- Acceptable Use
- Personal Data We Collect
- How We Use Personal Data
- Reasons We Share Personal Data
- How to Access & Control Your Personal Data
- Cookies & Similar Technologies
- Notice to End Users
- European Privacy Rights
- Security of Personal Data
- Where We Store & Process Personal Data
- Our Retention of Personal Data
- Changes to This Privacy Statement
- How to Contact Us
Personal Data We Collect
Phinite collects data to operate effectively and provide you with the best experiences within AIM. You provide some of this data directly, such as when you create an AIM account, upload a document or contact us for support. We are provided some of it by the schools we are partnered with. We get some of it by recording how you interact with our products by, for example, using technologies like cookies, and receiving error reports or usage data from the website while you're using it.
We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but have included:
- Social networks when you grant permission to AIM to access your data on one or more networks.
- Partners with which we offer co-branded services or engage in joint marketing activities, and
- Publicly-available sources such as open government databases or other data in the public domain.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide a product or feature, you may not be able to use that product or feature.
The data we collect depends on the context of your interactions with AIM, the choices you make, including your privacy settings, and the products and features you use. The data we collect can include the following:
Name and contact data. We collect your forename and surname, email address, postal address, phone number and other similar contact data.
Credentials. We collect passwords, password hints and similar security information used for authentication and account access.
Demographic data. We collect data about you such as your age, gender, country and preferred language.
Device and usage data. We collect data about your device and how you and your device interact with AIM. For example, we collect:
- Product use data. We collect data about the features you use and the pages you visit.
- Error reports and performance data. We collect data about the performance of AIM and any problems you may experience. This data helps us to diagnose problems in the products you use, and to improve our products and provide solutions. Error reports (sometimes called “crash dumps”) can include data such as the type or severity of the problem, details of the software or hardware related to an error, contents of files you were using when an error occurred.
- Troubleshooting and help data. When you engage Phinite for troubleshooting and help, we collect data about you and your hardware, software and other details related to the incident. Such data includes contact or authentication data, the content of your chats and other communications with Phinite, data about the condition of the machine and the application when the fault occurred and during diagnostics.
Content. We collect content of your files and communications when necessary to provide you with the products you use. For example, if you upload a file to your sixth form application, we need to collect the content of that file to display it to you and the school.
We also collect information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for customer support. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
How We Use Personal Data
Phinite uses the data we collect to operate our business and provide you with the AIM products, which includes using data to improve AIM and personalise your experiences. We may also use the data to communicate with you, for example, informing you about your account, security updates and product information.
Providing and improving AIM. We use data to provide and improve AIM and perform essential business operations. This includes operating the product, maintaining and improving the performance of the product, developing new features, conducting research and providing customer support. Examples of such uses include the following:
- Customer support. We use data to diagnose product problems and provide other customer care and support services.
- Product Improvement. We use data to continually improve AIM, including adding new features or capabilities. For example, we use error reports to improve security features and usage data to determine what new features to prioritise.
- Security, Safety and Dispute Resolution. We use data to protect the security and safety of AIM and our customers, to resolve disputes and enforce our agreements.
- Business Operations. We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions and report on the performance of our business.
Communications. We use data we collect to communicate with you and personalise our communications with you. For example, we may contact you by email or other means to update you or enquire about a service or support request or to invite you to participate in a survey. For information about managing your contact data and email subscriptions, please visit the Access and Controls section of this privacy statement.
How to Access & Control Your Personal Data
You can view, edit or delete your personal data online for some modules of AIM. You can also make choices about the collection and use of your data. How you can access or control your personal data will depend on which modules your school has enabled and those that you use. You can opt out from receiving many of the email updates that are sent as part of the service, except in cases where such emails are sent as a required part of the service (such as password reset emails). These preferences can be managed through the account section of AIM, once logged in.
Notice to End Users
AIM is intended for use by organisations (primarily schools) and is administered to you by that organisation. Your use of AIM may be subject to your organisation's policies, if any. If your organisation is administering your use of AIM, please direct your privacy enquiries to your administrator. Phinite is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement. If you use an email address provided by an organisation you are affiliated with, such as an employer or school, to access AIM, the owner of the domain (e.g. your employer/school) associated with your email address may: (i) access and process your data, including the contents of your communications and files.
European Privacy Rights
Phinite adheres to applicable data protection laws in the European Economic Area (such as GDPR), which if applicable includes the following rights:
- If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing;
- You have a right to request from your data controller, in this case the school who's AIM installation you are using, access to and rectification of your personal data;
- You have a right to object to the processing of your personal data; and
- You have a right to lodge a complaint with a data protection authority.
You should pursue any queries with regards to your data rights directly with the school and they should then be able to use the features of AIM to provide you with answers to your queries. Where necessary the school may forward a request to us for clarification.
Security of Personal Data
Phinite is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit data over the Internet, we protect it through the use of encryption.
Where We Store and Process Personal Data
Personal data collected by Phinite may be stored and processed in your region, in the United Kingdom or in any other country where its service providers maintain facilities. Typically, the primary storage location is in the customer’s region or in Europe, often with a backup to a data centre in another region. The storage location(s) are chosen in order to operate efficiently, to improve performance and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this privacy statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located.
Our Retention of Personal Data
Phinite retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly. The criteria used to determine the retention periods include:
- How long is the personal data needed to provide the products and operate our business? This includes such things as maintaining and improving the performance of those products, keeping our systems secure and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
- Do customers provide, create or maintain the data with the expectation we will retain it until they affirmatively remove it? Examples include a document you store within AIM. In such cases, we maintain the data until you actively delete it.
- Is there an automated control, such as in the account section, that enables the customer to access and delete the personal data at any time? If there is not, a shortened data retention time will generally be adopted.
- Is the personal data of a sensitive type? If so, a shortened retention time would generally be appropriate.
- Has Phinite adopted and announced a specific retention period for a certain data type?
- Has the user provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
- Is Phinite subject to a legal, contractual or similar obligation to retain the data? Examples can include Department for Education mandatory data requirements for schools, mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation or data that must be retained for the purposes of litigation.
Changes to This Privacy Statement
We will update this privacy statement when necessary to reflect customer feedback and changes in our products. When we post changes to this statement, we will revise the "last updated" date at the top of the statement and describe the changes in the Change History page. If there are material changes to the statement or in how Phinite will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Phinite is protecting your information.
How to Contact Us
If you have a technical or support question, please contact your school directly.
If you have a privacy concern, complaint or question you should first contact your school as they are the "Data Controller". If you would like to directly contact Phinite you can do so by emailing firstname.lastname@example.org. We will respond to questions or concerns within 30 days.
Unless otherwise stated, Phinite Limited is a data processor for personal data we collect through AIM. We act on behalf of your school and they are the data controller.