ISO9001 & ISO27001 Accredited Company

Education Data Processing Agreement

Title of Agreement – InVentry Sign In Solution.

Purpose – To facilitate the processing of student, staff and visitor information between client schools and InVentry Ltd for the purpose of providing visitor management, fire evacuation, remote support and attendance services.

Partners – Purchasing establishment (herein known as the data controller).

InVentry Ltd (herein known as the data processor).

Date of agreement – Upon commencement of InVentry maintenance or InVentry Anywhere license.

Date of agreement review – In line with expiry of licence purchased.

Agreement drawn up by – InVentry Ltd.

Extent of agreement – Schools undertaking InVentry services and subject to The Data Protection Act 2018/UK General Data Protection Regulations.

1. Introduction

1.1        This data processing agreement has been drawn up by InVentry Ltd, which sets out the core information processing principles which have been agreed by its signatory organisations.

1.2        The objective of this information processing agreement is to provide data for use in the following services:

  • Visitor Management
  • Technical support (InVentry Maintenance licence)
  • Evacuation service (InVentry Anywhere licence)
  • ID badge creation
  • Communication of update and functionality information

1.3        In order to meet this objective it is necessary for partners to share selected information.

2. Definitions

  • “Data” is defined in Section 6 of this document.
  • “Data Subject” shall have the same meaning as set out in Article 4 (1) of the UKGDPR and means an identified or identifiable natural person
  • “Data Protection Act 2018” is defined as the UK Act of Parliament to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information; to make provision for a direct marketing code of practice; and for connected purposes.
  • “EEA” means the European Economic Area – the 27 Member states of the European Union plus Iceland, Lichtenstein and Norway
  • UK GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal)  

Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations

  • “Incident” has the same meaning as a personal data breach in Article 4 (12) of the GDPR and means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data, transmitted, stored or otherwise processed under the terms of this agreement.
  • “Processing” shall mean any operation or set of operations which is/are performed upon Data, (whether or not by automatic means) including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Such processing may be wholly or partly by automatic means or processing otherwise than by automatic means of Data which form part of a filing system or one intended to form part of a filing system. A filing system shall mean any structured set of Data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis.

3. Policy Statements and Purpose

3.1        The purpose of this agreement is to:

  • Fulfil requirements of evacuation service (InVentry Anywhere licence)
    • Fulfil requirements of system support contract (InVentry Maintenance Licence)
    • Provide up to date information on the system and improve functionality (InVentry Maintenance licence)

4. Partners

4.1        This agreement is between partners listed from the following organisations

  • Client school (data controller)
  • InVentry Ltd (data processor as appropriate)

5. Basis for processing

5.1 This agreement fulfils the following requirements:

  • The UK General Data Protection Regulations (Principles)
  • The UK General Data Protection Regulations (Rights of the Data Subject)
  • The Education Act 1996
  • The Children Act 1989
  • The Children Act 2004
  • The Freedom of Information Act 2000
  • Regulatory Reform (Fire Safety) Order 2005,
  • The Management of Health and Safety at Work Regulations 1999

5.2       Any information shared and the processes used to share such information will be compliant with the relevant human rights legislation.

6. Process

6.1        This agreement has been formulated to facilitate the exchange of student, staff and visitor information between the signatories. It is, however, incumbent on all partners to recognise that any information shared must be justified on the merits of the agreement.

6.2       Where the processing undertaken by InVentry, as defined in Section 6 of the data processing agreement where appropriate, written direction is obtained from the controller.

6.3       Information to be shared is from the following as agreed with the client:

For the purposes of implementing an InVentry Visitor Management system
Up to and including a complete and unedited copy of the on-premises database (including any MIS data which has been imported as agreed to provide additional services) will be hosted by InVentry Ltd and synchronised in real time to provide the visitor management services as agreed under contract between the Customer and InVentry Ltd. The minimum data required is as follows: Staff – System user creation First nameSurnameWork email address   Visitors – Visit record First nameSurname   For migration of MIS systems Staff work emailStudent UPN (Stored in a Pseudonymised state)   Please note: Due to the evolving nature of the cloud service and to ensure the minimisation of data transferred to the cloud service, InVentry will only transfer that that is required to deliver the features available at that time. Details of the personal data being transferred at this moment in time is available on request from dpo@inventry.co.uk. From the point the system is installed, this information will be available directly in the console and you will be informed of any changes via the console.Article 6(1b) Contractual agreement
InVentry Cloud Multi-Factor Security Token
As part of the cloud multifactor security, a security token is required to be placed on the users device to establish it as a Trusted Device. It is an essential token and has a lifetime of 7 daysArticle 6(1b) Contractual agreement
Additional services provided which customer data may be used for and agreed under contract.
Personal data type:Source (where InVentry Ltd obtained the personal data from)Lawful Grounds
Staff – For use of Evacuation App/Communication
First name*Provided by School and extracted from the InVentry SystemArticle 6(1b) Contractual agreement
Surname *
Time signed IN*
Photograph (Only if controller includes thisF field)
Position (Only if controller includes this field)
Email address
Student – For use of Evacuation App
First Name*+Provided by School and extracted from the InVentry SystemArticle 6(1b) Contractual agreement
Surname*+
Form group*+
Year group *+
Time signed IN*+
Time signed OUT*+
Reason for IN/OUT*+
MIS ID**+
AM/PM session mark**+
Visitor – For use in Evacuation/communication
First name*Provided by School and extracted from the InVentry SystemArticle 6(1b) Contractual agreement
Surname*
Company
Photograph
Vehicle registration
Name of host/person visiting
Time signed IN*
Email
Parent/Carer/Medical Information for Advanced Trip Management
Person ID*Provided by the school, extracted from the InVentry System and used to facilitate this service.Article 6(1b) Contractual agreement
Contact ID*
Title*
Contact Name*
Parental Responsibility*
Relationship*
Priority*
Telephone Number*
Telephone Type*
Email Address*
Email Type*
Court Order*
MIS ID*
Person ID*
Condition Name*
Description*
Person ID*
Dietary ID*
Description*
Notes*
Please note: The data listed above is initially suppressed but can be added at the discretion of the data controller
Class Mark/ClubReg
Student First name*Provided by the school, extracted from the InVentry System and used to facilitate this service.Article 6(1b) Contractual agreement
Student Surname*
Student MIS ID*
Year group*
Form group*
Session mark (Classmark only)*
Staff First name* 
Staff Surname* 
Staff email* 
Staff MIS ID* 
Please note: the data listed above (*) is that which is mandatory for system functionality. Other fields are optional and may be added at the discretion the data controller, this includes Parent/Carer/Medical Information as listed for Advanced Trip Management. Further details are available from dpo@inventry.co.uk.
ID Badge service
This service uses a set of data identified by the Data Controller and not specified by InVentry ltd. By using this service, the responsibility for consent lies with the Data Controller.Article 6(1b) Contractual agreement
Support and Fault resolution
User account creation First nameSurnameEmail address Exceptional circumstances In such circumstance occasions it may be required that support copy part or whole database. Before removing data in any form, we will seek your additional consent to do so, either verbally or written, and take all steps to minimise its collection. This data is subject to a stringent internal policy and procedure ensuring that ownership and security of the data is recorded and maintained throughout the process. By design your InVentry system offers the ability to collect special category personal data in the form of biometric data (facial recognition/fingerprint recognition). If during the process of fault resolution, we are required to download the database from your system, we will treat it in accordance with the process described above and in line with our data processing agreement. Should you so decide, you have the ability to add customised data fields that may include the collection of special category personal data. As the data controller, this is your decision and you should be aware that this will be shared with us. We will treat it in accordance with the above process and in line with our data processing agreement.Article 6(1b) Contractual agreement
Visitor Feedback
Visitor email address*Provided by School, extracted from the InVentry System and used by the email system to facilitate this service.Article 6(1b) Contractual agreement
SMS Service
Mobile number*Provided by School, extracted from the InVentry System and used by the SMS provider to facilitate this service.Article 6(1b) Contractual agreement
Financial Information
First name*Provided ithe school to facilitate accurate records of financial transactions.Article 6(1b) Contractual agreement
Surname*
Email*

Above fields marked with * are required for feature functionality. Fields marked with a ** are required if using the full MIS register function of the InVentry Evacuation app. Fields marked with a + are not required for InVentry One systems.

7. How will the data be secured and transferred

7.1        The InVentry Ltd data processing agreement provides details of the overall security standards Based on the requirements of applicable data protection laws, InVentry will implement appropriate security measures to protect against accidental loss or unlawful destruction, loss, alteration, disclosure or access to data. These measures will ensure a level of security appropriate to the risks presented by the processing and the nature of the data protected having regard to the state of the art and their cost of implementation.

7.2       The InVentry Ltd data processing agreement provides details of the overall security standards required of participating organisations to manage the information they receive from other parties under this agreement. These must be respected by all signatories.

7.3       All data processed by InVentry Ltd or any sub-processor is done so in compliance with the requirements laid in UKGDPR/Data Protection Act 2018.

7.4       All onsite and cloud stored data will be secured using 256-bit AES encryption, this is the responsibility of the processor. The security of the on-premises device e.g. antivirus, firewall, password policy is the responsibility of the data controller.

7.5       Any data transferred to the processor is done using SSL/HTTPS and TLS 1.2

7.6       Any data copied for support calls and incident resolution is done using remote support software which uses RSA private/public key exchange (2048-bit) and AES (256-bit) session encryption.

7.7        Where data may be processed beyond the EEA, it will be done so in line with Articles 44 – 46 of UK GDPR and takes such measures as are necessary to ensure such transfer is in compliance with current Data Protection Law. If any processing should be outside these articles, written consent will be sought. For more information on processing, see Appendix 1

7.8       The controller authorises InVentry in line with Article 28 of UK GDPR (general written authorisation) to engage subcontractors to process personal data (as defined in section 5.2 of data processing agreement) of the data subjects using its system. InVentry will notify the controller in advance of any changes to sub-processors. Within 30 days after InVentry’s notification of the intended change, the controller can object to the addition of the sub processor on the basis that such an addition would cause the client to violate applicable legal requirements. The controller shall object inwriting and include the specific reasons for its objection and options to mitigate, if any. If the client does not object within such period, the respective sub-processor may be commissioned to process the personal data (as defined in section 5.2 of data processing agreement). InVentry shall apply and undertake all appropriate data protection obligations for any approved sub-processor prior to the Sub-processor processing any personal day.


If a client legitimately objects to the addition of a sub-processor and InVentry cannot reasonably accommodate the client’s objection, InVentry will notify the client. The client may then, if they so wish, terminate the affected service by providing InVentry with a written notice, within one month of InVentry’s notice.

7.9       InVentry shall, upon confirmation of a data breach notify the data controller of it within 24 hours and will work together with Data Controller to investigate the data breach where this is within its control.

7.10     InVentry will inform the Data Controller if, in its opinion, an instruction received from the Data Controller may put the Data Controller at risk of breaching data protection regulations.

7.11      InVentry Ltd shall indemnify the Data Controller against all liability, loss, damage and expense of whatsoever nature incurred or suffered by the Data Controller due to any failure by InVentry Ltd or its employees, agents or Sub-processors to comply with any of its obligations under this agreement and/or under Data Protection Legislation. Similarly, The Data Controller shall indemnify against all liability, loss, damage and expense of whatsoever nature incurred or suffered by InVentry Ltd due to any failure by the Data Controller or its employees or agents to comply with any of its obligations under this agreement and/or Data Protection Legislation.

7.12      Should InVentry choose to change a 3rd party service, we will complete appropriate impact assessments, alter our privacy statement where appropriate and notify you of this change. Where an additional service is being provided, consent will be sought

7.13      All InVentry staff receive appropriate training and are subject to confidentiality with regards to customer data.

For more information, please contact InVentry Ltd.

8. Ensuring Data Quality

8.1       Everyone processing data under this agreement is responsible for the quality of the data they are processing. The data controller is responsible for ensuring that data entered into the InVentry system is accurate and up to date. Where data is used in offsite services InVentry Ltd are responsible for ensuring that this reflects accurately the information provided for that service.

8.2       Before processing data, checks will be undertaken to ensure that the information being shared is accurate and up to date to the best of all parties’ knowledge. If special category personal data is being shared which could harm the data subject if it was inaccurate, then particular care must be taken.

8.3       If a complaint is received about the accuracy of personal data which affects datasets shared with partners in this agreement, an updated replacement dataset will be communicated to the partners. The partners will replace the out-of-date data with the revised data.

9. Information use, review, backup, retention and deletion

9.1       Partners to this agreement undertake that information shared under the agreement will only be used for the specific purpose for which it was shared, in line with this agreement. It must not be shared for any other purpose outside of this agreement.

9.2       The client remains the data controller in all cases of the data processing.

9.3       Whilst data remains within the system onsite, except for agreed support services, InVentry Ltd do not act as a processor.

9.4       Where data is viewed or removed from site for support purposes, transferred to cloud services where InVentry Ltd processes data on the client’s behalf, they become the processor.

9.5       The retention period for data within the system is as follows:

On-premises system

All data stored within the on-premise system is subject to the organisations data retention policy. All amendments to data made on this system are reflected in the cloud version of the organisations systems.

InVentry Services data retention periods

InVentry Cloud system

The data processed in the cloud service will be deleted 30 days following the receipt of written confirmation by the customer of the termination of the contract.

Cloud system backup

The cloud hosted data is backed up by InVentry Ltd for the following timescales

Hourly7 days
Daily14 days
Weekly12 weeks

Please note: Currently the back only applies to the data processed in the cloud system and is for use in recovering this. We advise that the customer makes a local back up using the in-built automated tool for full on-premise system recoveries should one be required.

InVentry Anywhere evacuation

  • Staff/Primary pupil/Secondary pupil/visitors – Until 23:59:59 on day of attendance at site.

ID Badge creation service

Any personal information supplied will be processed and stored as follows:

  • Up 24 hours – InVentry Anywhere Cloud storage.
  • 51 days from dispatch of order, stored on local area network at our head office to enable completion and confirmation of order.

SMS Service

  • InVentry system – 30 days/13 moths anonymised for billing purposes only
  • SMS service provider – 6 months
  • Telecom service provide – 12 months

The message and the number are stored for the above the time frames by SMS service provider for legitimate business reasons and the Telecom service provider as this is regulated under the Investigatory Powers Act 2016.

Email address

  • Anywhere service – 30 days
  • Service Provider – 7 days

Support desk

  • Until no longer required under Article 6(f) – Legitimate Interest of the organisation for completeness of the record.

Financial information

  • 7 years under Article 6(f) – Legitimate Interest of the organisation for completeness of the record.

Advanced Trip Management

Either

  • On completion of the trip, when closed by the school.

Or

  • Up to twenty-four hours beyond the duration of the trip set by the school duration of the trip

9.6       InVentry Ltd will not release the information to any third party unless the request is subject to legal obligation without obtaining the express written authority of the partner who provided the information.

9.7       The following destruction process will be used when the information is no longer required:

  • Data in printout form to be kept minimal & be shredded using secure offsite destruction disposed in accordance with the InVentry Ltd Media Handling Policy.
  • Data in digital format will be deleted and devices will be disposed in accordance with the InVentry Ltd Information Security Policy.

10. Party agreement

10.1      All involved parties accept responsibility for its execution and agree to ensure that staff are trained so that requests for information and the process of processing itself are sufficient to meet the purpose of this agreement.

10.2     InVentry Ltd will support the Data Controller in demonstrating compliance with the regulations covering the UK. Where required and reasonable, the processor will work with the data controller to;

  • Cooperate with the relevant data protection authorities in the event of an enquiry
  • Assist the data controller, where necessary, in the completion of data protection impact assessments, and prior consultations with data privacy authorities
  • Report data breaches to the controller without delay
  • Help the controller to comply with data subject rights
  • Assist the data controller in managing the consequences of data breaches
  • Inform the controller if the processing instructions infringe Data Protection Act 2018/UKGDPR.

10.3     At the written request of the data controller, InVentry will submit for audit of its data processing facilities and the processing activities covered by this agreement. This may be carried out by either the controller or an inspection body composed of independent members and in possession of the professional qualifications, bound by a duty of confidentiality, selected by the data controller and where applicable in agreement with the supervisory authority

All requests for additional assistance will be subject to the agreement of the Directors.

Signed on behalf of InVentry Ltd

Image 2

Name: Phil Brooke

Role: Group CTO

Date: As below

 


 

Appendix 1 – InVentry Processing

The following InVentry data hosting and processing locations are utilised for the purposes described below:

ServiceSystemProcessing providerPurpose/JustificationLocationArticle 44 compliance (where required)
Evacuation serviceInVentry AnywhereRackspaceProviding processing for evacuation serviceUKLegally binding contract in place
Badge making    InVentry ID badge makingRackspaceProviding processing for badge making transferUKLegally binding contract in place
Evacuation serviceInVentry AnywhereIBMProviding processing for evacuation serviceUKLegally binding contract in place
Support desk servicesZenDeskZenDeskRecording details of support calls  US/EEAArticle 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses.
CRMDynamicsMicrosoftCustomer managementEEAArticle 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses.
Advanced Trip ManagementInVentry AnywhereRackspaceProviding processing for evacuation serviceUKLegally binding contract in place
Cloud version of school system and integrated servicesAzureMicrosoftProviding storage for InVentry hosted copy of site system.UKLegally binding contract in place
ServiceSystemProcessing providerPurpose/JustificationLocationArticle 44 compliance (where required)
Email relay serviceInVentry AnywhereTwillioProvide communications to visitorsUSArticle 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses.
SMS messagingInVentry AnywhereSendGridSending SMS messages for visitor notificationsUSArticle 46 – Transfers subject to appropriate safeguards (parts c and d) – Standard data protection clauses through Binding Corporate Rules with Parent Organisation Twillio