The new GDPR regulations come into force on the 25th May and iCapture Limited will be fully compliant with these regulations. As part of these regulations our customers – such as nurseries and childminders will act as Data Controllers and we will be classed as a Data Processor.
Here are some of the most commonly asked questions we answer about our compliance with GDPR.
Where is the information stored and where do you keep your servers?
We use servers that are owned and managed by Microsoft(Azure) and Amazon Web Services (AWS) based in the UK & Ireland to store all of the personal information that is added to the system. Azure is used to store personal information and the databases while AWS is used to store images and video content. They are both ISO27001 and ISO 9001 certified providers.
What do you do to keep the data safe?
The system uses a variety of security measures to protect the data stored on it. We use SSL to encrypt data sent across the internet. We then use a mixture of encryption and permissions to restrict access of the data to only people authorised by the customer (you) to see.
Who has access to the data within iCapture?
Our support team have access to the basic information on your setting and are able to create and manage settings. They do not have direct access to content that you add.
Our development team are able to access the data. Access to production servers is strictly limited to authorised personnel. Access to individual’s data is granted on a case by case basis to resolve issues arising from customer support requests. When issues need to be investigated further, information is obfuscated and anonymised and copied to a non-production server also hosted on Azure. Once the issue is resolved this data is deleted. Connections between development office and hosting environment are secured using a VPN tunnel or SSH. Connections are monitored.
Information shared with parents
iCapture will contact parents through email, sms and other digital means to communicate actions from customers such as notifications of content shared. iCapture, with the permission of the parent will also contact them to update on new features and services provided within the product.
iCapture will not share parent details with any 3rd party organisation outside of those necessary to provide the product and services that have been signed up for.
Under proposed changes to support GDPR, Parents will sign-up directly with the Capture Education service and will be able to control what they receive and from which providers. A parent will be able to connect with multiple providers and so children with different customers will have the data shared with a single parent account.
A parent and a nursery will both have to approve a connection with each other and both parties will be able to close the link at any time.
Information that is shared directly with a parent will be held on the parent account until such time as the parent requests removal of that information or cancels their account. As such the new terms and conditions will give the parent permission to hold copies of that information for personal use but not for reproduction or distribution without the permission of the nursery.
Are you registered with the ICO?
Yes we are registered with the ICO, our registration number is ZA317317. All nurseries and childminders should also register with the ICO as Data Controllers.