Support for completing Data Privacy Impact Assessment

Support for completing Data Privacy Impact Assessment

Our terms and conditions, along with our privacy statement explain how we comply with the relevant legislation, including the Data Protection Act and the UK GDPR. 

DocumentDescriptionHyperlink
Commercial Licence agreementTerms and Conditions of sale between a school and Cornerstones. These are accepted by a school when they purchase a licence to Maestro.https://my.cornerstoneseducation.co.uk/commercial-licence-terms-and-conditions
Privacy PolicyWhat personal information we collect, disclose and use when you use our sites and how you can exercise your privacy rights.https://my.cornerstoneseducation.co.uk/privacy-policy
Consumer terms and conditionsTerms and Conditions between an individual and Cornerstones. These are accepted by a user when they purchase a subscription to our services or purchase from our online shop.https://my.cornerstoneseducation.co.uk/consumer-terms-and-conditions
EULA and acceptable useEnd User Licence Agreement and Acceptable Use Policy. This applies to all users of our website and other platforms.https://my.cornerstoneseducation.co.uk/eula
Service Level AgreementThis sets out our commitment to you with regard to customer service, system availability and backups.https://my.cornerstoneseducation.co.uk/service-level-agreement
Complaints procedureHow you can contact us if you need to make a complaint.https://my.cornerstoneseducation.co.uk/complaints-procedure

You can also find a draft Data Processing Agreement in the Library on Maestro.

If your school decides to use Wonde to transfer data between your MIS and Maestro, data will be processed by a third party Wonde. You may wish to complete a separate DPIA for Wonde (Wonde: Data Protection PolicyWonde: Privacy policy).

Cornerstones Education is audited annually against ISO/IEC 27001 by the British Standards Institution (BSI). This is an internationally recognised standard to help companies manage and protect their information assets so that they remain safe and secure. Click the link below to download a copy of our certificate:

https://cornerstones--live.s3.eu-west-2.amazonaws.com/uploads/2023/11/30095003/IS-676822-001.pdf

FAQs

Below we have listed some examples of questions that may be found on a Data Privacy Impact Assessment (DPIA). If you need any further support, please email: dataprotection@cornerstoneseducation.co.uk.

Aims/Objectives of the project/system that is to be implemented

Example 1: Maestro is an online tool to plan, teach and assess pupils. It enables monitoring and management of a school curriculum and assists senior leaders and other stakeholders in demonstrating their in-school provision. The Cornerstones Curriculum (included on Maestro) includes age-appropriate lesson activities and resources for teachers. It is being used to reduce teacher workload and create a fun and vibrant curriculum that is progressive and relevant.
 
Example 2: It also supports subject leadership in school, helping to monitor intended and actual subject coverage and progression. It helps to ensure rich, sequenced subject learning across year groups and support teachers’ subject knowledge with quality resources.
 
Example 3: Maestro provides a seamless link between curriculum, teaching and assessment and will provide teachers with tools to help assess children’s coverage and progression, and make accurate and meaningful judgements of what is being taught and learned in the curriculum. Staff can view and share lesson plans, timetables and assessment, which allows for efficient and effective paperless curriculum delivery and management.

Scope and nature of data processing

School information: used for processing any payments, contacting you about school and setting up the school account.
Local authority information, DFE number, Address etc., Class names and year groups
 
Teacher information: used for logging in/out and audit trails and for support purposes.
First name, last name, Position in school, School email address (personal email address if no school email address)

Pupil/class information: used to track and assess pupils’ learning and to report to stakeholders.
Minimum required: First name, last name, Date of birth, Admission date, UPN, Gender
Optional*: SEN status, Ethnicity, Time in school, EAL, Most able, Service Child, Looked after child, Pupil premium
* may include special category data
 
Device and usage data: used for diagnosis of problems, personalisation of the system and support purposes.
This is not an exhaustive list, but gives an indication of the kind of data we collect. Google analytics, data about your favourite projects. Device data such a browser time, date IP address.Cookies such as _ga, _gat, _gtag_xxx, _gid, wordpress_logged_in_xxx, wordpress_sec_xxx, CSRF_TOKEN, LS_CSRF_TOKEN.

Once the account has been set up, Cornerstones will only access data with consent from the customer for a specified purpose, e.g. support, diagnosis of issues. At the end of the support call, access will be restricted once more. Access is role-based and limited to the support and development teams. All staff who have permission to access this data receive regular security training.

Data retention

We only retain the personal data collected from a user for as long as the user’s account is active, or as long as we need it to fulfil the purposes for which we have initially collected it unless otherwise required by law. Following termination of your contract, your information will be deleted from our systems after 6 months.

Data security

Maestro is hosted by Amazon AWS on servers in London, United Kingdom. All pupil data, curriculum information, attainments will be stored on these servers. Data at rest is in a VPC private subnet and is stored using AES-256 encryption. Data is transferred via HTTPS TLS(SSL).

Our Company CRM is hosted by Zoho EU on servers in Amsterdam, Netherlands. All school information (e.g. DFE number, Main contact name, Phone number), purchase history, training and contact notes will be stored on these servers.


    • Related Articles

    • Teacher assessment

      The Teacher assessment page collates all the information that has been carried out using the Taught/Assess functionality, test data and any discrete attainments to support a teacher to make a summative judgement. Individual school policy will dictate ...

    • EYFS assessment

      We have updated the assessment areas of learning on Maestro to reflect the government changes in the revised Early Learning Goals (ELGs) and best practice from 2021. Any historical individual assessments against old criteria have been migrated to the ...

    • Developing an assessment policy

      In their Annual Report 2019/2020, Ofsted reaffirmed that ‘assessment is not an aim in itself, but is linked to the curriculum progression model’, and your school’s curriculum, based on the national curriculum, is your progression model. It's ...

    • Assessment Imports

      Cornerstones Education can upload your historic assessment data into Maestro so that you have all of your school’s data in one place. If you would like to your assessment data on Maestro, please just contact us. Once your data has been uploaded, if ...

    • Test data return deadlines

      Due to the way that test data is collected through Maestro, no data will need to be returned to us as schools can just add their test data directly into Maestro for the conversions to be created. For further information please read the following ...