If you have any questions regarding this privacy statement, please direct your questions to our Data Protection Officer at [email protected]
For the purposes of this policy:
- “OneDotAll” shall mean https://app.onedotall.com and its infrastructure
- “OneDotAll Website” shall mean onedotall.com
- “OneDotAll Company”, “We” and “Us” shall mean ONEDOTALL LTD, registered to C/O Cloch Solicitors, 94 Hope St, Glasgow, United Kingdom, G2 6PH
- “UoE Company” shall mean Universe of Engineering LTD, a company, registered to 2nd Floor Ams Tower, Ams Technology Park, Billington Road, Burnley, Lancashire, England, BB11 5UB)
- “You”, “Your” and “User” shall mean any person who creates an account on OneDotAll or uses the OneDotAll Website
- “OneDotAll Services” shall mean any products, documentation, resources, OneDotAll, OneDotAll website, and any Intellectual Property
Your rights under the General Data Protection Regulation (GDPR) are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
More information on your rights under GDPR, as an individual, can be found on the ICO website, here.
As a visitor, you do not have to submit any personal data to use our website.
In running and maintaining our website we may collect and process the following data about you:
- Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data, but does not include personal data
- Information provided voluntarily by you, for example, when you submit a ‘get involved’ form
- Information that you provide when you communicate with us by any means
When completing any of the activity in point 2 or 3 above, you have the choice to ask us to remove the data by emailing [email protected]
In providing our service to you we may collect and process the following data about you:
- Information about your use of OneDotAll including details of your visits such as pages viewed and the areas that you access. Such information includes traffic data, location data and other communication data, but does not include personal data
- Information provided voluntarily by you within OneDotAll. For example, when you open an account to access OneDotAll, any data that you subsequently add to OneDotAll for your use within OneDotAll
- Student information provided by teachers/school administrators will include their first and last names, gender and class(es). It is imperative that teachers/school administrators gather the appropriate consent before using this information within OneDotAll. For more information on consent see the ‘Lawful basis for processing & consent’ section, below.
- Information that you provide when you communicate with us by any means, including the feedback form within OneDotAll
You have the right not to provide us with your personal data, but this may result in you not being able to access the services fully or having your account closed.
When completing any of the activity in points 2, 3 or 4 above, you have the choice to ask us to remove the data by emailing [email protected], or by requesting data deletion via the My Account area of OneDotAll: https://app.onedotall.com/Account/ManageData
Lawful basis for processing
We process your personal data only when we have a lawful basis. Currently, we use the Performance of Contract (i.e. to deliver services to our users) and consent as lawful bases for collecting and processing data. For certain processing (usually related to our internal administration and functions, as well as supporting our services) we may also use legitimate interests as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Information collected from the website and stored by us is for the purpose of operating our website, improving user experiences, understanding the use of our websites, and responding to and acting upon the task for which the data was provided. We rely on our legitimate interests to process this data, unless you have an account with us for our services where we usually relay on having a contract with you.
Information collected within OneDotAll and stored is for the purpose of providing our services to you, managing the account and otherwise acting upon the task for which that date was provided. We rely on having a contract with you in order to process this data, though we also rely on our legitimate interests relating to providing the services and operating our business.
Within OneDotAll we provide information tooltips, at point of collection, to explain the purpose of collecting specific personal information. Should you have any questions relating to the lawful basis of collecting this information, please contact us by emailing [email protected]
Here is an overview of what information we collect, and why we collect it.
Account information – Performance of Contract
- First Name – So our support team know what to call you
- Last Name – So we can tell you apart from other users, and so our support team know what to call you
- Email – So we can contact you about your account with us
- Password – To keep your account and personal details secure (this is encrypted and not visible to other OneDotAll users)
Student information Performance of contract if you have an account with us. If you share information as a teacher on behalf of a student- we rely on you having obtained the students consent for sharing this data with us. Please do not share any data without appropriate consent.
- Unique Identifier – To allow students to retain their progress records within OneDotAll
- First Name – To allow teachers to easily identify their students within OneDotAll
- Last Name – To allow teachers to easily identify their students within OneDotAll
- Gender – To allow us to conduct research about gender and education
- Class(es) – To allow teachers to fully utilise the project and assessment features within OneDotAll
When creating a OneDotAll account or entering any information into OneDotAll it is the responsibility of the user to ensure that you have lawful basis to share personal data with OneDotAll.
Consent for using student information within OneDotAll must be gathered in writing, from the parent (if the child is under the age of 13 in England, or 12 in Scotland) or from the child themselves (if the child is over the age of 13 in England, or 12 in Scotland).
When providing student information within OneDotAll, users are asked to confirm you have the appropriate level of consent and, additionally, provide us with a written explanation of how this consent was gathered. We may request evidence of this consent at our discretion.
When sharing project content with other OneDotAll users via our project marketplace, users are responsible for ensuring that no personal data is included in this project content.
Consent is requested before processing information further via our opt-in tick box when you give you consent to us for contacting you for marketing purposes.
To ensure data accuracy you will be able to amend some personal details within OneDotAll.
Your own data:
- First Name
- Last Name
- Email Address
- Account Password
Your students’ data:
- Class, year group and academic year
- Details of which students are involved in which projects
We understand that you may want to retain the same account for a long time, so occasional reminders are sent via email to prompt you to check and update personal details if no updates have been made within a year.
We do our utmost to ensure that all reasonable steps are taken to make sure that your data is treated and stored securely.
Whilst we hold it, your information is:
- Safely stored within the UK
- Securely held in the cloud, using Microsoft Azure
- Secured by Encryption at Rest – Encryption at Rest is the encoding (encryption) of data for protection. Data in Microsoft Azure is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
- Stored by an iso270001 certified provider
The access of our software development team, Bad Dinosaur, is limited through a username, password and IP address verification. This means that access is limited to their team and can only be gained from the Bad Dinosaur office location. Physical security policies are also in place.
All data transferred between physical locations is transferred securely using encryption as detailed in the Data Storage section above. We do not transfer any data outside of the UK.
Every care is taken to protect personal data from incidents (either accidentally or deliberately) to avoid a data protection breach. In this policy data security breaches include both confirmed and suspected incidents.
In the event of a breach ODA must make a report of the breach to our relevant supervisory authority (the Data Protection Commissioner) within 72 hours of the breach being discovered. We will then take appropriate action and inform any customers affected.
Data Retention and Deletion
How long we keep information we collect about you depends on the type of information, as described in further detail above. After 2 years, we will either delete or anonymise your information. Data is retained for no longer than is necessary for its purpose, following which data is deleted securely.
Account information: We retain your account information for a period of 2 years from last log in date. Once this period has elapsed your account will become an ‘archived user’ and your personal data will be deleted. You will be alerted 6 months in advance of this happening.
Information you share on the Services: We retain your shared information for a period of 2 years from last log in date. Once this period has elapsed your shared information will be anonymised. You will be alerted 6 months in advance of this happening.
Personal data teachers provide about your students: We retain any personal information you share about your students for a period of 2 years from the point of data entry. Once this period has elapsed this information will be deleted. You will be alerted 6 months in advance of this happening.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information, by contacting [email protected]
Access to information
To request access or removal of information we may hold, please use one of the following methods to contact our data protection officer:
Telephone: 01282 417333
Email: [email protected]
Post: ONEDOTALL LTD, AMS Office Tower, Billington Road, Burnley. BB11 5UB
You can also make a request to access or remove information we may hold from within the ‘My Account’ area of OneDotAll: https://app.onedotall.com/Account/ManageData
All requests will be processed within 28 days.
What communications will I receive?
If you have created an account and are active on OneDotAll, you will receive notifications relating to actions taken by or affecting your account. You can manage your notification preferences by visiting the ‘My Account’ section of OneDotAll
Should you submit the ‘get involved’ form you will receive communications from us replying to your enquiry.
If you opt in to marketing (via checkbox) when creating an account with OneDotAll you may get occasional updates informing you of our latest updates, exclusive offers and information relevant to you. We always treat your personal details with utmost care and we will never share your information with any third parties. Please note that you may opt out of marketing communications at any time by clicking the ‘unsubscribe’ link at the bottom of any marketing email, or by sending us a request to opt out to [email protected].
If you are not happy for your data being used this way, please contact us at [email protected]
Disclosure of information to third parties
- To allow our software development team (Bad Dinosaur) to assist you with support queries relating to your OneDotAll account
- To allow us to use Mailchimp for our GDPR forms with double opt-in settings to allow for additional evidence of consent. We also use Mailchimp so we are alerted when you opt in to receive any marketing from us. Your personal user information is only sent to Mailchimp when you opt in to receiving marketing from us. Details of their GDPR compliance can be found here
- To allow us to use user experience tracking with OneDotAll, provided by Hotjar, to allow us to analyse user behaviour. No identifiable personal user information is shared with Hotjar. Details of their GDPR compliance can be found here
- Data sharing with our sub-contractor; Primary Engineer. We subcontract to Primary Engineer for staffing support in marketing, administration, first line technical support, IT support and product management.
- Data sharing with our subcontracted Data Protection Officer
- In the event that we sell any or all of our business to a buyer
- To further fraud protection and reduce the risk of fraud
Where appropriate, personal information may be disclosed to law enforcement, regulatory or other government agencies, or third parties, where necessary or desirable to comply with legal or regulatory obligations or requests or for the purposes identified above.
Third party links
Use of third party services and analytics
We use Google Analytics tracking within OneDotAll, to allow us to analyse user behaviour. No identifiable personal user information is shared with Google Analytics.
To ensure that our users are not exposed to abusive content we use an Application Programming Interface (API) which filters out any abusive imagery. This service is provided by Google Vision. No identifiable personal user information is shared in the use of this API. Details of Google Vision’s GDPR compliance can be found here.
We use Google reCAPTCHA to protect OneDotAll from spam or abuse, reCAPTCHA allows humans to login to OneDotAll with ease and makes it hard for robots or any other malicious software. No identifiable personal user information is shared with Google reCAPTCHA. Details of their GDPR compliance can be found here
Cookies provide information regarding the computer used by a visitor.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever
You can adjust the settings on your computer to decline any cookies if you wish. This can easily be done by activating the reject cookies setting on your computer.
Email: [email protected]
Postal address: ONEDOTALL LTD, AMS Office Tower, Billington Road, Burnley, Lancashire, BB11 5UB
Phone: 01282 417333