From 74ae0eb71105e890554b04ce8a7d5bfce950a785 Mon Sep 17 00:00:00 2001 From: MylesJarvis Date: Mon, 29 Apr 2024 16:29:31 +0100 Subject: [PATCH 1/7] Update Ts and Cs --- app/views/pages/terms_and_conditions.html.erb | 13 ++++++++++--- .../on_boarding/profiles/onboarding.html.erb | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index ed2e2ef4d7..1f7ab23e2b 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -163,7 +163,7 @@ By accepting school experience applications through the Service, you agree that:

<% end %> From d7686dab2451841ab37d9cdd271f2e019c8b28a8 Mon Sep 17 00:00:00 2001 From: MylesJarvis Date: Mon, 29 Apr 2024 16:42:33 +0100 Subject: [PATCH 3/7] Add gov uk guidance --- app/views/pages/terms_and_conditions.html.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index 1f7ab23e2b..a0ef15f5ca 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -191,6 +191,9 @@

You shall maintain complete and accurate records to demonstrate your compliance with these Terms and Data Protection Legislation.

+

+ For further information see GOV.UK's <%= link_to 'guidance on data protection for schools', 'https://www.gov.uk/guidance/data-protection-in-schools' %>. +

Access to the Service

We will not be liable if for any reason the Service is unavailable at any time or for any period. From time to time, we may restrict access to all or some parts of the Service to users who have registered with us. From f7661402d38d662957dc4274ce082097d96a8be7 Mon Sep 17 00:00:00 2001 From: MylesJarvis Date: Mon, 29 Apr 2024 16:43:17 +0100 Subject: [PATCH 4/7] Update terms_and_conditions.html.erb --- app/views/pages/terms_and_conditions.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index a0ef15f5ca..843317e614 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -192,7 +192,7 @@ You shall maintain complete and accurate records to demonstrate your compliance with these Terms and Data Protection Legislation.

- For further information see GOV.UK's <%= link_to 'guidance on data protection for schools', 'https://www.gov.uk/guidance/data-protection-in-schools' %>. + For further information see GOV.UK's <%= link_to 'guidance on data protection in schools', 'https://www.gov.uk/guidance/data-protection-in-schools' %>.

Access to the Service

From 2161f5e468b2fe7ab0b76e2318a79bf4dea7b590 Mon Sep 17 00:00:00 2001 From: MylesJarvis Date: Wed, 1 May 2024 11:17:09 +0100 Subject: [PATCH 5/7] Update terms_and_conditions.html.erb --- app/views/pages/terms_and_conditions.html.erb | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index 843317e614..d5571931c0 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -171,15 +171,27 @@

As a school, it's your responsibility to decide if a school experience candidate complies with your DBS and safeguarding policies.

-

Data storage, retention and destruction

+

Data processing, storage, retention and destruction

- You must store shared data securely and have appropriate technical and organisational safeguards in place to protect data against unlawful or unauthorised processing. + The Department for Education is the data controller for the Get School Experience service. +

+ +

+ As a data processor, you must use this data solely for the purposes of and processes required for the + administering school experience placements. +

+

+ You must store shared data securely, in the United Kingdom. Data must not leave the UK without our permission. +

+

+ You must have appropriate technical and organisational safeguards in place to protect data against unlawful or unauthorised processing. You must ensure to ensure that all Personal Data are sufficiently protected against any Personal Data Breach (as defined in Data Protection Legislation) and that the requirements of Article 32 of the UK GDPR are met at all times. Personal data must be kept only as long as needed to carry out activities relating to administering school experience.

-

If you become aware of any Personal Data Breach, or unauthorised processing of data obtained through the service, you must inform us by email at <%= link_to 'organise.school-experience@education.gov.uk', 'mailto:organise.school-experience@education.gov.uk' %> immediately. +

If you become aware of any Personal Data Breach, or unauthorised processing of data obtained through the service, + you must inform us by email at <%= link_to 'organise.school-experience@education.gov.uk', 'mailto:organise.school-experience@education.gov.uk' %> immediately.

- As a processor of data, you must set an appropriate time limit, in line with UK GDPR requirements, for retaining data before erasure or review. + As a data processor, you must set an appropriate time limit determined by the data controller, in line with UK GDPR requirements, for retaining data before erasure or review. We base this on the needs of the department and the law. We keep data for up to 7 years in this instance.

@@ -194,6 +206,11 @@

For further information see GOV.UK's <%= link_to 'guidance on data protection in schools', 'https://www.gov.uk/guidance/data-protection-in-schools' %>.

+

Subject Access Requests

+

+ As a data processor, if you receive a Subject Access Request in relation to the Get school experience service, + you must inform us by email at <%= link_to 'organise.school-experience@education.gov.uk', 'mailto:organise.school-experience@education.gov.uk' %> immediately. +

Access to the Service

We will not be liable if for any reason the Service is unavailable at any time or for any period. From time to time, we may restrict access to all or some parts of the Service to users who have registered with us. @@ -233,7 +250,7 @@ If you continue to use our service after the terms and conditions are updated, you agree to any of the changes we’ve made.

- This version was last updated on 30 April 2024. + This version was last updated on 6 May 2024.

From 307c88f224ee35449b02a50dc355e4d5fbef9ef3 Mon Sep 17 00:00:00 2001 From: MylesJarvis Date: Wed, 1 May 2024 12:11:10 +0100 Subject: [PATCH 6/7] Fixes following feedback --- app/views/pages/terms_and_conditions.html.erb | 30 ++++++++----------- 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index d5571931c0..c6162304bb 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -88,7 +88,7 @@ We do not warrant that the material on this site will be error free, that defects will be corrected, or that this site or the server that makes it available are free of viruses or represent the full functionality, accuracy or reliability of the materials.

- We expressly reserve the right to remove any user from our Service. The Department is not obligated to sharing its reasoning. + We expressly reserve the right to remove any user from our Service. The Department is not obligated to share its reasoning.

We strongly advise against users incurring any expenses. The Department will not reimburse any costs. @@ -98,7 +98,7 @@

  • any action you may take as a result of relying on any information or materials provided on the Service or for any loss or damage suffered by you as a result of you taking such action. This includes, but is not limited to, indirect or consequential loss or damage, or any loss or damages whatsoever arising from, or in connection with, the use of the Service
    • -
  • any dealings you have with third parties (for example, other users or advertisers) that take place using or facilitated by the Service.
    • +
  • any dealings you have with third parties (for example, other users or schools) that take place using or facilitated by the Service.

Validity of these General Terms

@@ -112,13 +112,13 @@

Applying for school experience through Get school experience

The information you provide in your applications must be truthful, complete and accurate. A declaration is included in the application feature on the Service which, when agreed to on submission of an application, is considered valid and binding. - If, following submission of an application, you realise you’ve made an error, you’re responsible for contacting the advertising organisation directly to correct the error. + If, following submission of an application, you realise you’ve made an error, you’re responsible for contacting the school directly to correct the error.

By applying for school experience through the Service, you agree that you must not submit an application that contains:

    -
  • any material that encourages violence or racial or religious hatred or is false, misleading, defamatory, discriminatory, threatening, offensive, abusive, likely to cause someone anxiety or distress, blasphemous, pornographic, in breach of confidence, in breach of privacy, unlawful, harassing, libelous, harmful, vulgar, obscene, or otherwise objectionable
    • +
  • any material that encourages violence or racial or religious hatred or is false, misleading, defamatory, discriminatory, threatening, offensive, abusive, likely to cause someone anxiety or distress, blasphemous, pornographic, in breach of confidence, in breach of privacy, unlawful, harassing, libellous, harmful, vulgar, obscene, or otherwise objectionable
  • offensive or inappropriate language, including but not limited to profanities or language pejorative of any group, such as racist, sexist or homophobic comments
  • material that infringes any intellectual property rights, such as copyright and trademarks (this means generally that you must own the rights in everything you submit or must obtain permission from the rights owner to submit the material)
  • material that's technically harmful (including, but not limited to, computer viruses, logic bombs, Trojans, worms, harmful components, corrupted data or other malicious software or harmful data)
    • @@ -128,9 +128,6 @@

    Users must be approved before they're able to publish or manage school profiles and school experience applications for a school.

    -

    - If you're the first user who is creating a school profile (referred to as ‘onboarding’), this will be done through DfE support channels. -

    Once the first user has been onboarded to a school, this user can add subsequent users to the school account.

    @@ -141,7 +138,8 @@ Users must not allow third parties to publish or manage school experience dates on behalf of their school.

    - If the Get School Experience team detects, or is alerted to, any usage of an account by third parties that user account will be deleted immediately and the user will no longer have access to publish or manage school experience dates for that school. + If the Get school experience team detects, or is alerted to, any usage of an account by third parties, + that user account will be deleted immediately and the user will no longer have access to the Service.

    Unacceptable use

    School experience listings

    @@ -173,7 +171,7 @@

    Data processing, storage, retention and destruction

    - The Department for Education is the data controller for the Get School Experience service. + The Department for Education is the data controller for the Get school experience service.

    @@ -181,7 +179,7 @@ administering school experience placements.

    - You must store shared data securely, in the United Kingdom. Data must not leave the UK without our permission. + You must store shared data securely in the United Kingdom. Data must not leave the UK without our permission.

    You must have appropriate technical and organisational safeguards in place to protect data against unlawful or unauthorised processing. @@ -204,14 +202,14 @@ You shall maintain complete and accurate records to demonstrate your compliance with these Terms and Data Protection Legislation.

    - For further information see GOV.UK's <%= link_to 'guidance on data protection in schools', 'https://www.gov.uk/guidance/data-protection-in-schools' %>. + For further information see GOV.UK's <%= link_to 'guidance on data protection in schools (opens in a new tab)', 'https://www.gov.uk/guidance/data-protection-in-schools', target: "_blank" %>.

    Subject Access Requests

    As a data processor, if you receive a Subject Access Request in relation to the Get school experience service, you must inform us by email at <%= link_to 'organise.school-experience@education.gov.uk', 'mailto:organise.school-experience@education.gov.uk' %> immediately.

    -

    Access to the Service

    +

    Access to the Service

    We will not be liable if for any reason the Service is unavailable at any time or for any period. From time to time, we may restrict access to all or some parts of the Service to users who have registered with us.

    @@ -224,18 +222,14 @@

    We retain the right to withdraw, without notice, school experience listings that breach these terms and to withdraw the access of users who breach them.

    -

    Listing data

    -

    - Data ownership: schools have sole responsibility for maintaining the accuracy and appropriateness of the data contained in their listings. -

    -

    Department for Education (DfE) responsibility

    +

    Department for Education (DfE) responsibility

    The DfE does not make any decisions on individual applications.

    The DfE does not investigate complaints about individual applications.

    -

    Other policies

    +

    Complaints and privacy notice

    You can <%= link_to 'make a complaint', 'https://form.education.gov.uk/service/Contact_the_Department_for_Education' %> or <%= link_to 'give feedback about this service', 'https://schoolexperience.education.gov.uk/candidates/feedbacks/new' %>.

    From 725eaf3746be925fbe891edec65f1723c2187e3c Mon Sep 17 00:00:00 2001 From: MylesJarvis Date: Wed, 1 May 2024 12:11:35 +0100 Subject: [PATCH 7/7] Update terms_and_conditions.html.erb --- app/views/pages/terms_and_conditions.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/pages/terms_and_conditions.html.erb b/app/views/pages/terms_and_conditions.html.erb index c6162304bb..9ffa7f5974 100644 --- a/app/views/pages/terms_and_conditions.html.erb +++ b/app/views/pages/terms_and_conditions.html.erb @@ -229,7 +229,7 @@

    The DfE does not investigate complaints about individual applications.

    -

    Complaints and privacy notice

    +

    Complaints, feedback and privacy notice

    You can <%= link_to 'make a complaint', 'https://form.education.gov.uk/service/Contact_the_Department_for_Education' %> or <%= link_to 'give feedback about this service', 'https://schoolexperience.education.gov.uk/candidates/feedbacks/new' %>.