Draft Contract for the Tapestry Online Learning journal · Draft Contract for the Tapestry Online Learning journal Foundation Stage Forum Ltd 5 January12 March 2018 A note on this

ThisisanautomaticallygeneratedmarkedupcopyofthedifferencesbetweentheTapestryOnlineLearningJournaldraftcontractof5January2018andtheseconddraftof12March2018.Itisn’tperfect(e.g.,changestonumberingappeartobetrackedinconsistently)forwhichwearesorry,butwehopeithelps.

Draft Contract for the Tapestry Online Learning journal

FoundationStageForumLtd

5January12March2018

A note on this draft ThisisanearlyanearfinaldraftofanewcontractbetweentheFoundationStageForumLtdandourcustomerswhouseTapestry.Ifyouhavereadapreviousdraft,youcanseealistofchangesattheendofthisdocument,oraWordversionwith“TrackChanges”athttps://tapestry.info/draft-contract.

Wearen’ttryingtochangeanythingfundamentalaboutourrelationshipandwhatwedoforyou.Butwearetryingto:

1. Improvetheclarityofthecontract.2.1. Makeitunambiguouslyclearhowweworktogethertoensurewearecompliantwith

theforthcomingchangestodataprotectionlawintheEU(knownastheGDPR).

Thisisnotthefinalcontract.Itisadraftandwewouldlikeyourfeedbackinordertomakeitbetterforallourcustomers.Pleasesendyourthoughtstocontract-feedback@eyfs.info.contract-feedback@eyfs.info.

ThegoalistoagreeanupdatedhaveafinalcontractbytheendofMarch2018andagreeitwithallourcustomersbytheendofMarch2017April2018.

Your contract with us for the use of Tapestry 1. WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwith

companynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.

2.1. Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.

What you get 3. Thiscontractisfora12monthsubscriptiontoTapestry,ouronlinelearningjournal,

togetherwith:– Ourtutorials– EmailsupportduringUKbusinesshours

– Accesstothehttps://eyfs.infohttps://eyfs.infodiscussionforum

What you do not get 4. Wedonotprovidetelephoneorfacetofacesupport.However,atourdiscretion,we

mayoffertocallyouifwewefeelaquerycouldbebetterresolvedoverthephone.Wealsodoofferbookabletelephonesupportsessionsforafee.

5.4. WedonotprovidedirectsupporttoanyrelativesthatyouaddtoTapestry.Iftheycontactus,wewillusuallydirectthembacktoyou.Wedothisbecauseitisdifficultforustoknowwhethertheirrequestsareauthorisedbyyou.

6.4. WedoourbesttoprovideTapestryatalltimes(seeourAnnexB:TapestrySecurity),butwecannotguaranteethis.

Tapestry, our online learning journal 7. YoumustbetheDataControlleroftheinformationthatyouenterintoTapestry(as

youareforyourpaperrecords),);wewillbetheDataProcessor.Ifyoudon’tknowwhatthosetermsmean,itisessentialthatyoufindout.Astartingpointforfindingoutishttps://ico.org.uk.https://ico.org.uk.

8.7. Youagreewithourapproachtodataprotection,privacyandsecurityandtodoyourpart.Wedescribeourapproachandwhatweexpectofyouintheselinkedannexes:– AnnexA:TapestryDataProtection– AnnexB:TapestrySecurity– AnnexC:TapestryPrivacy

9.7. Youagreetoourcurrentsub-processors:– AnnexD:TapestrySub-processors

7. WearecompliantwithUKdataprotectionlegislation(sometimesreferredtoasthe‘GDPR’).

8. ThiscontractcontainsthetermsrequiredforadataprocessingagreementunderUKdataprotectionlegislation.

10.9. WewillhelpyoutocomplywithyourdutiesunderUKdataprotectionlegislation.Inmostcasesyoucanusethetoolsweprovide.Ifyouaskusforextrahelpincomplyingwewillgiveittoyou,butwemaychargeyouourcostsinhelping.MoredetailisprovidedinAnnexA:TapestryDataProtection.

11.7. IfyouwishtoauditusunderUKdataprotectionlegislation,youmaydoso,butwemaychargeyouourcostsinparticipatinginyouraudit.

Our tutorials 12.14. Youmaycopy,store,shareandadaptourtutorialsforthepurposeofmakingbetter

useofTapestry.

Our Billing and Support System 13.15. Ifyoucontactusbyemailorthroughourwebsitesthenwewillstoreandprocess

theinformationyouprovideinourbillingandsupportsystem.UnlikethedatayouenterintoTapestry,wearetheDataControllerforinformationinourbillingand

supportsystem.WedescribehowweusethatdatainAnnexE:Billingandsupportdata.

Our Discussion Forum 14.16. Youdonotneedtouseourdiscussionforum.Butifyouchooseto,thenyouagreeto

theconditionssetoutinAnnexF:Useofourdiscussionforum.

Fees 15.17. YoumustpayourfeeinfullbeforewewillstartyourTapestrysubscription16.17. Ourfee,assetoutonourwebsite,isbasedonthemaximumnumberofchildrenyou

wishtohaveinyourTapestryaccountduringthe12monthsubscription.17. Youcanaddorremoveindividualchildrenthroughouttheyearsolongasthe

maximumnumberofchildrenisnotexceededatanyonemoment.18.17. Ifyouhavenotpaidyourfeeinfullthen:• wemaynotprovideaccesstoTapestry.• after90days,wewilldeletethedatathatyouhaveenteredintoTapestry.19.21. Ifyouwishtoincreasethemaximumnumberofchildrenyoucanhaveinyour

Tapestryaccountduringthe12monthsubscriptionthenwewillchargeyouthedifferencebetweenwhatyouhavepaidandthecurrentfeeforanaccountwiththeincreasednumberofchildren.Thiswillnotextendyoursubscription.

20.21. YoumustpayusUKPoundsSterlingincludinganyapplicableVAT.Ifyouchoosetopaybybanktransferyoumustbearallcurrencyconversionandbanktransfercosts.

Termination 21.23. YoucanstopusingTapestryatanytimeandaskustoreturnand/ordeletethedata

youhaveenteredintoTapestry,butwewillnotrefundanyfeesthatyouhavepaidunless:– YouarewithinthefirstmonthofyourTapestrysubscription– Wemateriallychangethiscontracttoyourdetriment

22.23. Wemay,afterdiscussingthesituationwithyou,stopprovidingyouwithTapestryifyou:– misuseoursystemsor– createanunreasonableloadonoursystemsor– causeusunreasonablecostsor– abuseourstaffor– breachthiscontract.

Changes and disputes 23.25. Ifsomethinggoeswrong,unlessotherwiserequiredbylaw,ourtotalliabilityto

youeachotherislimitedtotheannualfeethatyouhavepaidusforTapestry.25. OneexampleofwherethelawrequiresdifferentliabilityisinbreachesofUKdata

protectionlaw.Wecanbothbeinvestigatedandfinedbytherelevantsupervisoryauthoritiesandwebothmaybeliabletopaycompensationfordamagescausedby

breachingthislaw.Ifitlaterturnsoutthatoneorotherofuswasn’tresponsibleforthebreach,thenwecanclaimbacktheshareofliabilityfromtheresponsibleparty.

24.26. OurcontractwithyouisunderEnglishlawandanydisputewillbesettledbyanEnglishcourt.

25. Thisdocument,togetherwithitsannexesareourentirecontractwithyou.Ifyouwanttovarythiscontract,oraddadditionalterms,thentherewillneedtobewrittenandexplicitagreementbetweenyouandoneofourcompanydirectors.Tokeepourcostsandpricesdown,werarelydothis.Inparticular,unlessexplicitlyagreedtobyoneofourcompanydirectors,wedonotacceptanystandardpurchasingtermsandconditionsthatyoumayusuallyapply.

26.25. Wemaychangethiscontract,butwillgiveyoureasonablewarning.

Annex A: Tapestry Data Protection WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwithcompanynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.

Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.

ThisAnnexrelatestotheuseofTapestry,ouronlinelearningjournal.AnnexErelatestodatainourbillingandsupportsystem.AnnexFrelatestodatainourdiscussionforum.

WeneedtoworktogethertoensurewearecompliantwithdataprotectionregulationswhenusingTapestry.

Thisannexshouldbereadinconjunctionwithouroverallcontractand,inparticular,AnnexBwhichexplainingourapproachtosecurityandAnnexDwhichlistsoursubprocessors.

Our jurisdiction WeareheadquarteredintheUK.ThiscontractisunderUKlaw.

OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).(https://ico.org.uk).

Where is data stored? OurprocessingandstorageofyourdatahappenswithintheEU.

TheprimaryprocessingandstoragelocationisinIreland.

OuroffsitebackupsarestoredinGermany.

OurofficeisintheUK.

Fortheavoidanceofdoubt:Thestoragelocationispartofyourcontractwithus.Ifwewishedtochangewhereyourdataisstored,wewouldneedtochangethiscontract,andcontractchangesalwaysrequireagreementfrombothyouandus.

Toprovidealittlemoredetail:

• AlmostallstorageandprocessingiscarriedoutoncomputersandnetworksprovidedbyAmazonWebServices(AWS)asub-processorwhowelistinAnnexD.WeinstructthemtoonlystoredataoncomputersintheirdatacentreslocatedinIreland(fortheprimarysystem)andGermany(forthebackupsystem).Theyarecontractuallyboundnottomovedataelsewherewithoutourpermission.

• Theexceptionsare:– Onveryrareoccasions,andsubjecttostrictsafeguards,wemaystoreand

processsomedatalocallyinourofficesinordertodiagnoseorfixabug.OntheseoccasionsdatawillbestoredandprocessedinLewesintheUK.Someofthesafeguardsare:weonlydoitwhenwehaveto–itisneverroutine;westoretheminimumpossibleamountofdatalocally;weonlystoreitonencryptedsecuremachines;wedeleteitassoonaspossible.

– ViewingyourTapestryaccountinawebbrowsermay,technically,countasdataprocessing.ThereforeifoneofthepeopleyougiveaccesstoyourTapestryaccountlogsinfromanothercountrythatmay,technically,countasdataprocessinginthatcountry.

What data is placed into Tapestry? YouareincontrolofthedatayouputintoTapestry.Youchoosewhattoadd,youchoosewhatisdonewithitandwhoitissharedwith.Youcanalwaysaccess,correctanddeletethedata.

WhenyouuseTapestry:

1. Youenterdataaboutthechildreninyourcare,theirprogressandtheirwelfare.Youchoosewhichchildrenandwhatdata.

2.1. Youcan,optionally,analyseandmonitorthechildren’sprogressandwelfare.3.1. Youcan,optionally,sharethedataaboutthechildrenwithothersthatyouchoose,

suchasachild’srelatives.4.1. Youcanaddtextand,optionally,picturesandvideos.5.1. Youcanchoosewhenandwhatdatatodelete.6.1. Youcancorrectanydatathatyouenter.

ThisisdescribedinmoredetailinAnnexC:TapestryPrivacy.

Who is responsible for what? Thefirstthingtoagreeisthat:

1. Youarethedatacontrollerfordatayou,orthepeopleyougiveaccess,addtoTapestry.

2.1. Wearethedataprocessor.

Ifyoudon’tknowwhatthosetermsmean,itisessentialthatyoufindout.Astartingpointforfindingoutishttps://ico.org.uk.https://ico.org.uk.

Youmust:

• HavealawfulbasisforenteringdataintoTapestry.• UseTapestryinawaythatiscompliantwithdataprotectionlaw.• Respondtodataprotectionrequests.• KeepyourcontactdetailsonTapestryuptodate.

Wemust:

• Onlyprocessdataonyourinstructions.• Ensurethatpeopleweusetoprocessyourdataaresubjecttoadutyofconfidence.• Takeappropriatemeasurestoensurethesecurityofourprocessing.• Onlyengagesub-processorswithyourpriorconsent.writtenconsent(seeAnnexD).• Assistyouinprovidingsubjectaccessandallowingdatasubjectstoexercisetheir

rightsunderdataprotectionlaw.• Assistyouinmeetingyourlegaldataprotectionobligationsinrelationto:

– thesecurityofprocessing.– thenotificationofpersonaldatabreaches.– anddataprotectionimpactassessments.

• Deleteorreturnallpersonaldatatoyouasrequestedattheendofthecontract.• Submittoyourauditsandinspections.• Provideyouwiththeinformationtomeetyourlegalobligations.• Tellyouifwebecomeawareofadatabreach• Tellyouimmediatelyifweareaskedtodosomethinginfringingdataprotectionlaw.

What we expect of you

You must have a lawful basis for putting data into Tapestry

WerelyonyoutoensureyouhavealawfulbasisforputtingdataintoTapestry.Ifyouhaven’tworkedoutwhatyourlawfulbasisis,pleasedosoimmediately.Onceagain,theUKInformationCommissionersOffice,https://ico.org.uk,https://ico.org.uk,isagoodstartingpoint.

Pleasedon’tleaptoassumingconsentistheonlylawfulbasisforyou,butcarefullyconsiderthesixpossiblebasesdescribedinlawandworkoutwhichisright,givenwhatyouintendtostoreinTapestryandhowyouintendtouseandshareit.

Ifyouarerelyingonconsentasyourlawfulbasis,thenwerelyonyoutohavegainedtheconsentforwhateverdatayouintendtoputonTapestryandtoremovedataifconsentislaterwithdrawn.

You must use Tapestry in a way that is compliant with data protection law

AsthecontrollerofthedatayouputinTapestry,youmustcomplywithdataprotectionlaw.Thisincludesensuringthatthedatais:

1. Processedlawfully,fairlyandinatransparentmannerinrelationtoindividuals.2.1. Collectedforspecified,explicitandlegitimatepurposesandnotfurtherprocessedina

mannerthatisincompatiblewiththosepurposes;furtherprocessingforarchivingpurposesinthepublicinterest,scientificorhistoricalresearchpurposesorstatisticalpurposesshallnotbeconsideredtobeincompatiblewiththeinitialpurposes.

3.1. Adequate,relevantandlimitedtowhatisnecessaryinrelationtothepurposesforwhichtheyareprocessed.

4.1. Accurateand,wherenecessary,keptuptodate;everyreasonablestepmustbetakentoensurethatpersonaldatathatareinaccurate,havingregardtothepurposesforwhichtheyareprocessed,areerasedorrectifiedwithoutdelay.

5.1. Keptinaformwhichpermitsidentificationofdatasubjectsfornolongerthanisnecessaryforthepurposesforwhichthepersonaldataareprocessed;personaldatamaybestoredforlongerperiodsinsofarasthepersonaldatawillbeprocessedsolelyforarchivingpurposesinthepublicinterest,scientificorhistoricalresearchpurposesorstatisticalpurposessubjecttoimplementationoftheappropriatetechnicalandorganisationalmeasuresrequiredbytheGDPRinordertosafeguardtherightsandfreedomsofindividuals.

6.1. Processedinamannerthatensuresappropriatesecurityofthepersonaldata,includingprotectionagainstunauthorisedorunlawfulprocessingandagainstaccidentalloss,destructionordamage,usingappropriatetechnicalororganisationalmeasures.

Source:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/

Source:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/principles/

Wewilldoourpartinhelpingyoutocomply(describedbelow).

You must respond to data protection requests

UsingTapestrynormallyinvolvesprocessingdataaboutpeople(children,possiblystaff,possiblyrelatives).Thosepeoplehaverightsunderdataprotectionlaw,including:

1. Therighttobeinformed2.1. Therightofaccess3.1. Therighttorectification4.1. Therighttoerasure5.1. Therighttorestrictprocessing6.1. Therighttodataportability7.1. Therighttoobject

8.1. Rightsinrelationtoautomateddecisionmakingandprofiling

Source:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/

Source:https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/

Youareresponsibleforrespondingtothoserequests.Wehavedesignedoursystemtohelpyoutorespond.

The right to be informed

Inparticular,pleaseensureyouproactivelydealtwiththe“righttobeinformed”–youmustnotwaitforpeopletoaskyou.

TheUKInformationCommissioner’sOfficehasadviceonthis:https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/.

Youmaywishtouseour‘AnnexC:TapestryPrivacy’asastartingpointforinformingyourstaffandtherelativesandchildrenwhosedatayouaddtoTapestry.Butyouwillprobablyneedtoadaptittocover:yourcontactdetails,yourlawfulbasisforaddingdata,whoyouintendtosharethedatawithandwhyandwhenyouintendtodeletethedata.Sincethenewdataprotectionlawcoversalldata,whetheritisoncomputeroronpaper,youmaywishtoincorporatethisintoasinglewiderdocumentthatcoversallthedatayouprocess.

You must keep your contact details on Tapestry up to date

YoumustkeepyourcontactdetailsuptodatewithinTapestry.Weusetheseto:

1. Contactyou2.1. Verifythatinstructionswereceivecomefromyou

Iftheyarenotuptodate,youmaynotreceiveourmessages.

Inparticular,wesometimesreceiverequestsfromcustomersstatingthattheonlymanagerregisteredonaschool,childminderornursery’sTapestryaccounthasleft,andrequestingthattheownershipbetransferredtoanewperson.Inordertoverifythattherequestislegitimatewehavetotakeseveralsteps.Evenifthesestepsaresuccessful,theymaymeanadelayofweeksduringwhichtimeTapestrymaynotbeaccessiblebyyou.Toavoidthis,pleaseensureyouupdatecontactdetailsbeforeamanagerdepartsand,ideally,alwaysregistermorethanonemanagerontheTapestrysystem.

What you can expect of us

We will only process data on your instructions

Tapestryonlydoeswhatyoutellit.Wedonotdoanyprocessingthatyoudonottellustodo.

Tobeabsolutelyclear:wedon’townlicenseorclaimownershipofyourdata;wedon’tsellyourdata;wedon’tuseyourdataforadvertising;wedon’tpassonyourdataexceptwhenyouinstructusto.

YoucanadduserstoTapestrywhocanthenalsoinstructTapestry.Youcanadjustwhatdatathoseusersseeandwhattheycandowiththedata.

PeoplewhosedatayouhaveaddedtoTapestryhavearighttorestrictprocessing.Ifyouhavebeentoldbysomeonetorestrictprocessingofsomeone’stheirdata,thenyouareresponsiblefornotusingTapestrytodoanyfurtherprocessingofthatperson’sdata.YouareresponsibleforensuringanyusersthatyouhaveaddedtoTapestrydonofurtherprocessing.TheeasiestwaytodothatistouseTapestrytomarkthechildoruserasinactive.

Who can instruct us

WeprefertoacceptinstructionsthroughtheTapestrywebinterfaceorapps.Thisinterfacehasoptionsforauthorisingdifferentusersandgivingthemdifferentlevelsofpermissionaboutwhattheycaninstructustodo.

Wemayalsoacceptinstructionsthroughoursupportticketsystemorbyemailiftheycomefrom:

• SomeonewhowehaveverifiedisregisteredontherelevantTapestryaccountwiththestatusofa‘manager’.

• Someonewhowehaveverifiedisanappropriaterepresentativeoftheaccountowner(e.g.,theheadorbursarofaschool,orthedirectorormanagerofanursery).

Dependingonthenatureoftheinstructionandtheroutebywhichwereceivetheinstruction,wemayneedtotakeextrastepstoverifythattheinstructionislegitimate.Thismayleadtoadelayinuscarryingouttheinstruction.

We will ensure that people we use to process your data are subject to a duty of confidence

Ourstaffwhoprocessyourdataare:

1. Contractuallyboundtokeepyourdataconfidential.2.1. Vettedbyus.ThisincludesaDBScheck,whichisupdatedannually.

We will take appropriate measures to ensure the security of our processing

ThemeasureswetakearedescribedinAnnexB.

WehavestartedtheprocessofbecomingcertifiedasISO27001compliant.Whenwehavebecomecertifiedwewillupdatethiscontracttoconfirmthatweare.

We will engage sub-processors only with your prior consent

Weusesub-processorsinawaythatiscompliantwithUKdataprotectionlaw.Oursub-processors,andwhattheydo,andourprocessforseekingyouragreementtoanychangesaredescribedinAnnexD.Wewillemailyouinadvanceofanychangestogiveyoutimetoobject.

Anysub-processorsweusearealwaysunderawrittencontractandarealwaysboundtokeepyourdataconfidential.

We will assist you in providing subject access and allowing data subjects to exercise their rights under data protection law

YoucandownloadalltheinformationthathasbeenenteredintoTapestry.

[NOTYETIMPLEMENTED:WeprovideasectioninthecontrolpanelwhereyoucandownloadasinglefilethatbringstogetheralltheinformationTapestryholdsaboutaparticularchildoraparticularuser.]

YoucancorrectalltheinformationthathasbeenenteredintoTapestry.

YoucandeletealltheinformationthatyouhaveenteredintoTapestry.

We will assist you in meeting your legal data protection obligations

The security of processing

WedescribeourcurrentsecurityapproachinAnnexB.

IfyoubelievethatthereissomethingthatshouldbedescribedinAnnexBbutisnot,pleaseletusknow.

Ifyouwishustodescribeoursecurityinaparticularway(suchasbyfillingoutformsforyou)thenwemaypassonourcostsindoingso.

Wedonotusuallyimplementbespokesecuritymeasures.However,wearealwaysinterestedinimprovingourservice,sopleasedoletusknowofanythingthatyouwouldliketosee.

Notification of personal data breaches

Ifwebecomeawareof,orsuspect,adatabreach,wewilltellyouwithoutunduedelay.Ifyoubecomeawareof,orsuspect,abreach,pleasetellusassoonasyoucan.

Ifthereisapersonaldatabreach,wewill:

1. Helpyoutopreventfurtherbreaches(e.g.,ifsomeonehasstolenacomputerusedbyyoutologintoTapestry,andyouareconcernedthatyourTapestrypasswordwasstoredonthatcomputer,wecandisabletherelevantaccountsandchangetherelevantpasswords).

1.2. Helpyoutoworkoutwhohasbeenaffected.2.1. Helpyoutoworkoutwhatdatamayhavebeenbreached.3.1. Helpyoutodeterminethecauseofthebreach.4.1. HelpyouinyourdealingwiththeInformationCommissionersOffice.

TheInformationCommissionersOfficerequirenotificationyoutonotifythemofanydatabreachthatis“likelytoresultinarisktotherightsandfreedomsofindividuals”within72hoursofyouorusbecomingawareofit.Wewillprioritiseourworktohelpyoutomeetthatdeadline.

Ifyouwishustogofurtherthanthat,wewilldoourbestbutmayhavetopassonourcostsinhelpingyou.

Data protection impact assessments

Wecannotcarryoutadataprotectionimpactassessmentforyou,becausewedonotknowwhatdatayouintendtoplaceinTapestry.

[NOTYETIMPLEMENTEDWedoprovidesomeexampledocumentsonrisksthatyoucancustomisewhencarryingoutyourownassessments.]

Ifyouwishustogofurtherthanthat,wewilldoourbestbutmayhavetopassonourcostsinhelpingyou.

We will delete or return all personal data to you as requested at the end of the contract

Youcandeletedataatanytime.Youcandownloaddataatanytime.

Attheendofthecontractourstandardpracticeistodeleteyourdatafromoursystemsafter90days.Thedatawillbedeletedfromourbackupsystems90daysafteritisdeletedfromoursystems.Wearehappytodeleteyourdatasoonerifyouaskusto.

Wearehappytoreturnyourdatatoyouatanytime.Ifyouwantyourdatainaparticularformat,wewilldoourbest,butmayhavetopassonourcostsinprovidingittoyouinthatformat.

Wewillnotdeletedataifwearerequiredbylawtokeepit(forinstance,foranongoingpoliceordataprotectioninvestigation).

We will submit to your audits and inspections

WeprovideourapproachtosecurityinAnnexBforyoutoaudit.

WehavestartedtheprocessofbecomingISO27001certified.Whenwehavedoneso,wewillupdatethiscontractandprovideyouwithaccesstothecertificationforyoutoaudit.

Ifyouwanttosubmitustofurtherauditorinspection,wewilldoourbesttohelpyou,butmayhavetopassonourcostsincomplyingwithyourrequest.

We will provide you with the information to meet your legal obligations

Webelievethiscontractanditsannexes,combinedwiththetoolsprovidedwithinTapestry,provideyouwithwhatyouneedtomeetyourlegalobligations.Ifyouthinkthereissomethingmissing,pleaseletusknow.

Ifyouhaveaspecificorunusualrequestforinformation,wewilldoourbesttohelpyou,butmayhavetopassonourcostsincomplyingwithyourrequest.

We will tell you if we become aware of a data breach

Ifwebecomeawareofadatabreach,wewilltellyouaboutitandhelpyoutomeetyourobligationsaswe’vedescribedabove.Wewilldothiswithoutunduedelay.Pleasekeepyourcontactdetailsuptodatesothatwecancontactyouquickly.

Ifwesuspectapossibledatabreachwemay‘lockdown’accesstoTapestryifwethinkthatwouldhelppreventafurtherbreach.ThiswouldmeanthatsomeorallusersofTapestrywouldlosepartialorcompleteaccesstoTapestrywhileweinvestigateandfixwhateverledtothebreach.Wewouldinformyouassoonaspossibleifweneedtodothis.

We will tell you immediately if we are asked to do something infringing data protection law

Ifweareaskedtodosomethingthatwebelieveinfringesdataprotectionlawwewillnotdoso,andwewilltryandreachyouthroughthecontactdetailsyouhavegivenustoexplainwhathashappened.

If something goes wrong

Complaints

Ifyouhaveacomplaint,thenpleasecontactusatcustomer.service@eyfs.infocustomer.service@eyfs.info.

Our Data Protection Officer

Ifyouhaveaconcernthatwehavenotaddressed,pleasecontactourDataProtectionOfficer:

LaurenFoleydpo@eyfs.infodpo@eyfs.info1SouthdownAvenueLewesBN71ELUK

Frequently Asked Questions

With regard to Brexit: will the data be hosted and backed up in the UK once Brexit is finalised? WedonotknowyethowdataprotectionlawwillchangewithBrexit.ButarekeepinganeyeondevelopmentsandmakewhateverchangesarerequiredtobecompliantwithUKdataprotectionlawasitchanges.

Annex B: Tapestry Security ThisannexrelatestotheuseofTapestry,ouronlinelearningjournal.AnnexErelatestodatainourbillingandsupportsystem.AnnexFrelatestodatainourdiscussionforum.

Securityofasoftwareserviceorproductinvolvesmanyaspects,andsatisfyingyourselfthatyoushouldputyourtrustinaproductcanandshouldrequirethatyouaskquestionsoftheorganisationandpeopleoverseeingthatsecurity.ThisannexaimstogiveyouanunderstandingofwhoweareandhowwehaveaddressedtheimportantissueofprotectingtheintegrityofTapestry.

Security Responsibilities Securityisonlyasstrongastheweakestlink.Wethereforeneedtoworkwithyou,theaccountholder,togetherwithanystaffandrelativesyougivepermissiontouseTapestrytoensuretheoverallsystemissecure.Thisannexexplainswhatwedoandwhatwehopeyouwilldo.

Thelatestcopyofthisannex,togetherwithourtermsandconditionsarealwaysavailableinthecontrolpanelofyourcopyofTapestry.

Who are we? Tapestryisthenameofaproductthatwasconceived,developedandisownedbyTheFoundationStageForumLtd.,anearlyyearsorganisationthathasprovidedresourcesandsupportfortheearlyyearsworkforcesinceFebruary2003.Wehavecontractswithmanylocalauthorities,someofwhichhavebeeninplacefortenormoreyears.

The Foundation Stage Forum Ltd

TheFoundationStageForumLtdisaVATregistered,privateUKlimitedcompany.

Ourcompanynumberis05757213.

Ourregisteredofficeisat:

1, Southdown AvenueLewes

East SussexBN7 1EL

OurVATregistrationnumberis932933317.

Youcanwritetousatourregisteredoffice,oremailusatcustomer.service@eyfs.info.

OurcontractsareunderUKlaw.

Wehavetwodirectors:HelenandStephenEdwards.

Director: Stephen Edwards MSc

SteveisthefounderoftheFSF.HeworkedformanyyearsasatechnicalmanagerforthetelecommunicationsorganisationEricsson,havingcompletedaMastersDegreeininformationsystems.Hebecameinterestedintheearlyyearsasaresultofhiswife(Helen,seebelow)settingupanurseryintheirhome,andleftEricssontosetuptheFSFin2002asaresourceandsupportnetworkfortheearlyyearsworkforce.HehasbeenfullyoccupiedwiththeFSFeversince,conceivinganddrivingthedevelopmentofTapestryasapartofthiscommitment.

Steveistheboardmemberresponsibleforsecurity.

Director: Helen Edwards DPhil

Helenhasbeenworkingwithyoungchildrensince1989,firstlyasaprimaryschoolteacher,andthenasasuccessfulnurseryowner/manager,followedbyemploymentasalocalauthorityadvisoranduniversitytutor,andmorerecentlyasanOfstedinspector.ShealsoholdstheEYPstatus.

Data Protection Officer: Lauren Foley

LaurenFoleyisourDataProtectionOfficer.Herdirectemailisdpo@eyfs.info.dpo@eyfs.info.

LaurenjoinedtheFoundationStageForumin2014aftergraduatingfromtheUniversityofBirmingham.ShewasdesignatedourdataprotectionofficeraftercompletingGDPRtraininginNovember2017.

Data Protection Law WearecompliantwithUKdataprotectionlaw.WedescribeourapproachtodataprotectioninAnnexA.

Tosummariseitinbrief:You,theTapestryaccountmanager,ownthedatayouputonTapestry.We,FoundationStageForumLtd,donot.Intechnicalterms,youaretheDataController,wearetheDataProcessor.

Wewillonlydothingswithdatathatyou,orpeoplethatyougivepermissionto,request.

Wewillnotaccessyourdatawithoutyourpermission.

Weonlyusethedatayouentertoprovidetheserviceyousee:anonlinelearningjournalthathelpsyoutomonitortheprogressofchildren,communicatewithparentsandthegovernmentandmanageyouractivities.

Tobeabsolutelyclear:wedon’tusethedataformarketing;wedon’tsharethedatawithotherstodomarketing.

Youshouldbeawareofyourresponsibilitiesasadatacontroller.YoucanfindoutmoreattheInformationCommissioner’sOfficewebsite:https://ico.org.uk/for-organisations/.

YouareresponsibleformakingsurethatyouonlyputdataonTapestrywhereyouhavepermissiontodoso.i.e.,ifaparenthasagreedwithyouthatnophotosoftheirchildshouldbetaken,youareresponsibleforensuringthatnoneofthephotosaddedtoTapestrydepictthatchild.

Access to data Onlyyou,andthoseyouauthorise,willhaveaccesstoyourTapestryaccounts.Youcanrestrictthepeopleyouauthorisetoonlybeabletoviewdataaboutsomechildren.

Ifweneedtoaccessyouraccounttosortoutaproblemyouarehaving,wewillaskyourpermissionfirst.

WewillnotgiveTapestryaccountinformation,oraccesstoyourTapestryaccount,toanyoneotherthanthoseindividualsyouhavesetupasstaffmembers.

Relativescontactingusforaccessdetailswillalwaysbereferredtoyou,theTapestryaccountholder.

Underthedataprotectionact,individualshavearighttoseeacopyofinformationthatanorganisationholdsaboutthem.Asthedatacontroller,youwillneedtorespondtothoserequestsandwe,asthedataprocessor,willhelpyou.Thisisnormallyeasy,sinceyoucanalwaysseeandprinttheinformationyouhaveentered.

Deleting data when it is no longer needed Youcanmodifyanddeletethedatayouenter.

Inthecommoncaseofchildrenleavingyoursetting,youcanmovethemintoa‘deleted’area,where(afteradelayofninetydaystoavoiddisastrousmistakesoccurring)theirdatawillbedeleted(thisincludesrelevantpictures,videos,journalsandreports).

Youcaninstructustodeleteallyourdataatanytime.Butthisisallornothing.Ifyoujustwanttodeletesomeofyourdata,youwillneedtousethecontrolpanelinthesystemtodosoyourself.

IfyouletyoursubscriptiontoTapestrylapse,wewilldeletealldataassociatedwithit.Wedelaythedeletionfor90daysincaseyoursubscriptionhasinadvertentlylapsed(e.g.,it

happenedwhileyouareonholiday,ortherewasadelayinyourLocalAuthoritypayingourinvoice)butifyouexplicitlyaskustothenwewilldeleteyourdataimmediately.

Datawillremaininourbackupsfor90furtherdays.Ifyouwish,youcaninstructustotodeleteallyourdatafromthesebackups.Butitisallornothing.Wecannotdeletesomeofyourdataonthesebackups.

Oncethedataisdeletedfromourbackupswecannolongerrecoverit.

Organisational data security

ISO 27001

WeareworkingtowardsbecomingindependentlycertifiedasISO27001complaintcompliant.Whenwehaveachievedcertificationwewillupdatethiscontractandprovideyouwithaccesstothecertification.

Ourdatacentercentre,AmazonWebServices,hasbeenindependentlycertifiedasISO27001compliant.

Staff

Wearecarefulinwhoweemploy.AllourstaffwithaccesstoyourdatahavebeencheckedandclearedbytheDisclosureandBarringService(DBS)andwechecktheirDBSstatusannually.

Thecompanythathostsourserversanddatabases,AWS,alsovetstheirstaff(thoughinpracticewewouldneverexpectthemtoseeyourdata).

YouareresponsibleforonlygivingaccesstoTapestrytopeopleyoutrustandwhoactuallyneedaccess.Forinstance,pleaseremembertomakestaffinactiveoncetheyhaveleftyourserviceoriftheyarefacingrelevantdisciplinaryprocedures.

Pleasealsoensurethat,whenyougiveaccesstorelativesofchildren,youarecarefultoallocatethemtothecorrectchildren,toentertheiremailaddresscorrectly,andtomaketheminactiveoncethechildhasleftyoursetting.

Procedures

Ourproceduresaredesignedtominimiseouraccesstoyourdata.Forexample,wewouldn’tlogintoyouraccountwithoutyourpermissionandeventhenwouldonlydosoifitwasnecessarytoresolveafaultorproblemyouwereexperiencing.

Wearesimilarlycarefulwithoursuppliers.Thecompanythathostsourserversanddatabases,AWS,operatesonasimilarprincipleofminimalaccess.TheyareISO27001accredited,whichmeanstheyhaveacompleteandappropriatesetofsecurityprocedures.Wewouldneverexpectthemtoneedaccesstoyourdata.

ItisimportantthatyouthinkaboutyourproceduresforwhatsortofdatayouputonTapestryandwhatyouallowyourstaffandrelativestodowithit.

Forinstance,youshouldthinkabout:

• Whetheryougiveallstaffaccesstodataaboutallchildren,orjustsomechildren.• Whenitisappropriateforyourstafftotakeandsharephotosandvideos.• Whatinstructionsyoushouldgivetoparentsastowhatisappropriateforthemto

add,andwhattheymaydowithmaterialthatyouadd(e.g.,insistingnophotosareuploadedtosocialmediasitesbyparentswithoutthewrittenpermissionoftheparentswhosechildrenaredepictedinphotos,videosortext.)

Passwords

ThemainwaywecontrolaccesstoTapestryisthroughpasswords.

Neitheryou,norwe,canseewhatpasswordshavebeenused(technically,wehashthepasswordsbeforestoringthemusingbcryptandweneverwritepasswordstoanylogfiles).

Ourstaffusestrongpasswordsand,forthemoresecuresystems,havetosupplementthecorrectpasswordwithothersecuritymeasures(suchaslogginginfromourofficeIPaddressand/orusingtwo-factorauthentication).

Youareresponsiblefortrainingyourstaff,andencouraginganyrelatives,toadoptsensibleprecautionsaroundtheiruseofpasswords–don’tsharethem,don’treusethem,andmakethemhardtoguess.

Incorrectpasswordattemptswillresultinanaccessforthatuserbeingpreventedforaperiodoftime.Ifyoususpectoneofyourstafforrelativeaccountshasorcouldhavebeencompromised,youcanmakeitinactive.Thiswillpreventaccessusingthataccount.Ataminimum,youshouldthencontactthestafforrelativeandaskthemtochangetheirpasswordonthissystemandanyothersystemonwhichtheyhaveusedasimilarpassword.

YoucanchooseaminimumpasswordstrengththatyoupermitthepeopleyouaddtoTapestrytouse.Wewon’tletthisminimumbeanylessthan10charactersandweallowandencourageyoutosetatougherstandardthanthat(by,forinstance,requiringlongerpasswords).

Foryourstaff,wealsoprovideanoptionwheretheycannotloginwithoutadifferentmemberofstaff(suchasamanager)logginginfirst.WecallthisPINonlystaff.

Ifyouwish,youcansetaninitialpasswordandPINforthestaffandrelativesthatyouadd,butwestronglydiscouragethis.WepreferyoutousetheoptionofsendingresetlinksthatallowuserstosettheirownpasswordsandPIN.

Weallowuserstoresettheirownpasswordsusingtheiremailaddress.You,andmanagersyounominate,canalsoresetpasswordsforstaffandrelatives.Ifamemberofstafforrelativecontactsusbecausetheyhavelostaccesstotheemailaddressassociatedwithanaccount,wewilldirectthembacktoyou.

IfyouhavelostaccesstoyouremailaddressassociatedwithTapestry,oryouhavetakenoveraTapestryaccountduetothedepartureofthepreviousaccountowneranddon’thaveaccess,thenwecanaddanemailaddressforthenewmanager.Inordertoverifythattherequestislegitimatewehavetotakeseveralsteps.Evenifthesestepsaresuccessful,theymaymeanadelayofweeksduringwhichtimeTapestrymaynotbeaccessiblebyyou.Toavoidthis,pleaseensureyouupdatecontactdetailsbeforeamanagerdepartsand,ideally,alwaysregistermorethanonemanagerontheTapestrysystem.

Wedonotcurrentlyhaveafacilityforyoutorestrictaccesstoparticularlocationsorparticulardevices.Thatmakesitdoublyimportantthatyoutakesensibleprecautionsoverpasswords.

Ifyoubelievethepasswordforoneormoreaccountshasorcouldhavebeencompromised,pleaseimmediatelymakethataccountinactiveusingtheTapestrycontrolpanelor,ifyouareunabletodoso,contactusandwewilldoitforyou.Pleasethencontactustodiscusshowtore-activatetheaccountsinawaythatensurestheyremainsecure.

Becausepasswordscanberesetbyemail,ifyoubelievethattheemailaccountassociatedwithaTapestryaccounthasbeencompromised,pleasetreatitasifthepasswordhasbeencompromised:maketheTapestryaccountinactiveandcontactus.

Technical data security TheTapestrywebserviceanddataarehostedinacloudhostingenvironmentoperatedbyAWSintheEU(primarilytheRepublicofIreland,withbackupsinGermany).AWSisthelargestcloudhostingproviderintheworldandprovidesasecureplatformforsomeoftheworld’slargestonlineserviceproviders.

Physical security

AWSensurethatourserversarephysicallysecure.AWSdatacentresarehousedinnondescriptfacilities.Physicalaccessisstrictlycontrolledbothattheperimeterandatbuildingingresspointsbyprofessionalsecuritystaffutilizingvideosurveillance,intrusiondetectionsystems,andotherelectronicmeans.Authorizedstaffmustpasstwo-factorauthenticationaminimumoftwotimestoaccessdatacentrefloors.Allvisitorsandcontractorsarerequiredtopresentidentificationandaresignedinandcontinuallyescortedbyauthorizedstaff.

AWSonlyprovidesdatacentreaccessandinformationtoemployeesandcontractorswhohavealegitimatebusinessneedforsuchprivileges.Whenanemployeenolongerhasabusinessneedfortheseprivileges,hisorheraccessisimmediatelyrevoked,eveniftheycontinuetobeanemployeeofAWS.AllphysicalaccesstodatacentresbyAWSemployeesisloggedandauditedroutinely.

WemakesurethatthedevicesweusetoconnecttotheTapestryserversarephysicallysecure.Wealsodon’tstoreanyofyourdataonourlocaldevices–itisonlyontheservers.

Wealsodon’troutinelystoreanyofyourdataonourlocaldevices.Itisusuallyonlystoredonourservers.Ontheveryrareoccasionswhenwehaveto(inorder,forinstance,todiagnoseabugwhichwehavenotbeenabletoreplicateinanyotherway),westoreaslittleaspossible,forasshortastimeaspossible,withaccesslimitedtoasfewpeopleaspossible.Wealsoensurethatthemachineswestoreitonaresecure,includingensuringthattheirstorageisencrypted.

ItisimportantthatyoumakesurethatthedevicesyouusetoconnectwithTapestryarephysicallysecure.Inparticular,ifyouusesomeformofpasswordmanageronadevicethatremembersyourTapestrypasswordthen,ataminimum,makesurethatthedevicealsorequiresapasswordtologinorunlock.

TheTapestrywebsitedoesn’tstoredatathatyouhaveenteredonyourlaptopordesktop.Therefore,ifyourcomputerisstolen,solongasthepasswordwasn’tstoredonthecomputerthenthepersonwhostolethecomputerwillnotbeabletoaccessTapestrydatawithoutguessingyourpassword.

IfyouwereloggedintoTapestrywhenyourlaptopordesktopwasstolenthen,solongasthebrowserisopenandthemachinehasn’tbeenswitchedoff,thepersonwhostolethecomputerhasashorttimewhentheycoulduseyouraccount.Thereforeitisimportantthatyoueitherlogoffwhenyouleaveacomputerunattended,orensureyourcomputerautomaticallylocksitsscreenwhenyouleaveitandrequiresasecurepasswordtounlock.

TheiOSandAndroidTapestryappsdon’tstorepasswordslocally,onlytemporarilystoresomedata(suchascopiesofimagesthatarebeingshownonscreen),andrequireapasswordorpintobeenteredtoopentheapp.Therefore,ifthedeviceisstolen,thepersonwhostoleitwouldnothavesignificantaccesstoTapestrydatawithoutguessingyourpasswordorPIN.

Thedevicesmayhavecopiesofthepicturesandvideosthathavebeentakenoutsideoftheapp.Thereisalsoasettingthatallowscopiesofpicturesandvideostakenwithintheapptobestoredinthedevice’spicturegallery.However,bydefaultthissettingisdisabled.Ifyoudownloaddata(suchasPDFsofjournals)fromTapestrytoyourdevice,thoseareatrisk.

Software security

We,togetherwithAWS,ensurethatthesoftwarerunningonourserversisuptodate.Werunregularautomatedtestsandinternalsecurityreviewstoexaminetheconfigurationandsecurityofourservers.

Similarly,weensurethatthedevicesweusetoconnecttoTapestryareuptodateandfreefromvirusesandcompromisingsoftware.

ItisimportantthatyoutakesimilarcarewiththedevicesyouusetoconnecttoTapestrytoensuretheyareuptodateandfreefromvirusesorcompromisingsoftware.Ifyougiverelativesaccess,pleasealsoencouragethemtodothesame.

Encryption

ConnectionsbetweenyouandtheTapestryserversareencrypted.TapestryusesEnhancedValidationCertification(EVC),whichdoesnotofferanygreaterdegreeoftechnicalprotection(encryptionisstillperformedatthesamestrength)butdoesofferavisibleassurancethattheserviceisbeingprovidedbyavalidatedorganisation(theFoundationStageForumLtd).

ConnectionsbetweentheiOSandTapestryappsaresimilarlyencrypted.

ConnectionsbetweenourofficecomputersandTapestryareencrypted.

Yourdataisencryptedatrestonourservers.Thisincludesourbackupsofyourdata.

Itisimportantthatyoucheck,andencouragethosewhoyougiveaccesstocheck,thattheyareconnectedtotheofficialTapestrysitebeforeenteringtheirpassword.ThecorrectURLishttps://tapestryjournal.com.Thereshouldbeapadlockorsimilarsymboltoshowthattheconnectionisencrypted.ClickingonthepadlockorsymbolshouldprovideyouwithinformationabouttheconnectionwhichshouldincludethefactthatthesiteisownedbytheFoundationStageForumLtd.

TheSHA1fingerprintofourcertificateisDCF623A3359798986E6B299151B23593DA1F7FDC

Partitioning

Ournetworkispartitionedtoprovideminimumaccessbetweenourserversandtheinternet.Inparticular,ourdatabasescannotdirectlyaccessorbeaccessedfromtheinternet,butonlyfromspecificservers.Onlyahandfulofserverscanbeaccessedfromtheinternet,andonlyonspecificportsandusingspecificprotocols(e.g.,nounencryptedconnectionsarepermitted).Thisreducesthelikelihoodthatexternalhackerscangainaccesstoourserversandthengetdataout.

Ourdataispartitionedsothatyourdataisheldinaseparatedatabasefromthatofotheraccounts.Thisreducesthelikelihoodthatacompromiseinsomebodyelses’saccount(because,forinstance,theyuseaneasilyguessablepassword)wouldleadtoacompromiseofyourdata.

Oursoftwareispartitionedsothatitonlyhastheminimumlevelofprivilegestocarryoutwhatevertaskitiscurrentlydoing.Thisreducesthelikelihoodthatsomebodywhohackedintoonepartofourcodecoulduseittocompromiseotherareas.

Logging

Welogactivityonoursystem.SomeoftheselogsareavailabletoyouintheTapestrycontrolpanel.Weretainmoredetailedlogstohelpdiagnoseandfixfaults.

Verification (also known as Penetration Testing)

Weemployindependentfirmstocheckthatoursystemsaresecurebyattemptingtohackorpenetratethem.Thesefirmsareaccreditedbytherelevantindustrybodies.

ThepenetrationtestscoverboththewebandtheappversionsofTapestry.

Thepenetrationtestsincludeauthenticatedtests,wherethetestersareprovidedwithlogindetailstoTapestryaccountstocheckwhethertheycanexploitthosetoseeorextractdatathatshouldnotbevisible.

ThemostrecentcheckwasinAugust2017.IfyouhavealegitimateinterestinTapestry(e.g.,youaretheaccountowneroraparent)wearehappytoprovideyouwiththeirsummaryofsummarisewhattheyfound.

Wealsoregularlyrunautomatedsecuritytestsandcarryoutinternalsecurityreviews.

Capacity, Redundancy and Backups Oursystem’scapacityscalestomeetdemand.Wedonotcurrentlylimitthenumberofusers,ortheamountofdatathattheystore,wejustaddtherequiredstorageandserverstomeetthedemand,inmostcasesautomatically.

Ifaparticularaccountisusingoursystemexcessivelywemayneedtodiscussthepossibilityofanincreasedsubscriptionfee,butwehaveneveryethadtodothis.

Oursystemisredundantandshouldsurvivethelossofanyserveror,indeed,thelossofaphysicaldatacentre.Thismeansthatwehaveatleasttwocopiesofeachoperationalserverandalldataisstoredinatleasttwolocations.

Wealsoretainbackupsofalldatainadifferentphysicallocation(atthetimeofwriting,theprimaryphysicallocationsareintheRepublicofIreland,thebackupphysicallocationsareinGermany).

Thesebackupsshouldbe,atmost,24hoursoldandweshouldhave90daysofbackups.

Thebackupsaretreatedwiththesamecareastheprimarydata(inparticular,theyareencryptedintransitandrestandstoredinAWSfacilitieswiththesamephysicalsecurityasdescribedinthe‘physicalsecurity’sectionabove).

Pleasenotethatbackupsarefordisasterrecovery.Wewillusethemtorestoreyourdatashoulditbecomelostorcorruptedonthelivesystem.Itisnotdesignedforeasyaccesstorestorespecificbitsofdatathatyouhavedeliberatelydeletedfromthelivesystem.Ifyouaskustoretrievespecificbitsofinformationfromthebackups,wewilldoso,butwemayneedtochargeourcosts.

Keeping in touch about security Ifyoususpectasecurityissue(e.g.,youbelievethatpasswordsonyouraccountmaybecompromisedbecause,forinstance,computershavebeenstolen)thenemailusat

customer.service@eyfs.info.Pleaseincludeadescriptivesubjectlineinyouremail(i.e.,don’tjustsay“Help!”butsay“Help!Ourcomputershavebeenstolen”).

Ifwehaveasecurityconcernaboutyouraccount,wewilltryandemailtheprimarycontactwehavelisted.Thiswillinitiallybethepersonthatsetuptheaccount.YoucanchangethisusingtheControlPanelwithinTapestry(Settings>ContactDetails).Pleasekeepthisinformationuptodate.

Ifyouorwesuspectasecurityproblem,ourfirststepwillusuallybetolockdowntheaccountswhilstweworktogethertoestablishwhathappenedandthebestcourseofaction.

Frequently asked security questions Belowaresomefrequentlyaskedquestionsthatrelatetosecurity.Ifyouhaveaquestionthathasn’tbeencoveredbythisdocument,pleaseaskusatcustomer.service@eyfs.info.Pleasenotethat,forsecurityreasons,wemaynotanswersomequestions(suchas,forinstance,theexactversionsofsoftwarethatweareusing).

Can you fill out this security questionnaire for me?

Tokeepourpricedown,wedonotenterintobespokecontractsorfilloutsecuritychecklists.However,wehopethatourcontract,includingitsannexes,includealltheanswersyouneedandcoveralltheeventsthatyouareconcernedaboutandthatyoucanusethemtofilloutwhateverpaperworkyourequireforyourownsystems.

Ifyouhavequestionsaboutourservicethataren’tcoveredthendogetintouchand,ifwecan,wewilladdtheanswerstothiscontract.

Do you offer a service level agreement?

Tokeepourpricedown,wedonot.However,wetakefulfillingourobligationstoyouveryseriouslyandwilldoourutmosttoensureourserviceistherewheneveryouneedit.

Are you insured?

Yes.Ourinsurancecoversthestandardcorporateliabilities.Inadditionitcoversliabilitiesrelatingtohackingandrelatingtodatabreaches.Likeallinsuranceitissubjecttoexcesses,limitsandexclusions.

What happens if my account subscription should expire?

Wewanttoavoidpainfulmistakeshappeningbecause,forinstance,asubscriptionexpiresduringaschoolholidayandnobodyisaroundtopaythebill.Sowedonotimmediatelydeleteyourdatawhenyoursubscriptionexpiresunlessyouspecificallyaskusto.

However,90daysafteryoursubscriptionexpireswewillpermanentlydeleteyourdata.Datawillremaininourbackupsfor90furtherdays.

Ifyouwish,youcaninstructustotodeleteallyourdatasooner.

Do you store data outside of the EU?

No.

What encryption principles are used for data in transit?

Weregularlycheckourencryptionmeetsmodernstandardsandimproveitasappropriate.Atthemomentweusea2048bitkey,SHA256withRSAandallowTLS1.0,TLS1.1,andTLS1.2.WearereviewingwhetherweshoulddropTLS1.0support.

Have you disabled TLS 1.0 support?

Notyet:AnappreciableproportionofourcustomersstillusedevicesthatareonlyabletouseTLS1.0.

However,wearekeepingthisunderregularreviewandwouldstronglyliketodisableitatsomepointthisyear.

What encryption key management processes are in place?

WeuseAWStomanageourencryptionkeysandprovidethemtoauthorisedserversattherightmoment.

The data centre hosting Tapestry is ISO 27001 accredited. Which version of ISO 27001 is it, and who is the accrediting company?

Theversionis2013,andtheaccreditingcompanyisBMTRADA.

Do you follow standard X or have you been certified as Yany other standards or hold any other certifications?

Unlessmentionedabove,no.Wetakesecurityveryseriouslyandregularlyreviewwhatwedo.Butwehavenotyet,forinstance,undergoneISO27001accreditationasabusiness.

Which board member is responsible for security?

OurManagingDirector,StephenEdwards,isresponsibleforsecurity.

Do you have a documented framework for security governance, with policies governing key aspects of information security relevant to the service?

Wedonotyethaveacompletesetofdocumentation.WehavestartedontheprocessofcreatinganISO27001compliantdocumentationset,buttheprocessisnotyetcomplete.

Can you provide evidence that security and information security are part of your financial and operational risk reporting mechanisms, ensuring that the board would be kept informed of security and information risk?

Weareasmallfirmsoourboard,StephenEdwardsandHelenEdwards,arecloselyinvolvedineverydecisiontakenbythefirm.

Weareveryawareoftheimportanceofinformationsecurity.Wediscussitinalmosteverymeetingandwecontinuouslyattempttoimproveoursecurity.

Wehaveaweeklyformalreviewofoursecuritystate(seeabove)

Wegetindependentpenetrationtesterstoreviewoursystem(seeabove)

Can you provide evidence of processes to identify and ensure compliance with applicable legal and regulatory requirements?

Wediscusscomplianceinalmosteverymeeting,particularlyduringthisperiodoftransitiontotheGDPR.

WehaveappointedaDataProtectionOfficertoholdustoaccountonthispoint.

Do you track the status, location and configuration of service components throughout their lifetime?

Yes.Oursoftwareconfigurationismanagedunderversioncontrol,withrepeatablebuildsandchangelogging.

Yes.Ourhardwareconfigurationismanagedunderversioncontrol,withrepeatablebuildsandchangelogging.

Do you assess changes to the service for potential security impact and monitor that impact to completion?

Yes.

How are potential new threats, vulnerabilities or exploitation techniques which could affect the service assessed?

Werunregularautomatedtestsandinternalsecurityreviewstoexaminetheconfigurationandsecurityofourservers.

Weengageexternalpenetrationtesterstoassessoursystemagainstthelatestthreats.

Do we use relevant sources of information relating to threat, vulnerability and exploitation techniques, eg NIST, NCSC?

Yes.WemonitorCVEsrelatingtothesoftwareourservicedependson.

Yes.WeregularlyreviewguidancefromtheNCSCandOSWAP.WedonotregularlyreviewguidancefromNIST.

How are known vulnerabilities prioritised and tracked until mitigations have been deployed?

Wehaveautomatednotificationsofvulnerabilitiesthatareinourdeployedcode.Thesenotificationsareonlyquietenedwhenfixeshavebeendeployed.

Wehaveinternalissuetrackingforrequiredcodeanddeploymentchanges.

Wereviewandprioritiseremainingsecurityactionsatleastonceaweek.

What are the timescales for implementing mitigations? E.g. in patching policy?

Thisdependsonthevulnerability.

Forinstance,ifwebelievethevulnerabilitycouldleadtodataexposure,wewouldimmediatelytakeTapestryofflinewhilewefixthevulnerability.BecauseTapestrywouldbeoffline,itwouldbeourhighestprioritytofix.Wehaveproceduresforcallinginengineersoutofhoursandatweekends.Wehaveproceduresfordeployingchangestoourproductionconfigurationwithinhours.

Ifthevulnerabilitywasassessedasbeingoflowrisk,itwouldbedeployedaspartofourregularcodeandconfigurationupdates.Thesetendtobemadeatleastonceeverytwoweeksandareoftenmadeseveraltimesaweek.

Other than for fault-finding, are activity logs monitored for suspicious activity, potential compromises or inappropriate use of the service?

Activitylogsforourbackendsystemhaveautomatedalertingforsuspiciousactivity.ThesealertsareseenbyalldevelopersandbyStephenEdwards.

Activitylogsforourcustomersarenotmonitoredbyus.Theyareavailabletocustomerstomonitor.

Do we have an incident management process?

Yes.Anincidentwillbeuniquelyidentifiedandanamedindividualwillbeallocatedresponsibilityformanaginganincidentthroughoursupportsystem.Wehavestandardproceduresforcommonincidents.

What is the process for the vendor to report incidents to the customer?

See“Keepingintouchaboutsecurity”above.

Is 2-factor authentication (2FA) available to end users?

No.Butifsufficientnumbersofusersaskforit,wewillimplementit:Getintouchwithusatcustomer.service@eyfs.info.customer.service@eyfs.info.

Can we require passwords to be changed every X days?

No.TheUKNationalCyberSecurityCentrerecomendthatyouDONOTrequireuserstochangepasswordseveryXdays.

Ifyoususpectapasswordoremailaccountmayhavebeencompromised,youcanmaketheaccountinactiveandthenmanuallyforcethepasswordtobechanged.Wecandothisinbulkforallaccountsifyoucontactus.

Which NSCC system architecture do you use?

Ofthelistathttps://www.ncsc.gov.uk/guidance/systems-administration-architecturesOfthelistathttps://www.ncsc.gov.uk/guidance/systems-administration-architecturesoursystemisclosesttothe‘bastion’model.

Theserviceisrunonpartitionedandprivatenetworks.Managementfunctionsarecarriedoutbydevicesonthecorporatenetworkwhichaccesstheprivatenetworksthroughbastions.

What provision is made for customers to access / monitor audit records for system / data access?

Customershavedirectself-serviceaccesstologsthatshowchangestodata.

Wecanprovidelogsofwhohasvieweddataonrequesttocustomer.service@eyfs.info.customer.service@eyfs.info.

Does your organisation have differentiated access to data depending on the sensitivity level?

Yes.Ourdefaultis‘noaccess’andoursystemsaredesignedtominimiseaccesstodata.Differentpeopleandthedifferentrolestheycarryouthavedifferentaccesstodataanddifferentrequirementsforwhatauthorisationtheymusthavebeforeaccessingit.Weregularlyreviewwhocanaccesswhatandwhytoensureweareprivateandsecurebydefault.

Annex C: Tapestry Privacy ThisannexdescribesourprivacypolicyforpeoplewhoaccesstheTapestryonlinelearningjournalservice,(https://tapestryjournal.com).ThispolicyisintendedtobesharedwithanypersonwhousesTapestryaspartoftheir“righttobeinformed”underUKdataprotectionlaw.SinceweoperateasaDataProcessorforourcustomers,theDataController(usuallyourcustomer–thechildminder,educator,nursery,schoolorsimilareducationalorganisation),willneedtoprovideextrainformationtofulfilthe“righttobeinformed”.Wedescribethisextrainformationbrieflyin‘AnnexA:TapestryDataProtection’andyoucangetmoreguidancefromtheUKInformationCommissioner’sOffice:https://ico.org.uk/for-

organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/.

ThispolicyisintendedtobesharedwithanypersonwhousesTapestry.

WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwithcompanynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.

Ourcustomersarechildminders,educators,nurseries,schoolsorsimilareducationalorganisations.

YouaresomeonewhohasbeengivenaccesstoTapestrybyoneofourcustomers.Forexample,youcouldbeamemberofstaff,arelativeofachild,thechildthemselves,orsomeoneactingonbehalfofachild.

YoumayhaverightsunderEUDataProtectionlegislationrelatingtoinformationwestoreaboutyou.Theserightsaredescribedhere:https://ico.org.uk/for-the-public/.https://ico.org.uk/for-the-public/.Ifyouwanttoexercisethoserights,pleasecontactthecustomerwhoisstoringdatainTapestryinthefirstinstance(e.g.,theschoolornursery).Iftheywanthelpincarryingoutyourrequest,theycancontactus.

OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).(https://ico.org.uk).

The Service Ourcustomerspayustoprovidethemwithaservicethatallowsthemtocreateonlinelearningjournalsforchildrenundertheircare,monitorthosechildren’sprogressandsharethisinformationwiththeirstaffand,iftheywish,thosechildren’sparentsandrelatives.

What data do we collect? Ourcustomersmaychoosetostoresomeofthefollowingdataonourservice:

• Thenamesandemailaddressesoftheirstaff• Thenames,datesofbirthandpostcodeoftheirchildren• Thenamesandemailaddressesoftheparentsandrelativesoftheirchildren• Thecontentsofalearningjournal:

– assessmentsofchildren’sperformance– notes,photographsandvideosofthechildren

• Arecordofthechild’scare:– whattheyateanddrank– toileting– howtheyslept– whethertheyhadanyaccidents

Ourcustomersstorethisinformationinordertorecord,analyseand,iftheywish,sharetheprogressoftheirchildren.

Ourcustomershavethefreedomtochoosewhatdatatheystoreandwhotheystoreitabout.

Ourcustomerschoosewhohasaccesstothedata.

Ourcustomersareabletocorrectanddeletedataatwill.

IfOurcustomersmusttellyouwish,aspartofyourrighttoknowthepolicyforexactlybeinformed,whatdataisstoredinTapestryaboutaspecificpersontheyarestoring,whytheyarestoringitandwhotheyaresharingitissharedwith,pleasecontacttherelevantchildminder,educator,nursery,schoolorsimilareducationalorganisation.

Inprovidingtheservice,wewillsendautomatedemailstostaffandparentsinordertoconfirmemailaddresses,resetpasswordsandnotifythemofeventsrelatingtothecustomer(suchaswhenanewobservationisaddedaboutachild).Weneversendanymarketinginformation,thoughwedosendstaffanewsletteraboutTapestry.

WeONLYaccessthedatastoredbyourcustomersinordertocarryoutourcustomer’sinstructions,tomaintainorimprovetheserviceortofixfaults.Wedonotuseourcustomer’sdataformarketing.Weusesub-contractorstoprocesssomeofthedata,butwedonototherwisesharethisdatawithotherorganisations.

IfyourcontactdetailsareregisteredonTapestryinthe‘contactdetails’section,orasa‘manager’thenwemaycontactyouifwehaveaquestionorconcernabouttheassociatedTapestryaccount.

WhenyouvisittheTapestrywebsitewecollectyour:

• IPaddress,togetherwith• Informationyourcomputersendsaboutitswebbrowserandoperatingsystem,and• Whatpagesyoulookat(e.g.,thelistofobservations),butnotthecontentofthose

pages(i.e.,wecouldnottelldirectlyfromthedatawhetherthelistofobservationscontainedinformationaboutaparticularchild,thoughgiventimeandaccesstothedataaboveitwouldbepossibletofigurethatout)).

Weusethisinformationtomonitorthesecurityofourservice,tohelpusfigureouthowtoimprovetheservice(e.g.,whatbrowsersshouldwesupport?Howmuchcapacityshouldweadd?)andtoimprovethewaywemarkettheservice(e.g.,whatsearchtermswereusedtodiscoveroursite).Wedonotshareit.

Ifyouuseourphoneortabletapplicationwecollect:

• TheIPaddressofthenetworkyourphoneortabletison,togetherwith• Themakeandmodelofyourphoneortablet,togetherwith• Theversionofyourphoneortablet’soperatingsystem,togetherwith• Detailsofanycrashesthatoccurintheapplication,and• Whatscreensyoulookatintheapplication(e.g.,thelistofobservations),butnotthe

contentofthosescreens(i.e.,wecouldnottelldirectlyfromthedatawhetherthelist

ofobservationscontainedinformationaboutaparticularchild,thoughgiventimeandaccesstothedataaboveitwouldbepossibletofigurethatout)).

Weusethisinformationtomonitorthesecurityofourserviceandtotohelpusfigureouthowtoimprovetheservice(e.g.,whatcausescrashes?whichcrashesneedfixingmosturgently?)?).Wedonotshareit.

Who ownsWhat is the lawful basis for storing this data? Ourcustomersownthedatatheyplaceinourservice.Wedonot.Ourcustomer’sdecideandmusttellyouthelawfulbasisforthedatatheyaddtoTapestry.Pleasenote,yourconsentisnottheonlylawfulbasisforstoringdataandourcustomersmayhaveadifferentlegalbasis.

Whose data is it? Wedon’tclaimownershipofthedataenteredintoTapestry.Weonlyuseitaccordingtoourcustomer’sinstructionstoprovidetheservicedescribedabove.

Formally,inUKdataprotectionlegislationterms,ourcustomersarethe“DataController”andwearethe“DataProcessor”.

Therearethreeexceptionstothis,wherewearethe“DataController”:

1. Thecontentofourbillingsystem2.1. Thecontentofoursupportticketsystem3.1. Thecontentofourforums

TheseexceptionsaredescribedinmoredetailinAnnexEandAnnexF.

Who do we share data with? Wedonotsharedata,exceptasexplicitlyrequestedbyourcustomers.

Iftheywished,ourcustomersmightgiveotherpeople(e.g.,stafforparents)accesstodata.Theymightdownloadorprintsomeorallofthedataandshareitwithotherpeople(e.g.,staff,parents,thegovernment).Theymighttransfersomeofthedatatoanotherorganisation(e.g.,parents,thegovernment,anothereducationalestablishmentlookingafterachild).

WeONLYaccessthedatastoredbyourcustomersinordertocarryoutourcustomer’sinstructions,tomaintainorimprovetheservice,ortofixfaults.

How do we collect the data? Mostdataisenteredbyourcustomersdirectlyintoourwebsiteorthroughourphoneandtabletapplications.Ourcustomersmay,iftheywish,permitparentsandrelativesofchildrentoadddatatotheservice.

Somedata(describedabove)issentautomaticallybyyourwebbrowserorbyourapplications.

Wemaystorecookiesonyourcomputerinordertoverifythatyouareloggedinandtostoreyourpreferences.Thecookiesthemselvesdonotcontainanyidentifiableinformationaboutyouoraboutwhatyoulookat.

Can I see my data that is stored on your system? Yes.Theschool,childminder,nurseryorsimilareducationalorganisation,cangiveyouacopyofdataaboutyouthattheyoryouhavestoredinTapestry.Wecanprovideyouwithacopyofanyoftheotherdatathathasbeencollected(e.g.,ourrecordsofyourIPaddressand/ormakeandmodelofyourtabletsetc.).

Can I have my data corrected or deleted? Yes.Theschool,childminder,nurseryorsimilareducationalorganisation,cancorrectordeletethedatatheyoryouhavestoredinTapestry.

Theprocessofdeletionisgradual:initiallydeleteddataismovedtoa‘deleted’areaincaseitwasdeletedinerror.Afteradelay,itisthenpermanentlydeletedfromourmainsystems.Afterafurtherdelay,itisthenpermanentlydeletedfromourbackups.

What are our customer’s responsibilities? Ourcustomersdecidewhotoadddataabout,whatdatatoadd,andhowlongtokeepitfor.TheyhaveoverallresponsibilityforcomplyingwithDataProtectionlaw(ortheequivalentinothercountries).

Wedescribethisinmoredetailinthecontractwehavewithourcustomers.But,forinstance,theyhaveto:

• EnsuretheyhavealegalbasisforwhatdatatheystoreonTapestryandwhotheyshareitwith.

• Thinkaboutwhatinformationitisappropriatetosharewithwhom,giventheirsituationandthatofthechildrenundertheircare.

• Respondtorequestsforaccesstodata.• Traintheirstaffaboutsensiblesecurityandconfidentialityprecautions:

– Takingcareofpasswords.– Takingcarenottoinstallsoftwareoncomputersthatmaycompromise

security.– Takingcarenottoaccessmaterialfrominappropriateplaceswhereitcan’tbe

keptappropriatelyconfidential.• Deletedatawhenitisnolongerrequired.• Removeaccessforpeoplewhonolongerneedaccess.• Giveparentsinstructionsinaccordancewiththeirsafeguardingpolicy.

Contacting Us Youcancontactusatcustomer.service@eyfs.infocustomer.service@eyfs.infoor1,SouthdownAvenue,LewesBN71EL,UK.

WealsohaveaDataProtectionOfficer,LaurenFoley,whocanbereachedatdpo@eyfs.info.dpo@eyfs.info.

Annex D: Tapestry Sub-processors NotallpartsofTapestryarerunin-house.Belowarealistofthesub-contractorsthatweusetoprocesssomeofyourdata.TheyareunderawrittencontractthatensurestheyarecompliantwithUKdataprotectionlaw.

Fortheavoidanceofdoubt:Weareaccountabletoyouforthiscontract.Ifoneofoursub-processorsdoessomethingwrong,itisourfault–wewon’tpassthebuck.

Fortheavoidanceofdoubt:Weinstructoursub-processorsinwaysthatareconsistentwiththiscontract.

Forinstance:AlthoughAmazonWebServiceshavedatacentresoutsideoftheEUand,technically,couldmoveyourdatathere,theyarecontractuallyboundnottodosowithoutourinstructionandwewouldnotinstructthemtodoso.

Forinstance:AlthoughAmazonWebServicescould,technically,accessyourdata,theyarecontractuallyboundnottoexceptifitisstrictlyneccessarytodelivertheirservicetous.Eventhen,theiremployeesarecontractuallyobligedtokeepdataconfidentialandsecure.

List of sub-processors TocontinuetouseTapestry,werequireyourconsenttoouruseofthefollowingsub-processors:

• AmazonWebServices-.TheyhostTapestry.TheyareISO27001compliant.Theiraddressis410TerryAvenueNorthSeattleWA98109-5210.

[NOTE:Wecurrentlyalsousethefollowingsupplierssupplier,butareinwillremovethemfromtheprocessnextreleaseofremovingthemeitherbyreplacingtheirservicewiththatofAmazonWebServicesorbringingourapps,whichshouldbebeforeweneedtoagreetheserviceinhouse].finalversionofthiscontract]

• Viper-Manageourlaptopsandtelephones• Mailchimp-Managesomeofouroutboundemail.• Sparkpost-Managesomeofouroutboundemail.• Crashlytics-ManagesomeofourcrashreportingonourAndroid,iOSandAmazonFire

apps.

Changes to sub-processors Wemay,occasionally,needtoaddorchangethesub-contractorsweusetoprocesssomeofyourdata.

Ifwedo,thenUKdataprotectionlawrequiresustotellyouandtoobtainyouragreement.

We’veincludedthelistofsub-processorsaspartofthiscontractwhichmeansthatifwewanttochangethemwewilldosobyproposingachangetothiscontractwithyou.Wewillgiveyouasmuchnoticeaspossiblesoyoucandiscussanychangeswithus.Wewillthenaskforyourwrittenagreementtothechangeincontract.

Annex E: Billing and support data 1. WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwith

companynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.

2.1. Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.

3.1. Thisannexrelaterelatestodatainourbillingandsupportsystem.ItdoesnotrelatetodataplacedintheTapestryonlinelearningjournal(seeAnnexA)ortodataplacedinourdiscussionforums(seeAnnexF).

What data do we collect? 3. Wecollectthefollowinginformationaboutpeoplewhocontactusbyemailorthrough

oursupportticketsystem:• Theperson’semailaddressandthecontentsoftheemail4. Ifyoucontactusbytelephone,postorface-to-facewemayalsokeepnotesofthose

interactions.

5.4. Westore:• Yourname,emailaddress,telephonenumberandpostaladdress• Thename,emailaddressandtelephonenumbersofanyoneyoutelluswho

administersorpaysforyouraccountwithus.6. Creditcardpaymentinformationisgivendirectlytoapaymentserviceprovider.We

donotholdanycreditcardinformationourselves.

Why do you need this data? 7. Ourlawfulbasisforcollectingthisdatais‘contract’.Weneedthisdatato:• Chargeyouforourservice.• Respondtoquestionsorproblemsraisedbyyouaboutourservice.• Contactyouifwehavequestionsaboutyouraccount.• Decidewhatchangestomaketoourservice.

Who do you share this data with? 8. Wemakeuseofsubcontractorstoprovideourservicetoyouandtheymayseesome

orallofthisdata:• AmazonWebServices-Forhosting.• UnitedHosting-Forhosting.• BarnianMediaLtd-Fortechnicalsupport.• SagePay-Formanagingcreditcardpayments.• Fastmail-Formanagingouremail10. IfyoucontactusinrelationtoaparticularTapestryaccountthenwemaysharethat

datawithotherpeoplewhowebelieverepresenttheorganisationthatownsthataccount.Forexample,ifateachercontactedustoinstructustopermanentlydeleteaparticularchild’sdata,andthentheheadoftheschoollatercontactedustoaskwhyachildhadbeendeleted,wewouldsharetheinstructionfromtheteacherwiththehead.

9.11. Wedonotuseorshareyourdataforanyreasonotherthantoprovideorimproveourservicetoyou.Fortheavoidanceofdoubt:wedonotsellyourdata.

Where is the data stored? 10. YourdataisstoredwithintheEU.OurprocessingiscarriedoutwithintheEU.

How long do you keep this data? 11. Wekeepyourdataforupto7years.Wekeepdatathislongincaseitisrequiredinan

auditandtohelpusdecidewhatchangestomaketoourservice.

How do I exercise my rights under data protection law? 12. Wearethedatacontrollerofthisdata.

13.12. Yourrightsunderdataprotectionlawaredescribedathttps://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.Theyincludetherighttoseeandcorrectthisdata.

14.12. Toexercisethoserights,contactusatcustomer.service@eyfs.infocustomer.service@eyfs.info.

15.12. WealsohaveaDataProtectionOfficer,LaurenFoley,whocanbereachedatdpo@eyfs.infodpo@eyfs.info.

16.12. OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).(https://ico.org.uk).

Annex F: Use of our discussion forum 1. WearetheFoundationStageForumLtd,acompanyregisteredinEnglandwith

companynumber05757213andaregisteredaddressof1,SouthdownAvenue,LewesBN71EL,UK.

2.1. Youareachildminder,educator,nursery,schoolorsimilareducationalorganisation.3.1. Wehaveadiscussionforum(https://eyfs.info)(https://eyfs.info)thatyoumayuseto

discussissuesfacingchildminders,educators,nurseries,schoolsorsimilareducationalorganisations.

Liability 4. Wedonotvouchfortheaccuracy,completenessorusefulnessofanymaterialonthe

forum.Useitatyourownrisk.5.4. Thematerialexpressexpressestheviewsoftheauthorofthematerial,andnot

necessarilyourviews.6.4. Ifyoufeelanymaterialontheforumisisobjectionable,pleasecontactusimmediately

atcustomer.service@eyfs.info.customer.service@eyfs.info.

Content and ownership of your messages 6. Don’tpostanythingwewon’tlike.

– Welikeprofessionaldiscussionoftheissuesfacingissuesfacingchildminders,educators,nurseries,schoolsorsimilareducationalorganisations.

– Wedon’tlikethingsthatareunkind,illegal,lies,uselanguageyouwouldn’twantchildrentohear,orareshamelessadvertising.

7.6. Don’tpostanythingthatyoudon’thavepermissiontopost.Forinstance,ifyoudidn’twritethematerialyouareposting,makesureyouhavethepermissionofthepersonwhowroteitbeforeyoupostit.

8.6. Onshamelessadvertising:Occasionallyduringthecourseofadiscussionitmaybeappropriateforayoutomentionaproductorservicewithwhichyouareinvolvedifithelpsthediscussionanddoesn’tannoyanyone.Wewilluseourdiscretioninthosecases.

9.6. Ifwedon’tlikewhatyoupost,orfearyoumaynothavepermissiontopostit,wewillremoveit.

10.6. Ifwekeephavingtoremoveyourmaterial,orifwereallydon’tlikeit,wewillbaryoufromtheforum.

11.6. Whenyoupostmaterial,youretaincopyrightbutgrantustherighttousethematerial:

• withoutpayment,• inanywaywechoose,• anywhereintheworld,• forever.

12. Ifweuseyourmaterial,wewilltrytoattributeittoyou.

13.12. Ifyouwishtocopymaterialpostedbysomeoneelse,pleasecontactusorthepersonwhopostedforpermission.

Privacy and Data Protection 14. Westoreanydatathatyousubmittous,plusyourIPaddress,detailsaboutyour

browserandcomputerandwhichpagesonoursiteyouview.

15.14. Ourlawfulbasisforstoringandusingthedatais‘contract’.Westoreandprocessthisdatainorderto:– provideadiscussionforum,– monitorabuse,– fixbugs– andtoimproveourservice.

16.14. YourdataisstoredwithintheEU.OurprocessingiscarriedoutwithintheEU.OurforumisaccessiblefromoutsideoftheEU,somaterialyoupostmaybeviewedfromoutsideoftheEU.

17.14. YourforumaccountwilllapseonceyourTapestrysubscriptionlapsesor,ifyouhaveaseparateforumsubscriptiondirectlyorthroughyourlocalauthority,oncethatsubscriptionlapses.

18.14. Whenyourforumaccountlapsesyouwillnolongerbeabletologintotheforumorpostmaterialtotheforum.Atourdiscretion,thematerialyouhavepostedmayremainontheforum.

19.14. Whenyourforumaccounthaslapsedwewillonlyusethepersonalinformationthatyouhaveprovidedusto:– helpyoure-activateyourforumaccountifyoulaterwishtore-subscribe– keeptrackofwhopostedwhatmaterialincaseweneedtoattributeittoyouor

incaseweneedtoverifythatyouhadpermissiontopostthematerial.20.14. Wewilldeletethepersonalinformationthatyouhaveprovidedusatmost7years

afteryourforumaccounthaslapsed.Atourdiscretion,thematerialyouhavepostedmayremainontheforum.

21.14. Wearethedatacontrollerforthisdata.ToexerciseyourrightsunderUKdataprotectionlawyoucancontactusatcustomer.service@eyfs.infocustomer.service@eyfs.info.

22.14. WehaveaDataProtectionOfficer,LaurenFoley,whocanbereachedatdpo@eyfs.infodpo@eyfs.info.

14. OurleadsupervisoryauthorityfordataprotectionistheUKInformationCommissioner’sOffice(https://ico.org.uk).

Changes to this contract Belowisalistofmaterialchangestothisdocument.Ifyouspotachangethatshouldbeinthislist,pleaseletusknow.

2018 March 12 (Second Draft) LinenumbersmentionedbelowarethelinenumbersmarkedonthePDFcopyofthisdraft.

Accross all sections • Fixedtyposandimprovedsomewording.• Adjustnumberingthatoccursbecauseofotherchanges.• Makelinkstoemailsandwebsitesclickable.

A note on this draft • Mentionthelistofchanges(line163).• Fixdates(line174).

Overview • Clarifythatwedosometimescallpeopleback,andofferpaid-fortelephonesupport

sessions(lines189-192).• StateexplicitlythatweareGDPRcompliantandthiscontractcontainstherequired

clauses(lines212-215).• Statethatthelimitonliabilityisreciprocal(lines268-269)• Clarifythatsomeliabilitiesaresetinlawandwearen’tattemptingtooverridethem

(line268).Inparticular,inrelationtoliabilitiesfrombreachesindataprotectionlaw(lines270-275).

Annex A: Tapestry Data Protection • Providemoredetailonwheredataisstored(lines308-330).• Confirmthatwewon’tchangewheredataisstoredwithoutyouragreement(lines

309-311).• ReferencethePrivacyPolicyforafullerexplanationofwhatdataiscoveredbythis

dataprocessingagreement(line345).• Confirmthatwewillgetyourwrittenconsentbeforechangingoursub-processors

(line363).• Confirmthatwewilltellyouifwebecomeawareofabreach(line375,line527,lines

578-582).• SuggestcarefulconsiderationofthelawfulbasisforaddingdatatoTapestry(lines

384-387).• Expandontheimplicationsoftherighttobeinformed(lines439-451).• Clarifywedon’tlicenseyourdata(line469).• Clarifywhocantellyoutorestrictprocessingofdata(itisn’tus)(line474).• Clarifywhocaninstructus(lines480-493).

• Confirmthatweusesub-processorsinawaythatiscompliantwithdataprotectionlawandpointtotheAnnexforadescriptionofhowwewillseekyouragreementifwewishtochangethem.(lines505-507).

• Clarifythatwewillhelpyouto‘lock-down’youraccountifyoususpectabreach(line531-534).

• Clarifythatyouhavetonotifythedataprotectionregulatorinthecaseofabreach(line539).

• Clarifywewon’tdeletedataifwearenotallowedtobylaw(lines562-563).• Clarifythatwemaypartiallyorentirelylockdownyouraccountifwesuspectabreach

(lines583-587).• AddaFAQonBrexit(lines601-605).

Annex B: Tapestry Security • AddVATnumber(line637)• Confirmthatwhendataisdeletedfromourbackups,itisnolongerrecoverablebyus

(line714).• Addareminderaboutwhattodoifyoususpectapasswordoremailaccounthasbeen

compromised(lines795-803).• Clarifywhenandhowwemightstoredataonourlocaldevices(lines824-829).• Providemoredetailonwhatourpenetrationtestscover(lines906-912).• Confirmthatweareinsured(lines969-972).• MakeourTLS1.0supportmoreobvious(lines987-991).• Clarifythatyoucan’tforcepasswordchangeseveryXdays(lines1078-1083).• Confirmwehavedifferentiateddataaccesspolicies(lines1095-1101).

Annex C: Tapestry Privacy • ClarifythattheDataControllerwillneedtoaddmoreinformationtofulfilasubject’s

righttobeinformed(lines1106-1113,lines1153-1154).• Giveexamplesofwho‘you’mightbe(lines1120-1121).• Clarifythatwemaycontact‘managers’registeredwithTapestryusingthecontact

detailstheyhaveenteredifwehaveaquestionorconcernabouttheassociatedTapestryaccount(lines1165-1167).

• ClarifywealsocollectyourIPaddressifyouuseourphoneortabletapp(line1182).• Confirmthatwedonotsharedataaboutyourcomputerortablet(line1193).• ClarifythattheDataControllerwillneedtoprovidethelawfulbasis(line1194-1197).• Removetroublesomereferencetowhoownsdata:keepingthefactthatwedon’t,but

notclaimingthatyoudo(line1199-1200).

Annex D: Tapestry Sub-processors • Confirmthattheyareunderawrittencontractwithus(line1266).• Confirmthatweusetheminawaythatisconsistentwiththiscontract,andgive

examplesinrelationtocommonquestions.(lines1271-1279).• Removereferencestosub-processorswehavenoweliminated(line1288).

• Explainhowwewillseekyourwrittenconsentifweneedtoaddorchangesub-processors(lines1290-1299).

Annex E: Billing and support data • Explicitlystateourlawfulbasisforprocessingdata(line1322).• RemovereferencetoUnitedHosting-wenolongerusethem(line1330).• Clarifythatwewouldsharedatarelatingtoanaccountwithotherrepresentativesof

thataccount.(lines1334-1339).• Clarifythatwedouseyourdatatoimproveourservice(line1341).

Annex F: Use of our discussion forum • Explicitlystateourlawfulbasisforprocessingdata(line1405).

2018 January 5 (First draft) 23.• Firstpublicdraftofnew,moredetailed,contract.