Version 3 May 19th 2018 – updated for GDPR compliance
- Data we collect, hold and process about you
- What we do with your data
- Your rights and control over your personal data
- Security in relation to your data
- Information about how you can contact us if you wish
Data we collect, hold and process about you
We process the personal data of our users and organisers and, if applicable, information relating to younger users' parents and/or guardians. We take as little personal information as possible and only that which is adequate and limited to enabling us to provide our services. We may collect, store and use the following personal information about you:
- User name (nickname)
- Password (encrypted)
- Email address
- Postal address
- Age band
- The time you spend on the site
- Your learning progress
- Your communications
- Information from online forms and feedback completed by you
- Any other personal information that you choose to send us
The data we collect helps support four major functions of iDEA:
- User registration to set up an account (data collected at the point of sign-up)
- Certificate production and distribution (data collected after someone has won an Inspiring Digital Enterprise Award)
- Record of Achievement production (data collected if someone would like to download, print and share their own personal Record of Achievement)
- Communication with users (data collected at the point of sign-up)
Please let us know if the personal data we hold about you needs to be corrected or updated as we are committed to only holding accurate and up-to-date information.
You may only pass us another individual’s personal data if you have that person’s consent to do so on the understanding that their personal data will be processed as described in this policy.
- We also collect information about you from other sources, such as Google Analytics.
- We collect information from your computer and about your visits to and use of this website. This includes collecting unique online identifies such as IP addresses, which are numbers that uniquely identify a specific computer or other device on the internet. Please see our Cookies section for more details.
What we do with your data
We only use your data in the legitimate interest of running iDEA. This means we process your information so that you can use our platform in the following ways:
- To acquire digital, enterprise and employability skills, knowledge and information
- To win badges
- To gain Bronze, Silver or Gold Inspiring Digital Enterprise Awards
- To showcase your achievements using your Record of Achievement and your certificates
- To track learner analytics and progress relating to cohorts established for this purpose
We use your personal data in the following ways:
- To provide our services to you and help and support you by handling your questions and requests
- To ask you for feedback to help us improve the site and our badges
- To maintain your contact preferences
- To administer our website, personalise it to you and keep it secure
- To prevent fraud
- To verify compliance with the terms and conditions governing the use of our website
In the future, we may use your personal data in the following ways:
- To send you emails with general news about the platform, including updates on new badges available, information about your progress
- To send you relevant emails about about awards, competitions, events
- To send you relevant newsletters and special offers
- To send you invitations to join activities hosted by iDEA and trusted partner charities and events.
- To give you ongoing information on how to use the internet safely
To protect your identity, your user ID is codified. All emails generated by the website use the user name (nickname) you selected.
If you are under 13 / 16
If you are under 16 and live in Germany, Hungary or the Netherlands, you may only use this site if you have confirmed your parent, guardian or carer has granted you permission to access iDEA and provided their name and email address.
If you are under 13 and live anywhere else in the world, you may only use this site if you have confirmed your parent, guardian or carer has granted you permission to access iDEA and provided their name and email address.
Our legal basis for processing your personal information
We promise that we shall only use your data in the way you wish, and we shall always respect your privacy. We process your data under the following legal grounds:
- Performance of a contract: where the processing is necessary for us to deliver our services to you, and to provide you with your badges, Record of Achievement, certificates and awards.
- Legitimate interests: we may also match the data we collect with other data that we hold about you if you have been connected with iDEA before. We do this because we have a legitimate business interest to send you only relevant messages. To do so, we need to build up a picture of your personal preferences and understand how you use iDEA.
We use our own staff, and we also use a small selection of third party companies to process some data on our behalf. We only use processors with clear GDPR commitments, and only in the legitimate interest of running iDEA to deliver our services.
- The Office of HRH The Duke of York (which is part of the Royal Household) who run events, administer iDEA, and may look at your performance to help make sure your learning route is tailored to your own preferences and interests.
- Companies who provide services on our behalf:
- Microsoft Azure who host our platform and most of our badges
- Auth0 who administer our single sign-on registration
- MailGun and MailChimp who distribute our emails
- Typeform who collects information to help us administer certificates
- Floxx who provide us with technical support
- Secarma who conduct our cyber security testing
- Salesforce, Barclays, Century, Digital Portfolios and Proversity who host some of our badges
We shall keep your personal data within iDEA and our trusted third parties except where disclosure is required by law, for example to government bodies and law enforcement agencies.
How long we keep your personal information
We only keep your personal information for as long as we need to, so that we can use it for the reasons described above. Where your information is no longer required or is no longer relevant, we will make sure it is disposed of securely.
The actual period for which we store your personal information will vary depending on the type of personal information and how it is used. For example:
- Part of our service is providing you with badges, awards and your Record of Achievement so you can demonstrate skills, knowledge and information you have acquired to future employers and other bodies. We shall therefore keep a record of all your achievements until you tell us you do not wish us to do so.
- You will always be able to access the website using your login if you wish to, but if your account is dormant for more than five years we shall archive your contact data.
- If you tell us to stop sending you emails that are not service-related, we shall keep a record of that instruction with your contact details. We shall hold that information indefinitely unless you tell us otherwise.
- Where necessary, we shall keep your personal data for as long as required to do so by law; and where required to establish, exercise or defend our legal rights.
Your personal data may be stored, processed, and transferred outside the EEA so that we can use your personal data as described in this policy.
We will make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. European data protection laws include specific rules on transferring personal information outside the EEA.
When transferring personal information outside the EEA, we will:
- Include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties (these are the clauses approved under Article 46.2 of the General Data Protection Regulation (GDPR)); or
- Ensure that the country in which your personal information will be handled has been deemed "adequate" by the European Commission under Article 45 of the GDPR.
Links to other websites
Your rights and control over your personal data
Under the General Data Protection Regulation, you have the right to:
- Access your personal data by making a subject access request
You have the right at any time to ask us what personal information we hold about you, and to ask us to update, amend or delete any data that is incorrect or out of date. To protect your privacy and security we may need to verify your identity before disclosing or deleting your data. Please write to us using the 'Contact Us' button on the website, or contact the Director at the Office of HRH The Duke of York, KG in our offices at the address below.
- Rectification, erasure or restriction of your information where this is justified
The accuracy of your personal data is important to us. You can update your personal data, including your address and contact details at any time by writing in to us using the 'Contact Us' button on the website. If you find any inaccuracy in your data at any time, we will delete or correct it promptly at your request. Proof of identity may be required in some circumstances. Please write to us using the 'Contact Us' button on the website, or contact the Director at the Office of HRH The Duke of York, KG in our offices at the address below.
- Object to the processing of your information where this is justified
You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future. You have the right to object to your personal data being processed, for marketing and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing. Please write to us using the 'Contact Us' button on the website, or contact the Director at the Office of HRH The Duke of York, KG in our offices at the address below.
- The right to make a complaint to the data protection regulator
If you wish to complain or take advice from the data protection regulator, please contact the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold your rights to data privacy. The ICO can be contacted at The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: +44 (0) 01625 545 745 Website: www.ico.org.uk
Privacy and Cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To find out more about cookies, visit www.aboutcookies.org
Cookies do not typically contain any information that identifies a user, but other information that we hold about you may be linked to the information stored in, and obtained from, cookies.
- Strictly necessary - These cookies are essential for certain features of our websites to work These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services you have asked for cannot be provided.
- Functionality - These cookies are used to provide services or remember settings to enhance your visit, for example text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites.
- Targeting and Advertising - These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and doesn't contain your personal information. To find out more about cookies used for targeting and advertising follow www.youronlinechoices.com and www.networkadvertising.org.
- Session Cookies and Persistent Cookies - Session cookies expire when you close your browser or if you stay inactive for a certain time. Persistent cookies will persist even after the browser is closed. They are used to remember you so that you don’t have to re-enter, for example, log-in information every time you revisit our website.
- Managing cookies - If you'd prefer to restrict, block or delete cookies placed by our website, you can use your browser to do this. Each browser is different, so check the 'Help' menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our websites and some features may not work as expected.
If you are concerned about cookies tracking your online movements then you may be concerned about spyware. Spyware is a particular type of cookie that tracks personal information about you. There are antispyware programs available that you can use to prevent this
The BBC has useful information on this subject at: http://www.bbc.co.uk/webwise/guides/about-spyware
You can also disable Google Analytics on all websites by downloading the Google Analytics Opt-out Browser Add-on. Just type "Google Analytics Opt-out Browser Add-on" into your web browser to read about these processes.
Security in relation to your data
iDEA takes security extremely seriously. We:
- Have a secure by design password management system which encrypts all passwords end-to-end
- Use a secure by-design mail encryption service to send personal data by email outside of normal service provision
- Codify user logins for the platform, for referral ID, for verification ID and for the single sign-in system
- Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and require all of our devices and systems to have as much security as possible
- Have a continuity process in place with back-up servers in order to restore availability and access to personal data in a timely manner in the event of a physical or technical incident
- Have SSL on our website and our resources (badges)
- Conduct cyber security (penetration) testing and take all reasonable measures to ensure the security and integrity of the platform and our resources (badges)
- Have offices in a secure building
- Have reviewed the security of all third party services (please refer to the section above on data processors)
Information about how you can contact us if you wish
- iDEA does everything we can to keep your data safe
- we only use your data to deliver our services
- you have the right to contact us and request a copy of the data we store for you
- you also have the right to request any data we store for you is deleted
We are registered as a Data Controller with the UK Information Commissioner’s Office, under registration number ZA203454.
This website is owned and operated by Inspiring Digital Enterprise Award C.I.C., registered in England and Wales under company number 09569896, and our registered office is at Buckingham Palace, London, SW1A 1AA. This is our principle place of business.
If you have any questions about this Policy or your personal data, please contact:
Director, Office of HRH The Duke of York, KG either using the postal address at Buckingham Palace, or email [email protected].