Messenger v5 Data Sharing Agreement



What is Groupcall Messenger?

Groupcall Messenger is used by over 2,500 Primary and Secondary schools and provides an easy-to-use solution for parental communication. The system gives schools the ability to send text messages (SMS), emails and automated voice calls to the mobile phones and landlines of parents, staff and key contacts.

To provide an accurate list of school contacts at any time Groupcall Messenger v5 integrates with the schools Management Information System (MIS) and maintains a secure copy of essential school data within the Groupcall Messenger v5 web platform.

Document Aims

This document explains the selection, safeguarding and security of this data in detail and forms our Data Sharing Agreement with you. In order to use Groupcall Messenger your organisation must understand and accept this agreement - use of the product implies your acceptance.

Overview of Data Movement in Groupcall Messenger

The diagram[1] below details the movement and storage of data within Groupcall Messenger, further explanation is provided below.

[1] Twitter logo used within permissions defined at https://twitter.com/logo


Transfer and Use of Personal Information

For the purpose of allowing authorised users to build and transmit messages to students, staff and parents through Groupcall Messenger, the system requires specific personal information.

This specific personal information is based on a range of selection criteria, such as current group memberships or attendance.

  1. Personal information about pupils who are currently on roll:
    • Internal MIS record ID
    • Name
    • Gender
    • Date of birth
    • Home/mobile phone numbers
    • Email address(es)
    • Year group, registration group, school house group
    • Class or lesson groups
    • Attendance marks for the current year to date
    • School record photograph
    • Preferred language of communication
  2. Personal information about adults currently in the employ of the school:
    • Internal MIS record ID,
    • Name and title
    • Gender
    • Date of birth
    • Post(s) currently held
    • Association with class, lesson, year, registration or house groups
    • Mobile, home and work phone numbers
    • Email address(es)
    • School record photograph
    • Preferred language of communication
  3. Personal information about pupil contacts with parental responsibility:
    • Internal MIS record ID,
    • Name and title
    • Mobile, home and work phone numbers
    • Email address(es)
    • Relationship with Student (Father/Mother/etc...)
    • Preferred language of communication
  4. Information about your school:
    • School name and establishment number
    • School phone number
    • School email address
    • Head teacher’s name
    • Full school address

Notes:

  • Any data received that is outside of this scope is safely discarded by the Groupcall Messenger platform during import processing
  • This list of fields represents the maximum possible transfer; business requirements and MIS data availability dictate that in many cases a lesser level of data than listed is actually transferred.

Use of Data

The Use of Data policy is provided for schools to ensure that, as data controllers they have the ability to share data, and that they consider there to be appropriate measures in place, ensuring that the data is held securely and confidentially.

This document sets out how Groupcall supports these objectives.

Groupcall and its suppliers will be acting as ‘data processors’ as defined by the 1998 Data Protection Act. Groupcall has taken all reasonable measures to ensure the safety and security of the personal information, and continues to review these measures on an on-going basis.

Data Security

This information gives details of the management of data security in relation to the use of Groupcall Messenger v5. Schools may wish to use this with their fair use policy.

 

School hosted MIS products data extraction Show details
transparent_10x10transparent_10x10In the case of school-hosted MIS products the information is extracted from the school Management Information System (MIS) using Groupcall’s Xporter software. The data is securely uploaded to Groupcall Messenger v5 using industry standard SSL encryption. A unique identifier configured in Groupcall Xporter ensures that the information is linked to the correct customer account. Groupcall Xporter accesses the school MIS system using credentials that you provide and cannot access it without them.
transparent_10x10
Cloud hosted MIS products data extraction Show details
transparent_10x10transparent_10x10In the case of a cloud-hosted MIS product the information is extracted from the school Management Information System (MIS) securely via a cloud-to-cloud transfer. This is initiated by Messenger v5, using industry standard SSL encryption. Groupcall Xporter is not used in this configuration; the communication is directly between Messenger v5 and your MIS provider. The credentials you provide to authenticate Messenger v5 to your MIS are stored in Messenger v5 and the information cannot be retrieved from your MIS without them. In addition, if you revoke third party access through your MIS then Messenger v5 will no longer be able to retrieve information from it. 
transparent_10x10

The information from your school is held inside the Messenger v5 web platform, which is hosted in Microsoft’s Azure platform in the Europe North territory.  You can find out more about the security and safety policies that affect your data in more detail in the Messenger v5 Data Security Summary document. In summary, the data in Azure is protected from exposure by multiple layers of firewalling, authentication and physical access control.

When authorised users send messages to people using Messenger v5 those messages will pass through one or more of our partner organisations, for routing and delivery. While awaiting delivery, these messages will be queued at one or more of our partner organisations.  This applies to Text (SMS) messages, Voice messages and Emails.  All reasonable efforts are made to protect these messages, in transit and while queuing, however the same risks apply in the case of sending your own SMS, Voice or Email messages because the same delivery network is used.  Your organisation policies should provide further guidance over what is suitable to send over such mediums.

When authorised users send broadcast messages such as those to Twitter, you must enter your Twitter credentials into Messenger v5.  Messenger v5 then uses industry standard integration to link into Twitter and post messages.  Please note that such broadcast posts could be seen by anyone.

Attendance Write-back

Messenger v5 can write-back student attendance marks for students within selected MIS systems. An example of this can be in instances where a parent has responded to a challenge of unknown absence and the response explains that the student is off from school ill. Please note: this isn’t an automated process; it is up to your organisation to create 'right' assigned users. For example, based on text responses, an authorised user who has the appropriate 'right' assigned to them, will need to read the parental responses and select what write-back requests to make, if any.  Your organisation may decide that none of your users have this right assigned.

Where the MIS system is school-hosted this is carried out by securely queuing a write-back request for Xporter in the school to pick up and apply, which it will typically do within 15 minutes. Where those MIS systems are cloud-hosted this is carried out as a direct and secure cloud-to-cloud transfer of the individual student mark that is changed.

Typically only the Student’s MIS record ID, the new mark, and the time-point of the mark are transferred in a write-back request; thus minimising data transfer in keeping with a small surface for improved data security.

Groupcall Support Personnel & Data Security

The Support team at Groupcall are able to resolve or advise you on any technical issues that you encounter while using Groupcall products, however they are unable to advise on any other issues affecting Groupcall Partner products and in such instances you should refer to the support arrangements for that specific Groupcall Partner.

Often it is necessary for a Groupcall support technicians to view the issue with you, in order to diagnose it fully and offer a solution. In circumstances where support technicians need to view the issue with, you they may use remote access tools to view your  computer with you, in which case you should remain at your computer and supervise the entire session.  All of our remote sessions allow you to retain control and allow you to terminate the session at any time.  If your issue escalates and an additional support technician is required, then additional Groupcall staff may join the remote session.

If your issue is a platform issue or requires changes to your account configuration, then Groupcall staff may perform such configuration on your behalf from our secure management platform without requirement for remote access.

You are reminded that you should avoid sending personal information, such as student/contact records, to Groupcall directly.  You certainly should only send such information when supported by strong encryption, if there is an explicit requirement to do so.  Groupcall staff will advise the most secure method for transfer if there is such an explicit requirement.

Data Life Cycle

Your data’s point of origin remains in the school MIS. Changes made in the MIS are carried up to the Groupcall Product either via Groupcall Xporter or cloud-to-cloud transfer. This is dependent on the MIS product you use.

Data is synchronised nightly from the school MIS into the Groupcall Product, with additional runs during the day to ensure attendance changes in the MIS are reflected within the Groupcall Product.

Depending on your configuration and MIS product it may be possible for you to write attendance changes back to your MIS. However, the MIS will still remain the point of origin for all data, even if you make use of attendance write-back.

Privacy Policy

This forms part of the application process to use relevant Groupcall Products.  The Head Teacher or an authorised member of staff will agree to have read and understood the terms and conditions outlined below:

Browser Cookies

Messenger v5 makes use of browser cookies for the following purposes:

  • To manage user authentication and,
  • To track individual user behaviour in order to continuously improve Groupcall Messenger, through functionality and performance.

 

Next Steps...

If you need any further assistance or get in to any difficulty, please contact your School Administrator. Alternatively, they can contact Groupcall Support on your behalf.

…And Finally

Have you followed Groupcall on Twitter and Facebook? Stay informed, get the latest news, updates and useful tips on all of our products!


 

Print Friendly