Privacy Statement

This privacy statement discloses the privacy practices for the Exeant: The Spencer Academies Trust. It applies solely to this website.

Information collection and use

Information gathered on this site is used only to monitor educational visits, respond to enquiries and to monitor site usage. The information will not be passed on to third parties or used for any other purposes unless instructed by you to do so.
Where personal data is requested through forms, such data is only used for the purpose stated on the form and will not be shared with any third parties.
Personal data held for users of the system is limited to their name, email address, role within the context of school visits, and details of any visit related qualifications or certifications.
Personal data is entered and kept up to date by the individuals concerned, or by their senior managers.
No pupil data is routinely held by Exeant, other than that entered in the context of individual visits. This usually will be limited to lists of the names of pupils on a visit, and occasionally details of any special requirements, such as medication, that staff need to be aware of on the visit.
The data is stored on Linux servers hosted by Bytemark, who have ISO27001 security certification. The servers are based in their secure data centre, YO26 in York, and also at Reynolds House in Manchester. Unencrypted access to the virtual servers is not supported, except for http requests on port 80 which are immediately redirected to an encrypted https connection. Management and backup of the servers is done over an SSH connection.
The servers are firewalled and incoming traffic is only allowed on the ports essential for the running of Exeant and the maintenance of the server. Intrusion detection software dynamically blocks IP addresses repeatedly attacking the server. Tripwire and rootkit detection software regularly checks system integrity. Security updates to the operating system and system software are applied in a timely manner.
Data is kept until the youngest participant on a visit has reached the age of 25, after which, it is deleted using 'shred', a secure deletion tool which destroys files contents in a way that it is impossible to recover.