystems90daysafteritisdeletedfromoursystems.Wearehappytodeleteyourdatasoonerifyouaskusto.
Wearehappytoreturnyourdatatoyouatanytime.Ifyouwantyourdatainaparticularformat,wewilldoourbest,butmayhavetopassonourcostsinprovidingittoyouinthatformat.
Wewillnotdeletedataifwearerequiredbylawtokeepit(forinstance,foranongoingpoliceordataprotectioninvestigation).
We will submit to your audits and inspections
WeprovideourapproachtosecurityinAnnexBforyoutoaudit.
WehavestartedtheprocessofbecomingISO27001certified.Whenwehavedoneso,wewillupdatethiscontractandprovideyouwithaccesstothecertificationforyoutoaudit.
Ifyouwanttosubmitustofurtherauditorinspection,wewilldoourbesttohelpyou,butmayhavetopassonourcostsincomplyingwithyourrequest.
We will provide you with the information to meet your legal obligations
Webelievethiscontractanditsannexes,combinedwiththetoolsprovidedwithinTapestry,provideyouwithwhatyouneedtomeetyourlegalobligations.Ifyouthinkthereissomethingmissing,pleaseletusknow.
Ifyouhaveaspecificorunusualrequestforinformation,wewilldoourbesttohelpyou,butmayhavetopassonourcostsincomplyingwithyourrequest.
We will tell you if we become aware of a data breach
Ifwebecomeawareofadatabreach,wewilltellyouaboutitandhelpyoutomeetyourobligationsaswe’vedescribedabove.Wewilldothiswithoutunduedelay.Pleasekeepyourcontactdetailsuptodatesothatwecancontactyouquickly.
Ifwesuspectapossibledatabreachwemay‘lockdown’accesstoTapestryifwethinkthatwouldhelppreventafurtherbreach.ThiswouldmeanthatsomeorallusersofTapestrywouldlosepartialorcompleteaccesstoTapestrywhileweinvestigateandfixwhateverledtothebreach.Wewouldinformyouassoonaspossibleifweneedtodothis.
We will tell you immediately if we are asked to do something infringing data protection law
Ifweareaskedtodosomethingthatwebelieveinfringesdataprotectionlawwewillnotdoso,andwewilltryandreachyouthroughthecontactdetailsyouhavegivenustoexplainwhathashappened.
If something goes wrong
Complaints
Ifyouhaveacomplaint,[email protected].
Our Data Protection Officer
Ifyouhaveaconcernthatwehavenotaddressed,pleasecontactourDataProtectionOfficer:
Frequently Asked Questions
With regard to Brexit: will the data be hosted and backed up in the UK once Brexit is finalised? WedonotknowyethowdataprotectionlawwillchangewithBrexit.ButwearekeepinganeyeondevelopmentsandwillmakewhateverchangesarerequiredtobecompliantwithUKdataprotectionlawasitchanges.
Annex B: Tapestry Security ThisannexrelatestotheuseofTapestry,ouronlinelearningjournal.AnnexErelatestodatainourbillingandsupportsystem.AnnexFrelatestodatainourdiscussionforum.
Securityofasoftwareserviceorproductinvolvesmanyaspects,andsatisfyingyourselfthatyoushouldputyourtrustinaproductcanandshouldrequirethatyouaskquestionsoftheorganisationandpeopleoverseeingthatsecurity.ThisannexaimstogiveyouanunderstandingofwhoweareandhowwehaveaddressedtheimportantissueofprotectingtheintegrityofTapestry.
Security Responsibilities Securityisonlyasstrongastheweakestlink.Wethereforeneedtoworkwithyou,theaccountholder,togetherwithanystaffandrelativesyougivepermissiontouseTapestryto
ensuretheoverallsystemissecure.Thisannexexplainswhatwedoandwhatwehopeyouwilldo.
Thelatestcopyofthisannex,togetherwithourtermsandconditionsarealwaysavailableinthecontrolpanelofyourcopyofTapestry.
Who are we? Tapestryisthenameofaproductthatwasconceived,developedandisownedbyTheFoundationStageForumLtd.,anearlyyearsorganisationthathasprovidedresourcesandsupportfortheearlyyearsworkforcesinceFebruary2003.Wehavecontractswithmanylocalauthorities,someofwhichhavebeeninplacefortenormoreyears.
The Foundation Stage Forum Ltd
TheFoundationStageForumLtdisaVATregistered,privateUKlimitedcompany.
Ourcompanynumberis05757213.
Ourregisteredofficeisat:
1, Southdown AvenueLewesEast SussexBN7 1EL
OurVATregistrationnumberis932933317.
Youcanwritetousatourregisteredoffice,[email protected].
OurcontractsareunderUKlaw.
Wehavetwodirectors:HelenandStephenEdwards.
Director: Stephen Edwards MSc
SteveisthefounderoftheFSF.HeworkedformanyyearsasatechnicalmanagerforthetelecommunicationsorganisationEricsson,havingcompletedaMastersDegreeininformationsystems.Hebecameinterestedintheearlyyearsasaresultofhiswife(Helen,seebelow)settingupanurseryintheirhome,andleftEricssontosetuptheFSFin2002asaresourceandsupportnetworkfortheearlyyearsworkforce.HehasbeenfullyoccupiedwiththeFSFeversince,conceivinganddrivingthedevelopmentofTapestryasapartofthiscommitment.
Steveistheboardmemberresponsibleforsecurity.
Director: Helen Edwards DPhil
Helenhasbeenworkingwithyoungchildrensince1989,firstlyasaprimaryschoolteacher,andthenasasuccessfulnurseryowner/manager,followedbyemploymentasa
localauthorityadvisoranduniversitytutor,andmorerecentlyasanOfstedinspector.ShealsoholdstheEYPstatus.
Data Protection Officer: Lauren Foley
LaurenFoleyisourDataProtectionOfficer.Herdirectemailisdpo@eyfs.info.
LaurenjoinedtheFoundationStageForumin2014aftergraduatingfromtheUniversityofBirmingham.ShewasdesignatedourdataprotectionofficeraftercompletingGDPRtraininginNovember2017.
Data Protection Law WearecompliantwithUKdataprotectionlaw.WedescribeourapproachtodataprotectioninAnnexA.
Tosummariseitinbrief:You,theTapestryaccountmanager,ownthedatayouputonTapestry.We,FoundationStageForumLtd,donot.Intechnicalterms,youaretheDataController,wearetheDataProcessor.
Wewillonlydothingswithdatathatyou,orpeoplethatyougivepermissionto,request.
Wewillnotaccessyourdatawithoutyourpermission.
Weonlyusethedatayouentertoprovidetheserviceyousee:anonlinelearningjournalthathelpsyoutomonitortheprogressofchildren,communicatewithparentsandthegovernmentandmanageyouractivities.
Tobeabsolutelyclear:wedon’tusethedataformarketing;wedon’tsharethedatawithotherstodomarketing.
Youshouldbeawareofyourresponsibilitiesasadatacontroller.YoucanfindoutmoreattheInformationCommissioner’sOfficewebsite:https://ico.org.uk/for-organisations/.
YouareresponsibleformakingsurethatyouonlyputdataonTapestrywhereyouhavepermissiontodoso.i.e.,ifaparenthasagreedwithyouthatnophotosoftheirchildshouldbetaken,youareresponsibleforensuringthatnoneofthephotosaddedtoTapestrydepictthatchild.
Access to data Onlyyou,andthoseyouauthorise,willhaveaccesstoyourTapestryaccounts.Youcanrestrictthepeopleyouauthorisetoonlybeabletoviewdataaboutsomechildren.
Ifweneedtoaccessyouraccounttosortoutaproblemyouarehaving,wewillaskyourpermissionfirst.
WewillnotgiveTapestryaccountinformation,oraccesstoyourTapestryaccount,toanyoneotherthanthoseindividualsyouhavesetupasstaffmembers.
Relativescontactingusforaccessdetailswillalwaysbereferredtoyou,theTapestryaccountholder.
Underthedataprotectionact,individualshavearighttoseeacopyofinformationthatanorganisationholdsaboutthem.Asthedatacontroller,youwillneedtorespondtothoserequestsandwe,asthedataprocessor,willhelpyou.Thisisnormallyeasy,sinceyoucanalwaysseeandprinttheinformationyouhaveentered.
Deleting data when it is no longer needed Youcanmodifyanddeletethedatayouenter.
Inthecommoncaseofchildrenleavingyoursetting,youcanmovethemintoa‘deleted’area,where(afteradelayofninetydaystoavoiddisastrousmistakesoccurring)theirdatawillbedeleted(thisincludesrelevantpictures,videos,journalsandreports).
Youcaninstructustodeleteallyourdataatanytime.Butthisisallornothing.Ifyoujustwanttodeletesomeofyourdata,youwillneedtousethecontrolpanelinthesystemtodosoyourself.
IfyouletyoursubscriptiontoTapestrylapse,wewilldeletealldataassociatedwithit.Wedelaythedeletionfor90daysincaseyoursubscriptionhasinadvertentlylapsed(e.g.,ithappenedwhileyouareonholiday,ortherewasadelayinyourLocalAuthoritypayingourinvoice)butifyouexplicitlyaskustothenwewilldeleteyourdataimmediately.
Datawillremaininourbackupsfor90furtherdays.Ifyouwish,youcaninstructustotodeleteallyourdatafromthesebackups.Butitisallornothing.Wecannotdeletesomeofyourdataonthesebackups.
Oncethedataisdeletedfromourbackupswecannolongerrecoverit.
Organisational data security
ISO 27001
WeareworkingtowardsbecomingindependentlycertifiedasISO27001compliant.Whenwehaveachievedcertificationwewillupdatethiscontractandprovideyouwithaccesstothecertification.
Ourdatacentre,AmazonWebServices,hasbeenindependentlycertifiedasISO27001compliant.
Staff
Wearecarefulinwhoweemploy.AllourstaffwithaccesstoyourdatahavebeencheckedandclearedbytheDisclosureandBarringService(DBS)andwechecktheirDBSstatusannually.
Thecompanythathostsourserversanddatabases,AWS,alsovetstheirstaff(thoughinpracticewewouldneverexpectthemtoseeyourdata).
YouareresponsibleforonlygivingaccesstoTapestrytopeopleyoutrustandwhoactuallyneedaccess.Forinstance,pleaseremembertomakestaffinactiveoncetheyhaveleftyourserviceoriftheyarefacingrelevantdisciplinaryprocedures.
Pleasealsoensurethat,whenyougiveaccesstorelativesofchildren,youarecarefultoallocatethemtothecorrectchildren,toentertheiremailaddresscorrectly,andtomaketheminactiveoncethechildhasleftyoursetting.
Procedures
Ourproceduresaredesignedtominimiseouraccesstoyourdata.Forexample,wewouldn’tlogintoyouraccountwithoutyourpermissionandeventhenwouldonlydosoifitwasnecessarytoresolveafaultorproblemyouwereexperiencing.
Wearesimilarlycarefulwithoursuppliers.Thecompanythathostsourserversanddatabases,AWS,operatesonasimilarprincipleofminimalaccess.TheyareISO27001accredited,whichmeanstheyhaveacompleteandappropriatesetofsecurityprocedures.Wewouldneverexpectthemtoneedaccesstoyourdata.
ItisimportantthatyouthinkaboutyourproceduresforwhatsortofdatayouputonTapestryandwhatyouallowyourstaffandrelativestodowithit.
Forinstance,youshouldthinkabout:
• Whetheryougiveallstaffaccesstodataaboutallchildren,orjustsomechildren.• Whenitisappropriateforyourstafftotakeandsharephotosandvideos.• Whatinstructionsyoushouldgivetoparentsastowhatisappropriateforthemto
add,andwhattheymaydowithmaterialthatyouadd(e.g.,insistingnophotosareuploadedtosocialmediasitesbyparentswithoutthewrittenpermissionoftheparentswhosechildrenaredepictedinphotos,videosortext.)
Passwords
ThemainwaywecontrolaccesstoTapestryisthroughpasswords.
Neitheryou,norwe,canseewhatpasswordshavebeenused(technically,wehashthepasswordsbeforestoringthemusingbcryptandweneverwritepasswordstoanylogfiles).
Ourstaffusestrongpasswordsand,forthemoresecuresystems,havetosupplementthecorrectpasswordwithothersecuritymeasures(suchaslogginginfromourofficeIPaddressand/orusingtwo-factorauthentication).
Youareresponsiblefortrainingyourstaff,andencouraginganyrelatives,toadoptsensibleprecautionsaroundtheiruseofpasswords–don’tsharethem,don’treusethem,andmakethemhardtoguess.
Incorrectpasswordattemptswillresultinanaccessforthatuserbeingpreventedforaperiodoftime.Ifyoususpectoneofyourstafforrelativeaccountshasorcouldhavebeencompromised,youcanmakeitinactive.Thiswillpreventaccessusingthataccount.Ataminimum,youshouldthencontactthestafforrelativeandaskthemtochangetheirpasswordonthissystemandanyothersystemonwhichtheyhaveusedasimilarpassword.
YoucanchooseaminimumpasswordstrengththatyoupermitthepeopleyouaddtoTapestrytouse.Wewon’tletthisminimumbeanylessthan10charactersandweallowandencourageyoutosetatougherstandardthanthat(by,forinstance,requiringlongerpasswords).
Foryourstaff,wealsoprovideanoptionwheretheycannotloginwithoutadifferentmemberofstaff(suchasamanager)logginginfirst.WecallthisPINonlystaff.
Ifyouwish,youcansetaninitialpasswordandPINforthestaffandrelativesthatyouadd,butwestronglydiscouragethis.WepreferyoutousetheoptionofsendinglinksthatallowuserstosettheirownpasswordsandPINwithoutyouseeingthem.
Weallowuserstoresettheirownpasswordsusingtheiremailaddress.You,andmanagersyounominate,canalsoresetpasswordsforstaffandrelatives.Ifamemberofstafforrelativecontactsusbecausetheyhavelostaccesstotheemailaddressassociatedwithanaccount,wewilldirectthembacktoyou.
IfyouhavelostaccesstoyouremailaddressassociatedwithTapestry,oryouhavetakenoveraTapestryaccountduetothedepartureofthepreviousaccountowneranddon’thaveaccess,thenwecanaddanemailaddressforthenewmanager.Inordertoverifythattherequestislegitimatewehavetotakeseveralsteps.Evenifthesestepsaresuccessful,theymaymeanadelayofweeksduringwhichtimeTapestrymaynotbeaccessiblebyyou.Toavoidthis,pleaseensureyouupdatecontactdetailsbeforeamanagerdepartsand,ideally,alwaysregistermorethanonemanagerontheTapestrysystem.
Wedonotcurrentlyhaveafacilityforyoutorestrictaccesstoparticularlocationsorparticulardevices.Thatmakesitdoublyimportantthatyoutakesensibleprecautionsoverpasswords.
Ifyoubelievethepasswordforoneormoreaccountshasorcouldhavebeencompromised,pleaseimmediatelymakethataccountinactiveusingtheTapestrycontrolpanelor,ifyouareunabletodoso,contactusandwewilldoitforyou.Pleasethencontactustodiscusshowtore-activatetheaccountsinawaythatensurestheyremainsecure.
Becausepasswordscanberesetbyemail,ifyoubelievethattheemailaccountassociatedwithaTapestryaccounthasbeencompromised,pleasetreatitasifthepasswordhasbeencompromised:maketheTapestryaccountinactiveandcontactus.
Technical data security TheTapestrywebserviceanddataarehostedinacloudhostingenvironmentoperatedbyAWSintheEU(primarilytheRepublicofIreland,withbackupsinGermany).AWSisthe
largestcloudhostingproviderintheworldandprovidesasecureplatformforsomeoftheworld’slargestonlineserviceproviders.
Physical security
AWSensurethatourserversarephysicallysecure.AWSdatacentresarehousedinnondescriptfacilities.Physicalaccessisstrictlycontrolledbothattheperimeterandatbuildingingresspointsbyprofessionalsecuritystaffutilizingvideosurveillance,intrusiondetectionsystems,andotherelectronicmeans.Authorizedstaffmustpasstwo-factorauthenticationaminimumoftwotimestoaccessdatacentrefloors.Allvisitorsandcontractorsarerequiredtopresentidentificationandaresignedinandcontinuallyescortedbyauthorizedstaff.
AWSonlyprovidesdatacentreaccessandinformationtoemployeesandcontractorswhohavealegitimatebusinessneedforsuchprivileges.Whenanemployeenolongerhasabusinessneedfortheseprivileges,hisorheraccessisimmediatelyrevoked,eveniftheycontinuetobeanemployeeofAWS.AllphysicalaccesstodatacentresbyAWSemployeesisloggedandauditedroutinely.
WemakesurethatthedevicesweusetoconnecttotheTapestryserversarephysicallysecure.
Wealsodon’troutinelystoreanyofyourdataonourlocaldevices.Itisusuallyonlystoredonourservers.Ontheveryrareoccasionswhenwehaveto(inorder,forinstance,todiagnoseabugwhichwehavenotbeenabletoreplicateinanyotherway),westoreaslittleaspossible,forasshortastimeaspossible,withaccesslimitedtoasfewpeopleaspossible.Wealsoensurethatthemachineswestoreitonaresecure,includingensuringthattheirstorageisencrypted.
ItisimportantthatyoumakesurethatthedevicesyouusetoconnectwithTapestryarephysicallysecure.Inparticular,ifyouusesomeformofpasswordmanageronadevicethatremembersyourTapestrypasswordthen,ataminimum,makesurethatthedevicealsorequiresapasswordtologinorunlock.
TheTapestrywebsitedoesn’tstoredatathatyouhaveenteredonyourlaptopordesktop.Therefore,ifyourcomputerisstolen,solongasthepasswordwasn’tstoredonthecomputerthenthepersonwhostolethecomputerwillnotbeabletoaccessTapestrydatawithoutguessingyourpassword.
IfyouwereloggedintoTapestrywhenyourlaptopordesktopwasstolenthen,solongasthebrowserisopenandthemachinehasn’tbeenswitchedoff,thepersonwhostolethecomputerhasashorttimewhentheycoulduseyouraccount.Thereforeitisimportantthatyoueitherlogoffwhenyouleaveacomputerunattended,orensureyourcomputerautomaticallylocksitsscreenwhenyouleaveitandrequiresasecurepasswordtounlock.
TheiOSandAndroidTapestryappsdon’tstorepasswordslocally,onlytemporarilystoresomedata(suchascopiesofimagesthatarebeingshownonscreen),andrequireapasswordorpintobeenteredtoopentheapp.Therefore,ifthedeviceisstolen,theperson
whostoleitwouldnothavesignificantaccesstoTapestrydatawithoutguessingyourpasswordorPIN.
Thedevicesmayhavecopiesofthepicturesandvideosthathavebeentakenoutsideoftheapp.Thereisalsoasettingthatallowscopiesofpicturesandvideostakenwithintheapptobestoredinthedevice’spicturegallery.However,bydefaultthissettingisdisabled.Ifyoudownloaddata(suchasPDFsofjournals)fromTapestrytoyourdevice,thoseareatrisk.
Software security
We,togetherwithAWS,ensurethatthesoftwarerunningonourserversisuptodate.Werunregularautomatedtestsandinternalsecurityreviewstoexaminetheconfigurationandsecurityofourservers.
Similarly,weensurethatthedevicesweusetoconnecttoTapestryareuptodateandfreefromvirusesandcompromisingsoftware.
ItisimportantthatyoutakesimilarcarewiththedevicesyouusetoconnecttoTapestrytoensuretheyareuptodateandfreefromvirusesorcompromisingsoftware.Ifyougiverelativesaccess,pleasealsoencouragethemtodothesame.
Encryption
ConnectionsbetweenyouandtheTapestryserversareencrypted.TapestryusesEnhancedValidationCertification(EVC),whichdoesnotofferanygreaterdegreeoftechnicalprotection(encryptionisstillperformedatthesamestrength)butdoesofferavisibleassurancethattheserviceisbeingprovidedbyavalidatedorganisation(theFoundationStageForumLtd).
ConnectionsbetweentheTapestryappsandourserversaresimilarlyencrypted.
ConnectionsbetweenourofficecomputersandTapestryareencrypted.
Yourdataisencryptedatrestonourservers.Thisincludesourbackupsofyourdata.
Itisimportantthatyoucheck,andencouragethosewhoyougiveaccesstocheck,thattheyareconnectedtotheofficialTapestrysitebeforeenteringtheirpassword.ThecorrectURLishttps://tapestryjournal.com.Thereshouldbeapadlockorsimilarsymboltoshowthattheconnectionisencrypted.ClickingonthepadlockorsymbolshouldprovideyouwithinformationabouttheconnectionwhichshouldincludethefactthatthesiteisownedbytheFoundationStageForumLtd.
TheSHA1fingerprintofourcertificateisDCF623A3359798986E6B299151B23593DA1F7FDC
Partitioning
Ournetworkispartitionedtoprovideminimumaccessbetweenourserversandtheinternet.Inparticular,ourdatabasescannotdirectlyaccessorbeaccessedfromtheinternet,butonlyfromspecificservers.Onlyahandfulofserverscanbeaccessedfromthe
internet,andonlyonspecificportsandusingspecificprotocols(e.g.,nounencryptedconnectionsarepermitted).Thisreducesthelikelihoodthatexternalhackerscangainaccesstoourserversandthengetdataout.
Ourdataispartitionedsothatyourdataisheldinaseparatedatabasefromthatofotheraccounts.Thisreducesthelikelihoodthatacompromiseinsomebodyelse’saccount(because,forinstance,theyuseaneasilyguessablepassword)wouldleadtoacompromiseofyourdata.
Oursoftwareispartitionedsothatitonlyhastheminimumlevelofprivilegestocarryoutwhatevertaskitiscurrentlydoing.Thisreducesthelikelihoodthatsomebodywhohackedintoonepartofourcodecoulduseittocompromiseotherareas.
Logging
Welogactivityonoursystem.SomeoftheselogsareavailabletoyouintheTapestrycontrolpanel.Weretainmoredetailedlogstohelpdiagnoseandfixfaults.
Verification (also known as Penetration Testing)
Weemployindependentfirmstocheckthatoursystemsaresecurebyattemptingtohackorpenetratethem.Thesefirmsareaccreditedbytherelevantindustrybodies.
ThepenetrationtestscoverboththewebandtheappversionsofTapestry.
Thepenetrationtestsincludeauthenticatedtests,wherethetestersareprovidedwithlogindetailstoTapestryaccountstocheckwhethertheycanexploitthosetoseeorextractdatathatshouldnotbevisible.
IfyouhavealegitimateinterestinTapestry(e.g.,youaretheaccountowner,aprospectivecustomeroraparent)wearehappytoprovideasummaryofwhattheindependenttestersfound–pleasecontactusatcustomer.service@eyfs.info.Pleasealsogetintouchifyouwanttofindoutwhenthelasttesttookplaceorthenexttestisscheduled.
Wealsoregularlyrunautomatedsecuritytestsandcarryoutinternalsecurityreviews.
Capacity, Redundancy and Backups Oursystem’scapacityscalestomeetdemand.Wedonotcurrentlylimitthenumberofusers,ortheamountofdatathattheystore,wejustaddtherequiredstorageandserverstomeetthedemand,inmostcasesautomatically.
Ifaparticularaccountisusingoursystemexcessivelywemayneedtodiscussthepossibilityofanincreasedsubscriptionfee,butwehaveneveryethadtodothis.
Oursystemisredundantandshouldsurvivethelossofanyserveror,indeed,thelossofaphysicaldatacentre.Thismeansthatwehaveatleasttwocopiesofeachoperationalserverandalldataisstoredinatleasttwolocations.
Deleted: ThemostrecentcheckwasinAugust2017.
Deleted: summarise
Deleted: they
Wealsoretainbackupsofalldatainadifferentphysicallocation(atthetimeofwriting,theprimaryphysicallocationsareintheRepublicofIreland,thebackupphysicallocationsareinGermany).
Thesebackupsshouldbe,atmost,24hoursoldandweshouldhave90daysofbackups.
Thebackupsaretreatedwiththesamecareastheprimarydata(inparticular,theyareencryptedintransitandrestandstoredinAWSfacilitieswiththesamephysicalsecurityasdescribedinthe‘physicalsecurity’sectionabove).
Pleasenotethatbackupsarefordisasterrecovery.Wewillusethemtorestoreyourdatashoulditbecomelostorcorruptedonthelivesystem.Itisnotdesignedforeasyaccesstorestorespecificbitsofdatathatyouhavedeliberatelydeletedfromthelivesystem.Ifyouaskustoretrievespecificbitsofinformationfromthebackups,wewilldoso,butwemayneedtochargeourcosts.
Keeping in touch about security Ifyoususpectasecurityissue(e.g.,youbelievethatpasswordsonyouraccountmaybecompromisedbecause,forinstance,computershavebeenstolen)thenemailusatcustomer.service@eyfs.info.Pleaseincludeadescriptivesubjectlineinyouremail(i.e.,don’tjustsay“Help!”butsay“Help!Ourcomputershavebeenstolen”).
Ifwehaveasecurityconcernaboutyouraccount,wewilltryandreachtheprimarycontactwehavelisted.Thiswillinitiallybethepersonthatsetuptheaccount.YoucanchangethisusingtheControlPanelwithinTapestry(Settings>ContactDetails).Pleasekeepthisinformationuptodate.
Ifyouorwesuspectasecurityproblem,ourfirststepwillusuallybetolockdowntheaccountswhilstweworktogethertoestablishwhathappenedandthebestcourseofaction.
Frequently asked security questions Belowaresomefrequentlyaskedquestionsthatrelatetosecurity.Ifyouhaveaquestionthathasn’tbeencoveredbythisdocument,[email protected],forsecurityreasons,wemaynotanswersomequestions(suchas,forinstance,theexactversionsofsoftwarethatweareusing).
Can you fill out this security questionnaire for me?
Tokeepourpricedown,wedonotenterintobespokecontractsorfilloutsecuritychecklists.However,wehopethatourcontract,includingitsannexes,includealltheanswersyouneedandcoveralltheeventsthatyouareconcernedaboutandthatyoucanusethemtofilloutwhateverpaperworkyourequireforyourownsystems.
Ifyouhavequestionsaboutourservicethataren’tcoveredthendogetintouchand,ifwecan,wewilladdtheanswerstothiscontract.
Do you offer a service level agreement?
Tokeepourpricedown,wedonot.However,wetakefulfillingourobligationstoyouveryseriouslyandwilldoourutmosttoensureourserviceistherewheneveryouneedit.
Are you insured?
Yes.Ourinsurancecoversthestandardcorporateliabilities.Inaddition,itcoversliabilitiesrelatingtohackingandrelatingtodatabreaches.Likeallinsuranceitissubjecttoexcesses,limitsandexclusions.
What happens if my account subscription should expire?
Wewanttoavoidpainfulmistakeshappeningbecause,forinstance,asubscriptionexpiresduringaschoolholidayandnobodyisaroundtopaythebill.Sowedonotimmediatelydeleteyourdatawhenyoursubscriptionexpiresunlessyouspecificallyaskusto.
However,90daysafteryoursubscriptionexpireswewillpermanentlydeleteyourdata.Datawillremaininourbackupsfor90furtherdays.
Ifyouwish,youcaninstructustodeleteallyourdatasooner.
Do you store data outside of the EU?
No.
What encryption principles are used for data in transit?
Weregularlycheckourencryptionmeetsmodernstandardsandimproveitasappropriate.Atthemomentweusea2048bitkey,SHA256withRSAandallowTLS1.0,TLS1.1,andTLS1.2.
Have you disabled TLS 1.0 support?
Notyet:AnappreciableproportionofourcustomersstillusedevicesthatareonlyabletouseTLS1.0.
However,wearekeepingthisunderregularreviewandwouldstronglyliketodisableitatsomepointthisyear.
What encryption key management processes are in place?
WeuseAWStomanageourencryptionkeysandprovidethemtoauthorisedserversattherightmoment.
The data centre hosting Tapestry is ISO 27001 accredited. Which version of ISO 27001 is it, and who is the accrediting company?
Theversionis2013,andtheaccreditingcompanyisBMTRADA.
Do you follow any other standards or hold any other certifications?
Unlessmentionedabove,no.Wetakesecurityveryseriouslyandregularlyreviewwhatwedo.Butwehavenotyet,forinstance,undergoneISO27001accreditationasabusiness.
Which board member is responsible for security?
OurManagingDirector,StephenEdwards,isresponsibleforsecurity.
Do you have a documented framework for security governance, with policies governing key aspects of information security relevant to the service?
Wedonotyethaveacompletesetofdocumentation.WehavestartedontheprocessofcreatinganISO27001compliantdocumentationset,buttheprocessisnotyetcomplete.
Can you provide evidence that security and information security are part of your financial and operational risk reporting mechanisms, ensuring that the board would be kept informed of security and information risk?
Weareasmallfirmsoourboard,StephenEdwardsandHelenEdwards,arecloselyinvolvedineverydecisiontakenbythefirm.
Weareveryawareoftheimportanceofinformationsecurity.Wediscussitinalmosteverymeetingandwecontinuouslyattempttoimproveoursecurity.
Wehaveaweeklyformalreviewofoursecuritystate(seeabove)
Wegetindependentpenetrationtesterstoreviewoursystem(seeabove)
Can you provide evidence of processes to identify and ensure compliance with applicable legal and regulatory requirements?
Wediscusscomplianceinalmosteverymeeting,particularlyduringthisperiodoftransitiontotheGDPR.
WehaveappointedaDataProtectionOfficertoholdustoaccountonthispoint.
Do you track the status, location and configuration of service components throughout their lifetime?
Yes.Oursoftwareconfigurationismanagedunderversioncontrol,withrepeatablebuildsandchangelogging.
Yes.Ourhardwareconfigurationismanagedunderversioncontrol,withrepeatablebuildsandchangelogging.
Do you assess changes to the service for potential security impact and monitor that impact to completion?
Yes.
How are potential new threats, vulnerabilities or exploitation techniques which could affect the service assessed?
Werunregularautomatedtestsandinternalsecurityreviewstoexaminetheconfigurationandsecurityofourservers.
Weengageexternalpenetrationtesterstoassessoursystemagainstthelatestthreats.
Do we use relevant sources of information relating to threat, vulnerability and exploitation techniques, eg NIST, NCSC?
Yes.WemonitorCVEsrelatingtothesoftwareourservicedependson.
Yes.WeregularlyreviewguidancefromtheNCSCandOSWAP.WedonotregularlyreviewguidancefromNIST.
How are known vulnerabilities prioritised and tracked until mitigations have been deployed?
Wehaveautomatednotificationsofvulnerabilitiesthatareinourdeployedcode.Thesenotificationsareonlyquietenedwhenfixeshavebeendeployed.
Wehaveinternalissuetrackingforrequiredcodeanddeploymentchanges.
Wereviewandprioritiseremainingsecurityactionsatleastonceaweek.
What are the timescales for implementing mitigations? E.g. in patching policy?
Thisdependsonthevulnerability.
Forinstance,ifwebelievethevulnerabilitycouldleadtodataexposure,wewouldimmediatelytakeTapestryofflinewhilewefixthevulnerability.BecauseTapestrywouldbeoffline,itwouldbeourhighestprioritytofix.Wehaveproceduresforcallinginengineersoutofhoursandatweekends.Wehaveproceduresfordeployingchangestoourproductionconfigurationwithinhours.
Ifthevulnerabilitywasassessedasbeingoflowrisk,itwouldbedeployedaspartofourregularcodeandconfigurationupdates.Thesetendtobemadeatleastonceeverytwoweeksandareoftenmadeseveraltimesaweek.
Other than for fault-finding, are activity logs monitored for suspicious activity, potential compromises or inappropriate use of the service?
Activitylogsforourbackendsystemhaveautomatedalertingforsuspiciousactivity.ThesealertsareseenbyalldevelopersandbyStephenEdwards.
Activitylogsforourcustomersarenotmonitoredbyus.Theyareavailabletocustomerstomonitor.
Do we have an incident management process?
Yes.Anincidentwillbeuniquelyidentifiedandanamedindividualwillbeallocatedresponsibilityformanaginganincidentthroughoursupportsystem.Wehavestandardproceduresforcommonincidents.
What is the process for the vendor to report incidents to the customer?
See“Keepingintouchaboutsecurity”above.
Is 2-factor authentication (2FA) available to end users?
No.Butifsufficientnumbersofusersaskforit,wewillimplementit:[email protected].
Can we require passwords to be changed every X days?
No.TheUKNationalCyberSecurityCentrerecommendthatyouDONOTrequireuserstochangepasswordseveryXdays.
Ifyoususpectapasswordoremailaccountmayhavebeencompromised,youcanmaketheaccountinactiveandthenmanuallyforcethepasswordtobechanged.Wecandothisinbulkforallaccountsifyoucontactus.
Which NSCC system architecture do you use?
Ofthelistathttps://www.ncsc.gov.uk/guidance/systems-administration-architecturesoursystemisclosesttothe‘bastion’model.
Theserviceisrunonpartitionedandprivatenetworks.Managementfunctionsarecarriedoutbydevicesonthecorporatenetworkwhichaccesstheprivatenetworksthroughbastions.
What provision is made for customers to access / monitor audit records for system / data access?
Customershavedirectself-serviceaccesstologsthatshowchangestodata.
Wecanprovidelogsofwhohasvieweddataonrequesttocustomer.service@eyfs.info.
Does your organisation have differentiated access to data depending on the sensitivity level?
Yes.Ourdefaultis‘noaccess’andoursystemsaredesignedtominimiseaccesstodata.Differentpeopleandthedifferentrolestheycarryouthavedifferentaccesstodataanddifferentrequirementsforwhatauthorisationtheymusthavebeforeaccessingit.Weregularlyreviewwhocanaccesswhatandwhytoensureweareprivateandsecurebydefault.
Annex C: Tapestry Privacy ThisannexdescribesourprivacypolicyforpeoplewhoaccesstheTapestryonlinelearningjournalservice,(https://tapestryjournal.com).ThispolicyisintendedtobesharedwithanypersonwhousesTapestryaspartoftheir“righttobeinformed”underUKdataprotectionlaw.SinceweoperateasaDataProcessorforourcustomers,theDataController(thechildminder,educator,nursery,schoolorsimilareducationalorganisation),willneedtoprovideextrainformationtofulfilthe“righttobeinformed”.Wedescribethisextrainformationbrieflyin‘AnnexA:TapestryDataProtection’andyoucangetmoreguidancefromtheUKInformationCommissioner’sOffice:https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/.
WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwithcompanynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.
Ourcustomersarechildminders,educators,nurseries,schoolsorsimilareducationalorganisations.
YouaresomeonewhohasbeengivenaccesstoTapestrybyoneofourcustomers.Forexample,youcouldbeamemberofstaff,arelativeofachild,thechildthemselves,orsomeoneactingonbehalfofachild.
YoumayhaverightsunderEUDataProtectionlegislationrelatingtoinformationwestoreaboutyou.Theserightsaredescribedhere:https://ico.org.uk/for-the-public/.Ifyouwanttoexercisethoserights,pleasecontactthecustomerwhoisstoringdatainTapestryinthefirstinstance(e.g.,theschoolornursery).Iftheywanthelpincarryingoutyourrequest,theycancontactus.
OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).
The Service Ourcustomerspayustoprovidethemwithaservicethatallowsthemtocreateonlinelearningjournalsforchildrenundertheircare,monitorthosechildren’sprogressandsharethisinformationwiththeirstaffand,iftheywish,thosechildren’sparentsandrelatives.
What data do we collect? Ourcustomersmaychoosetostoresomeofthefollowingdataonourservice:
• Thenamesandemailaddressesoftheirstaff• Thenames,datesofbirthandpostcodeoftheirchildren• Thenamesandemailaddressesoftheparentsandrelativesoftheirchildren• Thecontentsofalearningjournal:
– assessmentsofchildren’sperformance– notes,photographsandvideosofthechildren
• Arecordofthechild’scare:– whattheyateanddrank– toileting– howtheyslept– whethertheyhadanyaccidents
• Aregisterofthechild’sattendance:– whentheywererecordedasbeingpresent– notesrelatingtothatattendance(e.g.,whethertheydidn’tattendbecausethey
wereill)
Ourcustomersstorethisinformationinordertorecord,analyseand,iftheywish,sharetheprogressoftheirchildren.
Ourcustomershavethefreedomtochoosewhatdatatheystoreandwhotheystoreitabout.
Ourcustomerschoosewhohasaccesstothedata.
Ourcustomersareabletocorrectanddeletedataatwill.
Ourcustomersmusttellyou,aspartofyourrighttobeinformed,whatdatatheyarestoring,whytheyarestoringitandwhotheyaresharingitwith.
Inprovidingtheservice,wewillsendautomatedemailstostaffandparentsinordertoconfirmemailaddresses,resetpasswordsandnotifythemofeventsrelatingtothecustomer(suchaswhenanewobservationisaddedaboutachild).Weneversendanymarketinginformation,thoughwedosendstaffanewsletteraboutTapestry.
WeONLYaccessthedatastoredbyourcustomersinordertocarryoutourcustomer’sinstructions,tomaintainorimprovetheserviceortofixfaults.Wedonotuseourcustomer’sdataformarketing.Weusesub-contractorstoprocesssomeofthedata,butwedonototherwisesharethisdatawithotherorganisations.
IfyourcontactdetailsareregisteredonTapestryinthe‘contactdetails’section,orasa‘manager’thenwemaycontactyouifwehaveaquestionorconcernabouttheassociatedTapestryaccount.
WhenyouvisittheTapestrywebsitewecollectyour:
• IPaddress,togetherwith• Informationyourcomputersendsaboutitswebbrowserandoperatingsystem,and• Whatpagesyoulookat(e.g.,thelistofobservations),butnotthecontentofthose
pages(i.e.,wecouldnottelldirectlyfromthedatawhetherthelistofobservationscontainedinformationaboutaparticularchild,thoughgiventimeandaccesstothedataaboveitwouldbepossibletofigurethatout).
Weusethisinformationtomonitorthesecurityofourservice,tohelpusfigureouthowtoimprovetheservice(e.g.,whatbrowsersshouldwesupport?Howmuchcapacityshouldweadd?)andtoimprovethewaywemarkettheservice(e.g.,whatsearchtermswereusedtodiscoveroursite).Wedonotshareit.
Ifyouuseourphoneortabletapplicationwecollect:
• TheIPaddressofthenetworkyourphoneortabletison,togetherwith• Themakeandmodelofyourphoneortablet,togetherwith• Theversionofyourphoneortablet’soperatingsystem,togetherwith• Detailsofanycrashesthatoccurintheapplication,and• Whatscreensyoulookatintheapplication(e.g.,thelistofobservations),butnotthe
contentofthosescreens(i.e.,wecouldnottelldirectlyfromthedatawhetherthelistofobservationscontainedinformationaboutaparticularchild,thoughgiventimeandaccesstothedataaboveitwouldbepossibletofigurethatout).
Weusethisinformationtomonitorthesecurityofourserviceandtotohelpusfigureouthowtoimprovetheservice(e.g.,whatcausescrashes?whichcrashesneedfixingmosturgently?).Wedonotshareit.
What is the lawful basis for storing this data OurcustomersdecideandmusttellyouthelawfulbasisforthedatatheyaddtoTapestry.Pleasenote,yourconsentisnottheonlylawfulbasisforstoringdataandourcustomersmayhaveadifferentlegalbasis.
Whose data is it? Wedon’tclaimownershipofthedataenteredintoTapestry.Weonlyuseitaccordingtoourcustomer’sinstructionstoprovidetheservicedescribedabove.
Formally,inUKdataprotectionlegislationterms,ourcustomersarethe“DataController”andwearethe“DataProcessor”.
Therearethreeexceptionstothis,wherewearethe“DataController”:
1. Thecontentofourbillingsystem1. Thecontentofoursupportticketsystem1. Thecontentofourforums
TheseexceptionsaredescribedinmoredetailinAnnexEandAnnexF.
Who do we share data with? Wedonotsharedata,exceptasexplicitlyrequestedbyourcustomers.
Iftheywished,ourcustomersmightgiveotherpeople(e.g.,stafforparents)accesstodata.Theymightdownloadorprintsomeorallofthedataandshareitwithotherpeople(e.g.,staff,parents,thegovernment).Theymighttransfersomeofthedatatoanotherorganisation(e.g.,parents,thegovernment,anothereducationalestablishmentlookingafterachild).
WeONLYaccessthedatastoredbyourcustomersinordertocarryoutourcustomer’sinstructions,tomaintainorimprovetheservice,ortofixfaults.
How do we collect the data? Mostdataisenteredbyourcustomersdirectlyintoourwebsiteorthroughourphoneandtabletapplications.Ourcustomersmay,iftheywish,permitparentsandrelativesofchildrentoadddatatotheservice.
Somedata(describedabove)issentautomaticallybyyourwebbrowserorbyourapplications.
Wemaystorecookiesonyourcomputerinordertoverifythatyouareloggedinandtostoreyourpreferences.Thecookiesthemselvesdonotcontainanyidentifiableinformationaboutyouoraboutwhatyoulookat.
Can I see my data that is stored on your system? Yes.Theschool,childminder,nurseryorsimilareducationalorganisation,cangiveyouacopyofdataaboutyouthattheyoryouhavestoredinTapestry.Wecanprovideyouwithacopyofanyoftheotherdatathathasbeencollected(e.g.,ourrecordsofyourIPaddressand/ormakeandmodelofyourtabletsetc.).
Can I have my data corrected or deleted? Yes.Theschool,childminder,nurseryorsimilareducationalorganisation,cancorrectordeletethedatatheyoryouhavestoredinTapestry.
Theprocessofdeletionisgradual:initiallydeleteddataismovedtoa‘deleted’areaincaseitwasdeletedinerror.Afteradelay,itisthenpermanentlydeletedfromourmainsystems.Afterafurtherdelay,itisthenpermanentlydeletedfromourbackups.
What are our customer’s responsibilities? Ourcustomersdecidewhotoadddataabout,whatdatatoadd,andhowlongtokeepitfor.TheyhaveoverallresponsibilityforcomplyingwithDataProtectionlaw(ortheequivalentinothercountries).
Wedescribethisinmoredetailinthecontractwehavewithourcustomers.But,forinstance,theyhaveto:
• EnsuretheyhavealegalbasisforwhatdatatheystoreonTapestryandwhotheyshareitwith.
• Thinkaboutwhatinformationitisappropriatetosharewithwhom,giventheirsituationandthatofthechildrenundertheircare.
• Respondtorequestsforaccesstodata.• Traintheirstaffaboutsensiblesecurityandconfidentialityprecautions:
– Takingcareofpasswords.– Takingcarenottoinstallsoftwareoncomputersthatmaycompromise
security.– Takingcarenottoaccessmaterialfrominappropriateplaceswhereitcan’tbe
keptappropriatelyconfidential.• Deletedatawhenitisnolongerrequired.• Removeaccessforpeoplewhonolongerneedaccess.• Giveparentsinstructionsinaccordancewiththeirsafeguardingpolicy.
Contacting Us [email protected],SouthdownAvenue,LewesBN71EL,UK.
WealsohaveaDataProtectionOfficer,LaurenFoley,[email protected].
Annex D: Tapestry Sub-processors NotallpartsofTapestryarerunin-house.Belowarealistofthesub-contractorsthatweusetoprocesssomeofyourdata.TheyareunderawrittencontractthatensurestheyarecompliantwithUKdataprotectionlaw.
Fortheavoidanceofdoubt:Weareaccountabletoyouforthiscontract.Ifoneofoursub-processorsdoessomethingwrong,itisourfault–wewon’tpassthebuck.
Fortheavoidanceofdoubt:Weinstructoursub-processorsinwaysthatareconsistentwiththiscontract.
Forinstance:AlthoughAmazonWebServiceshavedatacentresoutsideoftheEUand,technically,couldmoveyourdatathere,theyarecontractuallyboundnottodosowithoutourinstructionandwewouldnotinstructthemtodoso.
Forinstance:AlthoughAmazonWebServicescould,technically,accessyourdata,theyarecontractuallyboundnottoexceptifitisstrictlynecessarytodelivertheirservicetous.Eventhen,theiremployeesarecontractuallyobligedtokeepdataconfidentialandsecure.
List of sub-processors TocontinuetouseTapestry,werequireyourconsenttoouruseofthefollowingsub-processors:
• AmazonWebServices.TheyhostTapestry.TheyareISO27001compliant.Theiraddressis410TerryAvenueNorthSeattleWA98109-5210.
If,andonlyif,youenablepushnotificationsthenyouwillbeconsentingtosendingthecontentsofthenotificationsvia:
• Apple.ForpushnotificationssenttotheiOSapp.TheiraddressisOneAppleParkWay,Cupertino,California95014,U.S.A.
• Google.ForpushnotificationssenttotheAndroidapp.Theiraddressis1600AmphitheatreParkway,MountainView,CA94043,UnitedStates.
• Amazon.ForpushnotificationssenttotheAmazonFireapp.Theiraddressis410TerryAvenueNorthSeattleWA98109-5210.
NotethattheenduseroftheTapestryappwillalsoneedtoconsentbeforepushnotificationswillbesenttothem.
Changes to sub-processors Wemay,occasionally,needtoaddorchangethesub-contractorsweusetoprocesssomeofyourdata.
Ifwedo,thenUKdataprotectionlawrequiresustotellyouandtoobtainyouragreement.
We’veincludedthelistofsub-processorsaspartofthiscontractwhichmeansthatifwewanttochangethemwewilldosobyproposingachangetothiscontractwithyou.Wewillgiveyouasmuchnoticeaspossiblesoyoucandiscussanychangeswithus.Wewillthenaskforyourwrittenagreementtothechangeincontract.
Annex E: Billing and support data 1. WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwith
companynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.
1. Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.
1. Thisannexrelatestodatainourbillingandsupportsystem.ItdoesnotrelatetodataplacedintheTapestryonlinelearningjournal(seeAnnexA)ortodataplacedinourdiscussionforums(seeAnnexF).
What data do we collect? 3. Wecollectthefollowinginformationaboutpeoplewhocontactusbyemailorthrough
oursupportticketsystem:
• Theperson’semailaddressandthecontentsoftheemail4. Ifyoucontactusbytelephone,postorface-to-facewemayalsokeepnotesofthose
interactions.
4. Westore:• Yourname,emailaddress,telephonenumberandpostaladdress• Thename,emailaddressandtelephonenumbersofanyoneyoutelluswho
administersorpaysforyouraccountwithus.6. Creditcardpaymentinformationisgivendirectlytoapaymentserviceprovider.We
donotholdanycreditcardinformationourselves.
Why do you need this data? 7. Ourlawfulbasisforcollectingthisdatais‘contract’.Weneedthisdatato:• Chargeyouforourservice.• Respondtoquestionsorproblemsraisedbyyouaboutourservice.• Contactyouifwehavequestionsaboutyouraccount.• Decidewhatchangestomaketoourservice.
Who do you share this data with? 8. Wemakeuseofsubcontractorstoprovideourservicetoyouandtheymayseesome
orallofthisdata:• AmazonWebServices-Forhosting.• BarnianMediaLtd-Fortechnicalsupport.• SagePay-Formanagingcreditcardpayments.• ZohoMail-Formanagingouremail10. IfyoucontactusinrelationtoaparticularTapestryaccountthenwemaysharethat
datawithotherpeoplewhowebelieverepresenttheorganisationthatownsthataccount.Forexample,ifateachercontactedustoinstructustopermanentlydeleteaparticularchild’sdata,andthentheheadoftheschoollatercontactedustoaskwhyachildhadbeendeleted,wewouldsharetheinstructionfromtheteacherwiththehead.
10. Wedonotuseorshareyourdataforanyreasonotherthantoprovideorimproveourservice.Fortheavoidanceofdoubt:wedonotsellyourdata.
Where is the data stored? 10. YourdataisstoredwithintheEU.OurprocessingiscarriedoutwithintheEU.
How long do you keep this data? 11. Wekeepyourdataforupto7years.Wekeepdatathislongincaseitisrequiredinan
auditandtohelpusdecidewhatchangestomaketoourservice.
How do I exercise my rights under data protection law? 12. Wearethedatacontrollerofthisdata.
Deleted: Fastmail
12. Yourrightsunderdataprotectionlawaredescribedathttps://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.Theyincludetherighttoseeandcorrectthisdata.
12. Toexercisethoserights,[email protected].
12. WealsohaveaDataProtectionOfficer,LaurenFoley,[email protected].
12. OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).
Annex F: Use of our discussion forum 1. WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwith
companynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.
1. Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.1. Wehaveadiscussionforum(https://eyfs.info)thatyoumayusetodiscussissues
facingchildminders,educators,nurseries,schoolsorsimilareducationalorganisations.
Liability 4. Wedonotvouchfortheaccuracy,completenessorusefulnessofanymaterialonthe
forum.Useitatyourownrisk.4. Thematerialexpressestheviewsoftheauthorofthematerial,andnotnecessarilyour
views.4. Ifyoufeelanymaterialontheforumisobjectionable,pleasecontactusimmediatelyat
Content and ownership of your messages 6. Don’tpostanythingwewon’tlike.
– Welikeprofessionaldiscussionoftheissuesfacingchildminders,educators,nurseries,schoolsorsimilareducationalorganisations.
– Wedon’tlikethingsthatareunkind,illegal,lies,uselanguageyouwouldn’twantchildrentohear,orareshamelessadvertising.
6. Don’tpostanythingthatyoudon’thavepermissiontopost.Forinstance,ifyoudidn’twritethematerialyouareposting,makesureyouhavethepermissionofthepersonwhowroteitbeforeyoupostit.
6. Onshamelessadvertising:Occasionallyduringthecourseofadiscussionitmaybeappropriateforayoutomentionaproductorservicewithwhichyouareinvolvedifithelpsthediscussionanddoesn’tannoyanyone.Wewilluseourdiscretioninthosecases.
6. Ifwedon’tlikewhatyoupost,orfearyoumaynothavepermissiontopostit,wewillremoveit.
6. Ifwekeephavingtoremoveyourmaterial,orifwereallydon’tlikeit,wewillbaryoufromtheforum.
6. Whenyoupostmaterial,youretaincopyrightbutgrantustherighttousethematerial:
• withoutpayment,• inanywaywechoose,• anywhereintheworld,• forever.12. Ifweuseyourmaterial,wewilltrytoattributeittoyou.
12. Ifyouwishtocopymaterialpostedbysomeoneelse,pleasecontactusorthepersonwhopostedforpermission.
Privacy and Data Protection 14. Westoreanydatathatyousubmittous,plusyourIPaddress,detailsaboutyour
browserandcomputerandwhichpagesonoursiteyouview.
14. Ourlawfulbasisforstoringandusingthedatais‘contract’.Westoreandprocessthisdatainorderto:– provideadiscussionforum,– monitorabuse,– fixbugs– andtoimproveourservice.
14. YourdataisstoredwithintheEU.OurprocessingiscarriedoutwithintheEU.OurforumisaccessiblefromoutsideoftheEU,somaterialyoupostmaybeviewedfromoutsideoftheEU.
14. YourforumaccountwilllapseonceyourTapestrysubscriptionlapsesor,ifyouhaveaseparateforumsubscriptiondirectlyorthroughyourlocalauthority,oncethatsubscriptionlapses.
14. Whenyourforumaccountlapsesyouwillnolongerbeabletologintotheforumorpostmaterialtotheforum.Atourdiscretion,thematerialyouhavepostedmayremainontheforum.
14. Whenyourforumaccounthaslapsedwewillonlyusethepersonalinformationthatyouhaveprovidedusto:– helpyoure-activateyourforumaccountifyoulaterwishtore-subscribe– keeptrackofwhopostedwhatmaterialincaseweneedtoattributeittoyouor
incaseweneedtoverifythatyouhadpermissiontopostthematerial.
14. Wewilldeletethepersonalinformationthatyouhaveprovidedusatmost7yearsafteryourforumaccounthaslapsed.Atourdiscretion,thematerialyouhavepostedmayremainontheforum.
14. Wearethedatacontrollerforthisdata.ToexerciseyourrightsunderUKdataprotectionlawyoucancontactusatcustomer.service@eyfs.info.
14. WehaveaDataProtectionOfficer,LaurenFoley,[email protected].
14. OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).
Changes to this contract Belowisalistofmaterialchangestothisdocument.Ifyouspotachangethatshouldbeinthislist,pleaseletusknow.
Next version of the contract (release TBD) LinenumbersmentionedinthissectionarethelinenumbersmarkedonthePDFcopyofthe2019April18versionofthiscontract.
• Overview:Clause26makeitclearthattherewouldnotbealimittoliabilityifyouorweneedtoclaimbackthecompensationwehavepaidunderabreachofdataprotectionlaw(line307).
• AnnexA:TapestryDataProtection:Explainthatif,andonlyif,pushnotificationsareenabledbyyouandtheenduseroftheapp,thensometimesthecontentsofthenotificationmightgooutsideoftheEUonitswaytocompanythatmakestheenduser’sphoneortabletoperatingsystem(line389)
• AnnexA:TapestryDataProtection:Mentionthat,ifyouusethenewRegisterfunctionality,youmightbestoringdataaboutachild’sattendance(line407).
• AnnexA:TapestryDataProtection:Fixatypo“Repeatingyourinalettertous.”shouldbe:“Repeatingyourinstructioninalettertous”(line580).
• AnnexB:TapestrySecurity:Takeoutreferencetowhenthelastpenetrationtestwas,thisbecomesoutofdatetooquickly.Addinhowtogetholdofthesummaryofthetestandtocontactusforwhenthelasttesttookplaceandwhenthenextoneisscheduled(line1022).
• AnnexC:TapestryPrivacy:Mentionthat,ifthecustomerusestheforthcomingRegisterfunctionality,theymightbestoringdataaboutachild’sattendance(line1258).
• AnnexD:TapestrySubprocessors:WehaveaddedApple,GoogleandAmazonasourforthcomingappswillofferpushnotificationsandthosenotificationsgoviathemakerofthephoneortablet’soperatingsystem.BecausewearetheDataProcessorforthisdata,youneedtoconsenttousingthesesub-processors.YoucanprovideyourconsentbyenablingpushnotificationsinyourTapestryControlpanel.Ifyoudonotprovideconsenttheonlyfunctionalitythatwillbemissingispushnotifications(line1402).
• AnnexE:BillingandSupportData:WehavechangedouremailproviderfromFastmailtoZohoMail.BecausewearetheDataControllerforthis,consentisnotformallyrequiredfromyoutomakethischange(line1453).
2018 May 1 LinenumbersmentionedinthissectionarethelinenumbersmarkedonthePDFcopyofthe2018May1versionofthiscontract.
Tapestry Data Protection • Addasectionpointingoutwheretofindinthiscontractthestandardtermsrequired
inadataprocessingagreement(lines303-323)• AttempttoclarifythewordingdescribingthatviewingTapestryfromoutsidetheEU
meansdatawillbetransferredoutsidetheEUtogettoyou(lines351-358)• Rephrase“WhatdataisplacedintoTapestry?”tomorecloselymatchthelanguageof
subjectmatter,natureandpurpose,etc.thatisusedindataprotectionlegislation(lines360-375)
• RemoveBursarfromthelistofexamplesofwhocaninstructus(line520).• Confirmthatifsomeonewhoisn’tauthorisedtriestoinstructustodosomething,we
willtellyouaboutit.(lines525-526)• Clarifywhat‘written’instructionmeans(lines530-540)• Addedasection“Instructionswedoanddon’taccept”(lines541-562).• Confirmthatourstaffwhoprocessdataareappropriatelytrainedindataprotection
(line568).• Thetoolstoallowdownloadofuser’sdataarenowavailable(line581).• Removesection“[NOTYETIMPLEMENTEDWedoprovidesomeexampledocuments
onrisksthatyoucancustomisewhencarryingoutyourownassessments.]”–wehaveprovidedsomeguidanceinourforum,butnotyetexampledocuments(line617).
Tapestry Security • Removetheword‘reset’fromlinks(line847).• ClarifythewordingthatconfirmsconnectionsbetweentheTapestryappsandour
serversareencrypted(line938).• Changeemailtoreachforkeepingintouchaboutsecurity.Inurgentcaseswewould
callifwehaveappropriatecontactdetails(line1013).
Tapestry Privacy • Removetheword‘usually’.Ourcustomersarealwaysthedatacontrollers(line1176)
Tapestry Sub Processor • RemovethereferencetoCrashlytics,theforthcomingversionsoftheTapestryapps
willnolongerusethissub-processor(line1153).
2018 March 12 (Second Draft) LinenumbersmentionedinthissectionarethelinenumbersmarkedonthePDFcopyofthe2018March12draft.
Across all sections • Fixedtyposandimprovedsomewording.• Adjustnumberingthatoccursbecauseofotherchanges.• Makelinkstoemailsandwebsitesclickable.
A note on this draft • Mentionthelistofchanges(line163).• Fixdates(line174).
Overview • Clarifythatwedosometimescallpeopleback,andofferpaid-fortelephonesupport
sessions(lines189-192).• StateexplicitlythatweareGDPRcompliantandthiscontractcontainstherequired
clauses(lines212-215).• Statethatthelimitonliabilityisreciprocal(lines268-269)• Clarifythatsomeliabilitiesaresetinlawandwearen’tattemptingtooverridethem
(line268).Inparticular,inrelationtoliabilitiesfrombreachesindataprotectionlaw(lines270-275).
Annex A: Tapestry Data Protection • Providemoredetailonwheredataisstored(lines308-330).• Confirmthatwewon’tchangewheredataisstoredwithoutyouragreement(lines
309-311).• ReferencethePrivacyPolicyforafullerexplanationofwhatdataiscoveredbythis
dataprocessingagreement(line345).• Confirmthatwewillgetyourwrittenconsentbeforechangingoursub-processors
(line363).• Confirmthatwewilltellyouifwebecomeawareofabreach(line375,line527,lines
578-582).• SuggestcarefulconsiderationofthelawfulbasisforaddingdatatoTapestry(lines
384-387).• Expandontheimplicationsoftherighttobeinformed(lines439-451).• Clarifywedon’tlicenseyourdata(line469).• Clarifywhocantellyoutorestrictprocessingofdata(itisn’tus)(line474).• Clarifywhocaninstructus(lines480-493).• Confirmthatweusesub-processorsinawaythatiscompliantwithdataprotection
lawandpointtotheAnnexforadescriptionofhowwewillseekyouragreementifwewishtochangethem.(lines505-507).
• Clarifythatwewillhelpyouto‘lock-down’youraccountifyoususpectabreach(line531-534).
• Clarifythatyouhavetonotifythedataprotectionregulatorinthecaseofabreach(line539).
• Clarifywewon’tdeletedataifwearenotallowedtobylaw(lines562-563).• Clarifythatwemaypartiallyorentirelylockdownyouraccountifwesuspectabreach
(lines583-587).• AddaFAQonBrexit(lines601-605).
Annex B: Tapestry Security • AddVATnumber(line637)• Confirmthatwhendataisdeletedfromourbackups,itisnolongerrecoverablebyus
(line714).• Addareminderaboutwhattodoifyoususpectapasswordoremailaccounthasbeen
compromised(lines795-803).• Clarifywhenandhowwemightstoredataonourlocaldevices(lines824-829).• Providemoredetailonwhatourpenetrationtestscover(lines906-912).• Confirmthatweareinsured(lines969-972).• MakeourTLS1.0supportmoreobvious(lines987-991).• Clarifythatyoucan’tforcepasswordchangeseveryXdays(lines1078-1083).• Confirmwehavedifferentiateddataaccesspolicies(lines1095-1101).
Annex C: Tapestry Privacy • ClarifythattheDataControllerwillneedtoaddmoreinformationtofulfilasubject’s
righttobeinformed(lines1106-1113,lines1153-1154).• Giveexamplesofwho‘you’mightbe(lines1120-1121).• Clarifythatwemaycontact‘managers’registeredwithTapestryusingthecontact
detailstheyhaveenteredifwehaveaquestionorconcernabouttheassociatedTapestryaccount(lines1165-1167).
• ClarifywealsocollectyourIPaddressifyouuseourphoneortabletapp(line1182).• Confirmthatwedonotsharedataaboutyourcomputerortablet(line1193).• ClarifythattheDataControllerwillneedtoprovidethelawfulbasis(line1194-1197).• Removetroublesomereferencetowhoownsdata:keepingthefactthatwedon’t,but
notclaimingthatyoudo(line1199-1200).
Annex D: Tapestry Sub-processors • Confirmthattheyareunderawrittencontractwithus(line1266).• Confirmthatweusetheminawaythatisconsistentwiththiscontract,andgive
examplesinrelationtocommonquestions.(lines1271-1279).• Removereferencestosub-processorswehavenoweliminated(line1288).• Explainhowwewillseekyourwrittenconsentifweneedtoaddorchangesub-
processors(lines1290-1299).
Annex E: Billing and support data • Explicitlystateourlawfulbasisforprocessingdata(line1322).• RemovereferencetoUnitedHosting-wenolongerusethem(line1330).• Clarifythatwewouldsharedatarelatingtoanaccountwithotherrepresentativesof
thataccount.(lines1334-1339).• Clarifythatwedouseyourdatatoimproveourservice(line1341).
Annex F: Use of our discussion forum • Explicitlystateourlawfulbasisforprocessingdata(line1405).
2018 January 5 (First draft) • Firstpublicdraftofnew,moredetailed,contract.
Page 1: [1] Deleted FSF 4/18/19 1:36:00 PM
... [1]