Messenger v5 Data Sharing Agreement

Groupcall Messenger is used by over 2,500 Primary and Secondary schools and provides an easy-to-use solution for parental communication. The system gives schools the ability to send text messages (SMS), emails and automated voice calls to the mobile phones and landlines of parents, staff and key contacts.

To provide an accurate list of school contacts at any time Groupcall Messenger v5 integrates with the schools Management Information System (MIS) and maintains a secure copy of essential school data within the Groupcall Messenger v5 web platform.

Table of Contents

Document Aims

This document explains the selection, safeguarding and security of this data in detail and forms our Data Sharing Agreement with you. In order to use Groupcall Messenger your organisation must understand and accept this agreement - use of the product implies your acceptance.

Overview of Data Movement in Groupcall Messenger

The diagram[1] below details the movement and storage of data within Groupcall Messenger, further explanation is provided below.

Movement and storage of data within Groupcall Messenger

Click image to expand

[1] Twitter logo used within permissions defined at https://twitter.com/logo

Transfer and Use of Personal Information

For the purpose of allowing authorised users to build and transmit messages to students, staff and parents through Groupcall Messenger, the system requires specific personal information.

This specific personal information is based on a range of selection criteria, such as current group memberships or attendance.

1. Personal information about pupils who are currently on roll:

  • Internal MIS record ID
  • Name
  • Gender
  • Date of birth
  • Home/mobile phone numbers
  • Email address(es)
  • Year group, registration group, school house group
  • Class or lesson groups
  • Attendance marks for the current year to date
  • School record photograph
  • Preferred language of communication
2. Personal information about adults currently in the employ of the school:
  • Internal MIS record ID,
  • Name and title
  • Gender
  • Date of birth
  • Post(s) currently held
  • Association with class, lesson, year, registration or house groups
  • Mobile, home and work phone numbers
  • Email address(es)
  • School record photograph
  • Preferred language of communication
3. Personal information about pupil contacts with parental responsibility:
  • Internal MIS record ID,
  • Name and title
  • Mobile, home and work phone numbers
  • Email address(es)
  • Relationship with Student (Father/Mother/etc...)
  • Preferred language of communication
4. Information about your school:
  • School name and establishment number
  • School phone number
  • School email address
  • Head teacher’s name
  • Full school address

Notes:

  • Any data received that is outside of this scope is safely discarded by the Groupcall Messenger platform during import processing
  • This list of fields represents the maximum possible transfer; business requirements and MIS data availability dictate that in many cases a lesser level of data than listed is actually transferred.

Use of Data

The Use of Data policy is provided for schools to ensure that, as data controllers they have the ability to share data, and that they consider there to be appropriate measures in place, ensuring that the data is held securely and confidentially.

This document sets out how Groupcall supports these objectives.

Groupcall and its suppliers will be acting as ‘data processors’ as defined by applicable data protection legislation such as the GDPR, DPA 2018 and any successors to these. Groupcall has taken all reasonable measures to ensure the safety and security of the personal information, and continues to review these measures on an on-going basis.

Data Security

This information gives details of the management of data security in relation to the use of Groupcall Messenger v5. Schools may wish to use this with their fair use policy.

School hosted MIS products data extraction
In the case of school-hosted MIS products the information is extracted from the school Management Information System (MIS) using Groupcall’s Xporter software. The data is securely uploaded to Groupcall Messenger v5 using industry standard SSL encryption. A unique identifier configured in Groupcall Xporter ensures that the information is linked to the correct customer account. Groupcall Xporter accesses the school MIS system using credentials that you provide and cannot access it without them.
Cloud hosted MIS products data extraction
In the case of a cloud-hosted MIS product the information is extracted from the school Management Information System (MIS) securely via a cloud-to-cloud transfer. This is initiated by Messenger v5, using industry standard SSL encryption. Groupcall Xporter is not used in this configuration; the communication is directly between Messenger v5 and your MIS provider. The credentials you provide to authenticate Messenger v5 to your MIS are stored in Messenger v5 and the information cannot be retrieved from your MIS without them. In addition, if you revoke third party access through your MIS then Messenger v5 will no longer be able to retrieve information from it.

The information from your school is held inside the Messenger v5 web platform, which is hosted in Microsoft’s Azure platform in the Europe North territory.  You can find out more about the security and safety policies that affect your data in more detail in the Messenger v5 Data Security Summary document. In summary, the data in Azure is protected from exposure by multiple layers of firewalling, authentication and physical access control.

When authorised users send messages to people using Messenger v5 those messages will pass through one or more of our partner organisations, for routing and delivery. While awaiting delivery, these messages will be queued at one or more of our partner organisations.  This applies to Text (SMS) messages, Voice messages and Emails.  All reasonable efforts are made to protect these messages, in transit and while queuing, however the same risks apply in the case of sending your own SMS, Voice or Email messages because the same delivery network is used.  Your organisation policies should provide further guidance over what is suitable to send over such mediums.

When authorised users send broadcast messages such as those to Twitter, you must enter your Twitter credentials into Messenger v5.  Messenger v5 then uses industry standard integration to link into Twitter and post messages.  Please note that such broadcast posts could be seen by anyone.

Attendance Write-back

Messenger v5 can write-back student attendance marks for students within selected MIS systems. An example of this can be in instances where a parent has responded to a challenge of unknown absence and the response explains that the student is off from school ill. Please note: this isn’t an automated process; it is up to your organisation to create 'right' assigned users. For example, based on text responses, an authorised user who has the appropriate 'right' assigned to them, will need to read the parental responses and select what write-back requests to make, if any.  Your organisation may decide that none of your users have this right assigned.

Where the MIS system is school-hosted this is carried out by securely queuing a write-back request for Xporter in the school to pick up and apply, which it will typically do within 15 minutes. Where those >MIS systems are cloud-hosted this is carried out as a direct and secure cloud-to-cloud transfer of the individual student mark that is changed.

Typically only the Student’s record ID, the new mark, and the time-point of the mark are transferred in a write-back request; thus minimising data transfer in keeping with a small surface for improved data security.

Groupcall Support Personnel & Data Security

The Support team at Groupcall are able to resolve or advise you on any technical issues that you encounter while using Groupcall products. However, they are unable to advise on any other issues affecting Groupcall Partner products and in such instances, you should refer to the support arrangements for that specific Groupcall Partner.

Often it is necessary for Groupcall support technicians to view the issue with you, in order to diagnose it fully and offer a solution. In circumstances where support technicians need to view the issue in situ, they may use remote access tools to view your computer with you In this case, you should remain at your computer and supervise the entire session. All of our remote sessions allow you to retain control and allow you to terminate the session at any time.  If your issue escalates and an additional support technician is required, then additional Groupcall staff may join the remote session.

If your issue is a platform issue or requires changes to your account configuration, then Groupcall staff may perform such configuration on your behalf from our secure management platform without requirement for remote access.

You are reminded that you should avoid sending personal information, such as student/contact records, to Groupcall directly.  You certainly should only send such information when supported by strong encryption, if there is an explicit requirement to do so.  Groupcall staff will advise the most secure method for transfer if there is such an explicit requirement.

Data Life Cycle

Your data’s point of origin remains in the school MIS. Changes made in the are carried up to the Groupcall Product either via Groupcall Xporter or cloud-to-cloud transfer. This is dependent on the MIS product you use.

Data is synchronised nightly from the school MIS into the Groupcall Product, with additional runs during the day to ensure attendance changes in the MIS are reflected within the Groupcall Product.

Depending on your configuration and MIS product it may be possible for you to write attendance changes back to your MIS. However, the MIS will still remain the point of origin for all data, even if you make use of attendance write-back.

New 'personal' records
When a new staff, student or contact record is detected in the MIS, and meets the selection criteria it will be uploaded into the Groupcall Product and appear in the user interface accordingly for authorised users.
Changed 'personal' records
When a record change is detected for a student, staff or contact in the MIS and meets the selection criteria it will be uploaded into the Groupcall Product to update the existing record. The changes will appear in the user interface accordingly for authorised users.
Deleted 'personal' records
When a staff, student or contact record in the MIS no longer meets the selection criteria or is deleted this will be notified to the Groupcall Product on the next transfer. The Groupcall Product will then mark the record as deleted and stop presenting it to authorised users. The data will remain within the Groupcall Product for purposes of historic audit, until removed as part of history management.
New Messenger Group Memberships
When a person is detected to have a new or changed group membership, e.g. registration group, staff post, etc this will be notified to Messenger v5 on the next transfer.  Messenger v5 will then reflect this in the user interface for authorised users.
Deleted or Ended Messenger Group Membership
When a person is detected to have left a group membership, e.g. year group, class group, etc this will be notified to Messenger v5 on the next transfer. Messenger v5 will then reflect this in the user interface for authorised users and will delete its record of the person having been a member of the group.
Attendance Marks in Messenger
Messenger v5 groups students by recent non-present attendance marks, and retains a history of all attendance marks for the year to date to enable searching. When the academic year rolls over the previous year’s attendance marks are deleted.

Privacy Policy

This forms part of the application process to use relevant Groupcall Products.  The Head Teacher or an authorised member of staff will agree to have read and understood the terms and conditions outlined below:

Who is responsible for managing my information?
Who can I contact if I have queries about this privacy policy?
If you are already a Groupcall customer then please contact Groupcall Support. If you are a prospective customer then please contact our sales team by emailing sales@groupcall.com or call 020 8502 7344.
Will you ever update this private policy?
We may update this privacy policy from time to time and we will send notification to your main account contact if this is the case. For specific optional functionality within a Groupcall Product, we may also issue appendices to this agreement.
How can I update my data?

The data in the Groupcall Product reflects the data in your school MIS system, hence to correct any inaccuracies in the Groupcall Product you should correct the data in your MIS and allow an overnight update to occur.

If it is important that data changes are shown in the Groupcall Product more urgently. For example, if a parent has been restricted from contact with their child by court order, then you can contact Groupcall Support for assistance, by emailing support@groupcall.com or call 020 8502 7344.

What information do we collect?
We collect students, staff and parental contact and grouping information such as school record identifiers, names, gender, date of birth, electronic contact details, language preference and recent attendance marks. The full information we collect is detailed under the "Transfer and Use of Personal Information" section. For each specific product's see, Data Sharing Agreements.
What is my information used for in Messenger?
Messenger v5 requires specific personal information for the purpose of allowing authorised users to build messages to be transmitted to students, staff and parents based on a range of selection criteria such as current group memberships or attendance.
How is my information held within Messenger?
The information from your school is held inside the Messenger v5 web platform, which is hosted in Microsoft’s Azure platform in the Europe North territory.  You can find out more about the security and safety policies that affect your data in the more detailed Data Security Summary documents for each product; however in summary the data in Azure is protected from exposure by multiple layers of firewalling, authentication and physical access control.
How long will my information be held for by Messenger?

Group memberships are retained for only as long as they are valid, once a person is no longer in a group (e.g. a student leaves a class or a staff member stops supervising a year group) then Messenger v5 deletes it’s record of membership.

When a staff, student, or contact record in the MIS no longer meets our selection criteria or is deleted, Messenger v5 will then mark the record as deleted and stop presenting it to authorise users. The data will remain in Messenger v5 for purposes of historic message audit until removed as part of history management.

How do I delete my data from Messenger v5?
You will need to explicitly request that your Messenger v5 account is terminated. You can do this via Groupcall Support, or by sending an email to admin@groupcall.com or call 020 8502 7344.

Browser Cookies

Messenger v5 makes use of browser cookies for the following purposes:

  • To manage user authentication and,
  • To track individual user behaviour in order to continuously improve Groupcall Messenger, through functionality and performance.