Policy Centre

SMARTcurriculum Ltd provides SMARTcurriculum® Analytics using the LiveDataset platform provided by Krescendo Ltd. Krescendo is a UK based, international data services company enabling companies to ‘easily manage and augment data in a secure, centrally controlled environment with a familiar grid interface. Many users collaborate together on the data, with access permissions managed centrally.’

SMARTcurriculum Ltd (hereafter referred to as SMARTcurriculum) data policies work in synergy with those of Krescendo, as the data handling provider, and are in compliance with General Data Protection Regulations (GDPR) and Data Protection Act (DPA)

Krescendo update and publish their policies, represented here in the following policy frameworks:

Data Security
Data Privacy
Data Service

Please use the links to access the LiveDataset policy positions. We present these to reassure clients of the security, privacy and service delivery relating to their data.

The details below outline the SMARTcurriculum security, privacy and service frameworks and how our provision works alongside our provider partner’s policies.

Security Statement

Introduction

SMARTcurriculum strongly believes in data security and has sought to work with partners who can deliver high-quality data security within its analytics solution. Therefore we have chosen to work with a provider partner who has achieved ISO27001:2013, Cyber Essentials and Cyber Essentials Plus certification. Krescendo has been awarded a place on G-Cloud 10, the UK Government’s procurement framework for cloud-based services.

Data will be imported using the GroupCall Xporter portal to populate SMARTcurriculum Analytics. All imports are carried out after a client has approved connection through the GroupCall connection arrangements. Where schools are unable to connect to SMARTcurriculum through API, manual data retrieval systems will be used, a secure folder will be opened and used to share data, No data will be requested for email transfer.

Data Partnership

SMARTcurriculum provides SMARTcurriculum® Analytics on the LiveDataset platform and relies on the infrastructure security laid out within the Krescendo policy document (link above).

Independent Audit and Certification

Krescendo, the company behind LiveDataset, has achieved ISO27001:2013 certification for its information security management systems and risk management process. This standard provides customers confidence that Krescendo’s processes and systems have been independently audited to preserve the confidentiality, integrity, and availability of information.

Cyber Essentials

Cyber Essentials helps businesses like Krescendo protect themselves from the increasing threat of cyber attacks and to deliver a clear statement of the basic controls organisations should have to protect themselves. It is a government-backed and industry-supported scheme. Cyber essentials are designed to secure companies’ credentials when it comes to cyber security. In addition, Krescendo is Cyber Essentials Plus certified, which helps carry out vulnerability tests to ensure the company is protected from basic hacking and phishing attacks. It is important to be Cyber Essential certified as it demonstrates to customers, investors, insurers and others that minimum yet essential precautions have been put in place to protect organisations against cyber threats.

Architecture

Krescendo software applications are architected from the ground up to include stringent enterprise data security requirements:

- Multi-layered authentication and isolation
- Resilience and recoverability
- Audit controls
- Risk management

Flexibility and Experience

Since 2002, Krescendo has been delivering secure online systems to multinational enterprises satisfying some of the most demanding IT security requirements — including several of the world’s leading financial institutions. Krescendo has deployed applications using a variety of cloud infrastructure deployment models to meet the specific security, resilience, and access requirements for specific enterprise customers.

SMARTcurriculum

User Access

Access to SMARTcurriculum® Analytics is granted on completion of the purchase or annual renewal, which includes the licence agreement process. The client will nominate a User Administrator who will be responsible for creating and maintaining access to SMARTcurriculum® Analytics for the client institution. Access should only be granted to those within or directly related to the client organisation and with an appropriate professional email address. Access to a specific email address can be withdrawn by the User Administrator when appropriate.

Security of the data can only be ensured by the secure use and management of browsers and devices. SMARTcurriculum and Krescendo have taken all responsible measures to provide access in a secure environment. Users must ensure the appropriate use and exposure of the screen-based information once access is granted.

User Passwords

Passwords are created upon receipt of an access permission email sent from within the application. Secure passwords must be used. These are held and maintained by the user alone.

Privacy Policy

Who We Are

SMARTcurriculum Ltd is a UK-based company, that provides integrated curriculum and financial planning expertise and solutions for education providers. We can be contacted regarding this Privacy Policy and all Data Protection matters at info@smartcurriculum.net

Registered office: Fleet House Unit 3, 1 Armstrong Road, Benfleet, Essex SS7 4FH

Correspondence office: 62 Wavertree Road, Benfleet Essex SS7 5AP UK

Our partner data service provider: Krescendo Ltd is a UK-based company, providing Software as a Service (SaaS) function to clients.

Please address questions to SMARTcurriculum Ltd.

Our Commitment To Privacy

We are committed to protecting and respecting your privacy. This policy explains how we obtain and use information collected about our users. Your data is yours, and we will do our best to safeguard it for you.

Any personal information collected is done within the bounds of the General Data Protection Regulations (GDPR) and Data Protection Act (DPA), which place conditions on processing such data and provide the following rights for you:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

We work in partnership with an organisation that offers full transparency when it comes to information security and SMARTcurriculum work to this standard. In accordance with its Privacy Policy, linked above, Krescendo is happy to share results from its most recent audits. In compliance with ISO27001, Krescendo are committed to continuously improving best practices, and procedures, and carrying out regular audits for the whole Information Security Management System (ISMS) onto which SMARTcurriculum® Analytics sits.

The Information collected by SMARTcurriculum

This notice applies to all information collected or submitted to SMARTcurriculum® Analytics on the Krescendo website within the LiveDataset software for the purposes of supporting the accuracy and security of your data. The types of personal information collected include:

Information that is necessary for you to start using our services
- Name
- Company name
- Company email address

Only employees of your organisation with an institution email address will be added to the system. You have the freedom to include governance and trust level operators within the User Administration facility, but they will be managed at the institutional client level, not by the provider.

Information about your computer and about your visits to the Livedataset website, which are necessary for providing security, compatibility and ease of use, including:
- IP address
- Geographical location
- Browser version
- Operating system
- Length of visit
- Page views
- Navigation behaviour

Who has access to the data

SMARTcurriculum® Analytics is configured with a number of secure access levels that will enable appropriate staff access to strategic overview or granular level data. Data that is sensitive or personally identifiable is avoided where possible and when not avoidable is protected at the highest level of security. The client is responsible to manage the level of security provided to its users, with only the most senior designated staff able to see and manipulate the most personally identifiable data.

SMARTcurriculum Ltd staff access the data only to support data entry and provide training for the client. Krescendo Ltd staff who have access to the infrastructure tables to support the facility are limited to the identified partnership staff.

The Way We Use Information

We will only use your data for the purposes necessary to provide our contracted services to you, including:

To help us identify you and your accounts.
To send you email notifications and information.
To notify you of any changes to our services and products which may affect you.
We never use personally identifiable information provided to us in ways unrelated to those described above, unless you have provided consent for that purpose (e.g. contact details provided for sales or marketing purposes), which you have the right to withdraw at any time.

We will retain all information while there is an ongoing relationship with your organisation. To support the aggregation of data in informing organisational improvement we will remove all of your data from SMARTcurriculum Analytics five years after the end of the last active licence with your organisation.

We do not share any personal information with any third party, except where it is necessary for carrying out regulatory or legal obligations (e.g. employment or social security law), or for our legitimate interests (e.g. debt recovery). All information we hold is stored on servers sited within the UK. Data will not be transferred to servers elsewhere or overseas, other than to allow non-UK-based users to see and use their own information.

We do not share analytical data with anybody outside of the client organisation. Strategic information held within SMARTcurriculum® Analytics is used to inform the benchmarking capabilities of SMARTcurriculum® Analytics as far as they can support the effective practice reflected in the purpose of analysing the data entered. In this regard, no data is used in this benchmarking process that will identify any individual employee or child.

Commitment To Data Security

In compliance with ISO27001, Krescendo provides appropriate physical, electronic, and managerial procedures to safeguard and secure your information. The security of your information is very important to us and our objective is to maintain the confidentiality, integrity and availability of information as follows:

Confidentiality – only authorised people can access your information.
Integrity – information should be accurate and suitable for the purpose for which it is used.
Availability – only authorised users should be able to access the data if they need it for authorised purposes.

Commitment To Children’s Privacy

We do not retain information from or about any individual learner. Individual learner’s data does not feature in the data analysis and will not be individually identified in any dashboard or analytics presentation.

How You Can Access Or Correct Your Information

For information about the data collected within SMARTcurriculum® Analytics, you can access any personally identifiable information we collect about and maintain about you by sending us an email at info@smartcurriculum.net. We use this procedure to better safeguard your information. You can correct factual errors in your personally identifiable information by sending us a request that credibly shows errors.

To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

If you are unsatisfied with our responses to any reasonable requests, you have the right to lodge a complaint with the Information Commissioner’s Office.

SMARTcurriculum Ltd is registered with the Information Commissioners Office. Registration Number: ZB006456

Cookie Policy

Cookies are very small text files that are stored on your computer by websites that you visit.

The website uses cookies to generate statistical information, which is read by analytical services. The web analytics cookies track visitor information such as geographical location, browser version, operating system, IP address, etc. It is this information that we use to tailor and improve your user experience.

You can change your browser settings so that cookies are not accepted. If you do this you may lose some of the website functionality. To find out more about cookies such as what they do, how they work, and how to enable/disable them, see the About Cookies website.

We use well-known business-oriented services, such as Google and LinkedIn, to advertise online. Clicking on these advertisements will bring you to a marketing landing page on the website and may result in a third-party remarketing cookie being stored on your computer.

These remarketing cookies may be used to serve ads to you, based on the fact that you visited our landing page. You can opt out of third-party vendors’ use of cookies at the Network Advertising Initiative opt-out page.

Changes to Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you, for example via email. The current version will always be posted on our Privacy Policy page.

Should you have questions or concerns about this privacy policy please contact us at info@smartcurriculum.net

Service Statement

24/7 Uptime

Krescendo staff actively monitor the infrastructure and are committed to responding to critical issues 24/7.

Licence

From time to time there will be updates and features that are added to SMARTcurriculum® Analytics at no additional cost to the client. Notification of these updates will be made within SMARTcurriculum® Analytics LiveDateset tables. These are scheduled during the work day and will take the tables out of operational use for minimum lengths of time. Users are advised not to enter new data during these short periods to ensure no loss of data. These updates will not impact the dashboard information and normally will not interfere with the user experience.

Additional modules, as and when developed, will be made available at additional cost to the basic user annual licence. These will be updated in the same way as the features and updates.

Support

SMARTcurriculum Implementation staff are accessible through support@smartcurriculum.net and the telephone number provided within the licence agreement and initialisation process. Staff will respond to your requests within 24 hours.

SMARTcurriculum has access to a responsive team of technical specialists during London office hours. Please contact support@smartcurriculum.net if you need specific help.

Training

Training and development are supported through access to a programme of webinars and online learning experiences.

Face-to-face training is available through the website at https://smartcurriculum.net.

Safeguarding Policy

Scope

This policy applies to all SMARTcurriculum Ltd staff, including senior managers and the board of directors, paid staff, or anyone working on behalf of SMARTcurriculum Ltd [hereafter referred to as staff]. It will provide staff with the overarching principles that guide our approach to safeguarding.

Purpose

To protect children and young people [learners] who who live or study in establishments in which SMARTcurriculum delivers services.

SMARTcurriculum believes that a child or young person should never experience abuse of any kind. We have a responsibility to promote the welfare of all children and young people and to keep them safe. We are committed to practice that protects them.

SMARTcurriculum recognises that:

the welfare of the child is paramount, as enshrined in the Children Act 1989
all children, regardless of age, disability, gender, racial heritage, religious belief, sexual orientation or identity, have a right to equal protection from all types of harm or abuse
some children and adults are additionally vulnerable because of the impact of previous experiences, their level of dependency, communication needs or other issues

working in partnership with children, young people, their parents, carers and other agencies are essential in promoting young people’s welfare.

Actions

Within the duties undertaken by SMARTcurriculum as far as they involve interaction for or with young learners, each employee and representative of SMARTcurriculum commits to safeguarding children and young people by:

recruiting staff and volunteers safely, ensuring all necessary checks are made

Key Action:

1. 1. Ensure all SMARTcurriculum staff working with or coming into contact with children or young people either a) will be accompanied at all times by school staff or b) have an enhanced DBS certificate that is renewed annually or is registered for the Update Service and checked annually by the company.
  2. Provide all SMARTcurriculum staff with access to appropriate updates related to current safeguarding practices and ensure Safeguarding training is refreshed at least every two years.

Reading and understanding all annually updated legislation and policy documents listed below.

Key Action:

1. 1. Confirm reading of Keeping Children Safe in Education at the beginning of each academic year.

valuing them, listening to and respecting them

Key Action:

1. 1. Do not prompt conversation to illicit a safeguarding-related disclosure but be open to direct young people to staff in each institution designated as safeguarding personnel [as indicated in their safeguarding policy].

adopting child protection practices through procedures and a code of conduct for staff and volunteers

Key Action:

1. 1. Ensure that staff have been made aware of safeguarding personnel when entering an education establishment and ensure that they are aware of their safeguarding policy.

effective e-safety and related procedures

Key Action:

1. 1. No contact with learners through personal or company social media accounts.
  2. No use of personal email to connect with learners. Contact will be minimal and only through company email if necessary and only when directed to do so by school leadership staff in relation to the specific project being undertaken.

providing effective management for staff and volunteers through supervision, support and training

Key Action:

1. 1. Ensure that all staff have a copy of this policy and that they sign a declaration of having read the policy.
  2. Provide all SMARTcurriculum staff with access to appropriate updates related to current safeguarding practices.

recruiting staff and volunteers safely, ensuring all necessary checks are made

Key Action:

1. 1. Ensure all SMARTcurriculum staff who will ever be unaccompanied when working with or coming into contact with children or young people have an enhanced DBS certificate that has been annually renewed.

Legal framework

This policy has been drawn up based on laws and guidance that seek to protect children, namely:

Keeping Children Safe in Education Annually Updated Link
The General Data Protection Regulation (GDPR) (EU) 2016/679 Link
Multi-agency statutory guidance on female genital mutilation 2016 Link
All relevant government guidance on safeguarding children, particularly ‘Working together to safeguard Children’ Annually Updated Link
Prevent Duty Guidance, Home Office 2015 Link
The Non-Maintained Special Schools (England) Regulations 2015 Link
The Education (Independent Schools Standards) Regulations 2014 Link
The Protection of Freedoms Act 2011 Link
The Education Act 2011
Safeguarding Vulnerable Groups Act 2020 Link
The Children Act 2004
The Female Genital Mutilation Act 2021 and Statutory FGM Reporting Guidance Link
The Sexual Offences Act 2003
The Education Act 2002
The Data Protection Act 1998
The United Convention of the Rights of the Child 1991
The Children Act 1989

We are committed to reviewing our policy and good practice annually.

Dated: Version 1.07 October 2023

Next review: October 2024

Cookie	Duration	Description
cli_user_preference	1 year	This necessary cookie records records user preferences
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
csrftoken	1 year	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
mgref	1 year	This cookie is set by Eventbrite to deliver content tailored to the end user's interests and improve content creation. It is also used for event-booking purposes.
mgrefby	1 year	This cookie is set by Eventbrite to deliver content tailored to the end user's interests and improve content creation. It is also used for event-booking purposes.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
G	1 year	Cookie used to facilitate the translation into the preferred language of the visitor.
swpm_session	session	This cookie is set by the Simple WordPress Membership Plugin. This cookie is used for membership login session and to provide access to the protected content on the website.This cookie keeps the login records so user don't want to authorise each time while moving to next page.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_gtag_UA_54897450_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_learn_press_session_9fe038ae3fd91e53aa5ffc432f680224	2 days	No description
_wordpress_lp_guest	1 hour	No description
AN	1 month	No description available.
AS	session	No description available.
ebEventToTrack	1 month	No description available.
eblang	1 year	No description available.
elfsight_viewed_recently	less than a minute	Description is currently not available.
SP	session	No description
SS	session	No description
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.

Policy Table of Contents

Security Statement

Introduction

Data Partnership

Independent Audit and Certification

Cyber Essentials

Architecture

Flexibility and Experience

SMARTcurriculum

User Access

User Passwords

Privacy Policy

Our Commitment To Privacy

The Information collected by SMARTcurriculum

Who has access to the data

The Way We Use Information

Commitment To Data Security

Commitment To Children’s Privacy

How You Can Access Or Correct Your Information

Cookie Policy

Changes to Privacy Policy

Service Statement

24/7 Uptime

Licence

Support

Training

Safeguarding Policy

Scope

Purpose

Actions

Legal framework