IDaaS Privacy Policy

This forms part of the application process to use Groupcall IDaaS.  The Head Teacher or an authorised member of staff will agree to have read and understood the terms and conditions outlined below:

 

Who is responsible for managing my information?

Groupcall IDaaS is provided by Groupcall Limited (“Groupcall”) to Groupcall Partner organisations for purposes of forward provisioning data to third party systems.  Groupcall are responsible for ensuring that your data is adequately protected in relation to the operation of the Groupcall IDaaS platform itself.  Third party systems are responsible for the protection of scope of data in their care and this is covered by a separate agreement.

 

What information do we collect?

Groupcall IDaaS will collect and store data from your school as per the list on page 5 and maintain that data according to the life cycle on page 8.  This scope will increase in line with the needs of third party systems that you request IDaaS forward provisions to, and those increases are covered in your separate data sharing agreement with each third party system.

 

What is my information used for?

Groupcall IDaaS securely transports information from your MIS for purposes of:

  1. Managing the life cycle of user accounts in Groupcall IDaaS;
  2. Verifying the identity of user accounts in Groupcall IDaaS;
  3. Forward provisioning information about persons in your school to third party systems you allow;
  4. Forward provisioning information other than persons in your school to third party systems you allow


How is my information held?

Groupcall IDaaS encrypts all data during transit using AES128 encryption, and stores data within the Groupcall IDaaS platform.   The Groupcall IDaaS platform is hosted in Microsoft Azure in the Europe North territory and you can find out more about this platform at the Windows Azure Trust Centre; however in summary the data in Azure is protected from exposure by multiple layers of firewalling, authentication and physical access control.

Data that is forward provisioned to third party systems is subject to the conditions of your specific data sharing agreement with that particular third party system.

 

How long will my information be held for?

Groupcall IDaaS retains data from an individual school while it is applicable to current or future learners and staff within the school.  When this ceases to be the case IDaaS will no longer retain school data for learners or staff who have registered with IDaaS but will continue to provide their identity username and password, for purposes of continuity throughout their education.

Data that is forward provisioned to third party systems is subject to the conditions of your specific data sharing agreement with that particular third party system.

 

How can I update my data?

The data delivered by Groupcall IDaaS reflects the data in your school MIS system; hence to correct any inaccuracies in that data you should correct the data in your MIS and await the refresh of that data across destination systems.

 

How do I delete my data?

Revocation of access for IDaaS third party systems does not remove data from those systems; you need to follow through an exit process with each individual third party system in such a case.

If an IDaaS user is registered by virtue of two or more schools then they will retain their identity but the data for that user relating to your school establishment will be removed.

If you require your individual data deleted from the IDaaS platform then you need only contact Groupcall Support.

 

Will you ever update this privacy policy?

We may update this privacy policy from time to time in the interests of maintaining a secure and efficient service.  The latest version of this document will always be available from Groupcall Support.

 

Who can I contact if I have queries about this privacy policy?

If you are already a Groupcall IDaaS customer then please contact Groupcall Support.  If you are a prospective customer then please contact our sales team via sales@groupcall.com.