Education Data Processing Agreement
Title of Agreement – InVentry Sign In Solution.
Purpose – To facilitate the processing of student, staff and visitor information between client schools and InVentry Ltd for the purpose of providing visitor management, fire evacuation, remote support and attendance services.
Partners – Purchasing establishment (herein known as the data controller).
InVentry Ltd (herein known as the data processor).
Date of agreement – Upon commencement of InVentry maintenance or InVentry Anywhere license.
Date of agreement review – In line with expiry of licence purchased.
Agreement drawn up by – InVentry Ltd.
Extent of agreement – Schools undertaking InVentry services and subject to The Data Protection Act 2018/UK General Data Protection Regulations.
1. Introduction
1.1 This data processing agreement has been drawn up by InVentry Ltd, which sets out the core information processing principles which have been agreed by its signatory organisations.
1.2 The objective of this information processing agreement is to provide data for use in the following services:
- Visitor Management
- Technical support (InVentry Maintenance licence)
- Evacuation service (InVentry Anywhere licence)
- ID badge creation
- Communication of update and functionality information
1.3 In order to meet this objective it is necessary for partners to share selected information.
2. Definitions
- “Data” is defined in Section 6 of this document.
- “Data Subject” shall have the same meaning as set out in Article 4 (1) of the UKGDPR and means an identified or identifiable natural person
- “Data Protection Act 2018” is defined as the UK Act of Parliament to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information; to make provision for a direct marketing code of practice; and for connected purposes.
- “EEA” means the European Economic Area – the 27 Member states of the European Union plus Iceland, Lichtenstein and Norway
- UK GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal)
Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations
- “Incident” has the same meaning as a personal data breach in Article 4 (12) of the GDPR and means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data, transmitted, stored or otherwise processed under the terms of this agreement.
- “Processing” shall mean any operation or set of operations which is/are performed upon Data, (whether or not by automatic means) including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Such processing may be wholly or partly by automatic means or processing otherwise than by automatic means of Data which form part of a filing system or one intended to form part of a filing system. A filing system shall mean any structured set of Data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis.
3. Policy Statements and Purpose
3.1 The purpose of this agreement is to:
- Enable attendance on site by the above parties to be recorded for the purpose of statutory requirements:
- Regulatory Reform (Fire Safety) Order 2005,
- Section 537A of the Education Act 1996.
- Fulfil requirements of evacuation service (InVentry Anywhere licence)
- Fulfil requirements of system support contract (InVentry Maintenance Licence)
- Provide up to date information on the system and improve functionality (InVentry Maintenance licence)
4. Partners
4.1 This agreement is between partners listed from the following organisations
- Client school (data controller)
- InVentry Ltd (data processor as appropriate)
5. Basis for processing
5.1 This agreement fulfils the following requirements:
- The UK General Data Protection Regulations (Principles)
- The UK General Data Protection Regulations (Rights of the Data Subject)
- The Education Act 1996
- The Children Act 1989
- The Children Act 2004
- The Freedom of Information Act 2000
- Regulatory Reform (Fire Safety) Order 2005,
- The Management of Health and Safety at Work Regulations 1999
5.2 Any information shared and the processes used to share such information will be compliant with the relevant human rights legislation.
6. Process
6.2 Where the processing undertaken by InVentry, as defined in Section 6 of the data processing agreement where appropriate, written direction is obtained from the controller.
6.3 Information to be shared is from the following as agreed with the client:
| For the purposes of implementing an InVentry Visitor Management system | |||
| Up to and including a complete and unedited copy of the on-premises database (including any MIS data which has been imported as agreed to provide additional services) will be hosted by InVentry Ltd and synchronised in real time to provide the visitor management services as agreed under contract between the Customer and InVentry Ltd. The minimum data required is as follows: Staff – System user creation First nameSurnameWork email address Visitors – Visit record First nameSurname For migration of MIS systems Staff work emailStudent UPN (Stored in a Pseudonymised state) Please note: Due to the evolving nature of the cloud service and to ensure the minimisation of data transferred to the cloud service, InVentry will only transfer that that is required to deliver the features available at that time. Details of the personal data being transferred at this moment in time is available on request from dpo@inventry.co.uk. From the point the system is installed, this information will be available directly in the console and you will be informed of any changes via the console. | Article 6(1b) Contractual agreement | ||
| InVentry Cloud Multi-Factor Security Token | |||
| As part of the cloud multifactor security, a security token is required to be placed on the users device to establish it as a Trusted Device. It is an essential token and has a lifetime of 7 days | Article 6(1b) Contractual agreement | ||
| Additional services provided which customer data may be used for and agreed under contract. | |||
| Personal data type: | Source (where InVentry Ltd obtained the personal data from) | Lawful Grounds | |
| Staff – For use of Evacuation App/Communication | |||
| First name* | Provided by School and extracted from the InVentry System | Article 6(1b) Contractual agreement | |
| Surname * | |||
| Time signed IN* | |||
| Photograph (Only if controller includes thisF field) | |||
| Position (Only if controller includes this field) | |||
| Email address | |||
| Student – For use of Evacuation App | |||
| First Name*+ | Provided by School and extracted from the InVentry System | Article 6(1b) Contractual agreement | |
| Surname*+ | |||
| Form group*+ | |||
| Year group *+ | |||
| Time signed IN*+ | |||
| Time signed OUT*+ | |||
| Reason for IN/OUT*+ | |||
| MIS ID**+ | |||
| AM/PM session mark**+ | |||
| Visitor – For use in Evacuation/communication | |||
| First name* | Provided by School and extracted from the InVentry System | Article 6(1b) Contractual agreement | |
| Surname* | |||
| Company | |||
| Photograph | |||
| Vehicle registration | |||
| Name of host/person visiting | |||
| Time signed IN* | |||
| Parent/Carer/Medical Information for Advanced Trip Management | |||
| Person ID* | Provided by the school, extracted from the InVentry System and used to facilitate this service. | Article 6(1b) Contractual agreement | |
| Contact ID* | |||
| Title* | |||
| Contact Name* | |||
| Parental Responsibility* | |||
| Relationship* | |||
| Priority* | |||
| Telephone Number* | |||
| Telephone Type* | |||
| Email Address* | |||
| Email Type* | |||
| Court Order* | |||
| MIS ID* | |||
| Person ID* | |||
| Condition Name* | |||
| Description* | |||
| Person ID* | |||
| Dietary ID* | |||
| Description* | |||
| Notes* | |||
| Please note: The data listed above is initially suppressed but can be added at the discretion of the data controller | |||
| Class Mark/ClubReg | |||
| Student First name* | Provided by the school, extracted from the InVentry System and used to facilitate this service. | Article 6(1b) Contractual agreement | |
| Student Surname* | |||
| Student MIS ID* | |||
| Year group* | |||
| Form group* | |||
| Session mark (Classmark only)* | |||
| Staff First name* | |||
| Staff Surname* | |||
| Staff email* | |||
| Staff MIS ID* | |||
| Please note: the data listed above (*) is that which is mandatory for system functionality. Other fields are optional and may be added at the discretion the data controller, this includes Parent/Carer/Medical Information as listed for Advanced Trip Management. Further details are available from dpo@inventry.co.uk. | |||
| ID Badge service | |||
| This service uses a set of data identified by the Data Controller and not specified by InVentry ltd. By using this service, the responsibility for consent lies with the Data Controller. | Article 6(1b) Contractual agreement | ||
| Support and Fault resolution | |||
| User account creation First nameSurnameEmail address Exceptional circumstances In such circumstance occasions it may be required that support copy part or whole database. Before removing data in any form, we will seek your additional consent to do so, either verbally or written, and take all steps to minimise its collection. This data is subject to a stringent internal policy and procedure ensuring that ownership and security of the data is recorded and maintained throughout the process. By design your InVentry system offers the ability to collect special category personal data in the form of biometric data (facial recognition/fingerprint recognition). If during the process of fault resolution, we are required to download the database from your system, we will treat it in accordance with the process described above and in line with our data processing agreement. Should you so decide, you have the ability to add customised data fields that may include the collection of special category personal data. As the data controller, this is your decision and you should be aware that this will be shared with us. We will treat it in accordance with the above process and in line with our data processing agreement. | Article 6(1b) Contractual agreement | ||
| Visitor Feedback | |||
| Visitor email address* | Provided by School, extracted from the InVentry System and used by the email system to facilitate this service. | Article 6(1b) Contractual agreement | |
| SMS Service | |||
| Mobile number* | Provided by School, extracted from the InVentry System and used by the SMS provider to facilitate this service. | Article 6(1b) Contractual agreement | |
| Financial Information | |||
| First name* | Provided ithe school to facilitate accurate records of financial transactions. | Article 6(1b) Contractual agreement | |
| Surname* | |||
| Email* | |||
Above fields marked with * are required for feature functionality. Fields marked with a ** are required if using the full MIS register function of the InVentry Evacuation app. Fields marked with a + are not required for InVentry One systems.
7. How will the data be secured and transferred
7.1 The InVentry Ltd data processing agreement provides details of the overall security standards Based on the requirements of applicable data protection laws, InVentry will implement appropriate security measures to protect against accidental loss or unlawful destruction, loss, alteration, disclosure or access to data. These measures will ensure a level of security appropriate to the risks presented by the processing and the nature of the data protected having regard to the state of the art and their cost of implementation.
7.2 The InVentry Ltd data processing agreement provides details of the overall security standards required of participating organisations to manage the information they receive from other parties under this agreement. These must be respected by all signatories.
7.3 All data processed by InVentry Ltd or any sub-processor is done so in compliance with the requirements laid in UKGDPR/Data Protection Act 2018.
7.4 All onsite and cloud stored data will be secured using 256-bit AES encryption, this is the responsibility of the processor. The security of the on-premises device e.g. antivirus, firewall, password policy is the responsibility of the data controller.
7.5 Any data transferred to the processor is done using SSL/HTTPS and TLS 1.2
7.6 Any data copied for support calls and incident resolution is done using remote support software which uses RSA private/public key exchange (2048-bit) and AES (256-bit) session encryption.
7.7 Where data may be processed beyond the EEA, it will be done so in line with Articles 44 – 46 of UK GDPR and takes such measures as are necessary to ensure such transfer is in compliance with current Data Protection Law. If any processing should be outside these articles, written consent will be sought. For more information on processing, see Appendix 1
If a client legitimately objects to the addition of a sub-processor and InVentry cannot reasonably accommodate the client’s objection, InVentry will notify the client. The client may then, if they so wish, terminate the affected service by providing InVentry with a written notice, within one month of InVentry’s notice.
7.9 InVentry shall, upon confirmation of a data breach notify the data controller of it within 24 hours and will work together with Data Controller to investigate the data breach where this is within its control.
7.10 InVentry will inform the Data Controller if, in its opinion, an instruction received from the Data Controller may put the Data Controller at risk of breaching data protection regulations.
7.11 InVentry Ltd shall indemnify the Data Controller against all liability, loss, damage and expense of whatsoever nature incurred or suffered by the Data Controller due to any failure by InVentry Ltd or its employees, agents or Sub-processors to comply with any of its obligations under this agreement and/or under Data Protection Legislation. Similarly, The Data Controller shall indemnify against all liability, loss, damage and expense of whatsoever nature incurred or suffered by InVentry Ltd due to any failure by the Data Controller or its employees or agents to comply with any of its obligations under this agreement and/or Data Protection Legislation.
For more information, please contact InVentry Ltd.
8. Ensuring Data Quality
8.2 Before processing data, checks will be undertaken to ensure that the information being shared is accurate and up to date to the best of all parties’ knowledge. If special category personal data is being shared which could harm the data subject if it was inaccurate, then particular care must be taken.
8.3 If a complaint is received about the accuracy of personal data which affects datasets shared with partners in this agreement, an updated replacement dataset will be communicated to the partners. The partners will replace the out-of-date data with the revised data.
9. Information use, review, backup, retention and deletion
9.1 Partners to this agreement undertake that information shared under the agreement will only be used for the specific purpose for which it was shared, in line with this agreement. It must not be shared for any other purpose outside of this agreement.
9.2 The client remains the data controller in all cases of the data processing.
9.3 Whilst data remains within the system onsite, except for agreed support services, InVentry Ltd do not act as a processor.
9.4 Where data is viewed or removed from site for support purposes, transferred to cloud services where InVentry Ltd processes data on the client’s behalf, they become the processor.
9.5 The retention period for data within the system is as follows:
On-premises system
All data stored within the on-premise system is subject to the organisations data retention policy. All amendments to data made on this system are reflected in the cloud version of the organisations systems.
InVentry Services data retention periods
InVentry Cloud system
The data processed in the cloud service will be deleted 30 days following the receipt of written confirmation by the customer of the termination of the contract.
Cloud system backup
The cloud hosted data is backed up by InVentry Ltd for the following timescales
| Hourly | 7 days |
| Daily | 14 days |
| Weekly | 12 weeks |
Please note: Currently the back only applies to the data processed in the cloud system and is for use in recovering this. We advise that the customer makes a local back up using the in-built automated tool for full on-premise system recoveries should one be required.
InVentry Anywhere evacuation
- Staff/Primary pupil/Secondary pupil/visitors – Until 23:59:59 on day of attendance at site.
ID Badge creation service
Any personal information supplied will be processed and stored as follows:
- Up 24 hours – InVentry Anywhere Cloud storage.
- 51 days from dispatch of order, stored on local area network at our head office to enable completion and confirmation of order.
SMS Service
- InVentry system – 30 days/13 moths anonymised for billing purposes only
- SMS service provider – 6 months
- Telecom service provide – 12 months
The message and the number are stored for the above the time frames by SMS service provider for legitimate business reasons and the Telecom service provider as this is regulated under the Investigatory Powers Act 2016.
Email address
- Anywhere service – 30 days
- Service Provider – 7 days
Support desk
- Until no longer required under Article 6(f) – Legitimate Interest of the organisation for completeness of the record.
- 7 years under Article 6(f) – Legitimate Interest of the organisation for completeness of the record.
Advanced Trip Management
Either
- On completion of the trip, when closed by the school.
Or
- Up to twenty-four hours beyond the duration of the trip set by the school duration of the trip
9.6 InVentry Ltd will not release the information to any third party unless the request is subject to legal obligation without obtaining the express written authority of the partner who provided the information.
9.7 The following destruction process will be used when the information is no longer required:
- Data in printout form to be kept minimal & be shredded using secure offsite destruction disposed in accordance with the InVentry Ltd Media Handling Policy.
- Data in digital format will be deleted and devices will be disposed in accordance with the InVentry Ltd Information Security Policy.
10. Party agreement
10.1 All involved parties accept responsibility for its execution and agree to ensure that staff are trained so that requests for information and the process of processing itself are sufficient to meet the purpose of this agreement.
10.2 InVentry Ltd will support the Data Controller in demonstrating compliance with the regulations covering the UK. Where required and reasonable, the processor will work with the data controller to;
- Cooperate with the relevant data protection authorities in the event of an enquiry
- Assist the data controller, where necessary, in the completion of data protection impact assessments, and prior consultations with data privacy authorities
- Report data breaches to the controller without delay
- Help the controller to comply with data subject rights
- Assist the data controller in managing the consequences of data breaches
- Inform the controller if the processing instructions infringe Data Protection Act 2018/UKGDPR.
All requests for additional assistance will be subject to the agreement of the Directors.
Signed on behalf of InVentry Ltd
Name: Phil Brooke
Role: Group CTO
Date: As below
Appendix 1 – InVentry Processing
The following InVentry data hosting and processing locations are utilised for the purposes described below:
| Service | System | Processing provider | Purpose/Justification | Location | Article 44 compliance (where required) |
| Evacuation service | InVentry Anywhere | Rackspace | Providing processing for evacuation service | UK | Legally binding contract in place |
| Badge making | InVentry ID badge making | Rackspace | Providing processing for badge making transfer | UK | Legally binding contract in place |
| Evacuation service | InVentry Anywhere | IBM | Providing processing for evacuation service | UK | Legally binding contract in place |
| Support desk services | ZenDesk | ZenDesk | Recording details of support calls | US/EEA | Article 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses. |
| CRM | Dynamics | Microsoft | Customer management | EEA | Article 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses. |
| Advanced Trip Management | InVentry Anywhere | Rackspace | Providing processing for evacuation service | UK | Legally binding contract in place |
| Cloud version of school system and integrated services | Azure | Microsoft | Providing storage for InVentry hosted copy of site system. | UK | Legally binding contract in place |
| Service | System | Processing provider | Purpose/Justification | Location | Article 44 compliance (where required) |
| Email relay service | InVentry Anywhere | Twillio | Provide communications to visitors | US | Article 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses. |
| SMS messaging | InVentry Anywhere | SendGrid | Sending SMS messages for visitor notifications | US | Article 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses through Binding Corporate Rules with Parent Organisation Twillio |