Support for completing Data Privacy Impact Assessment

Support for completing Data Privacy Impact Assessment

Our terms and conditions, along with our privacy statement explain how we comply with the relevant legislation, including the Data Protection Act and the UK GDPR. 

DocumentDescriptionHyperlink
Commercial Licence agreementTerms and Conditions of sale between a school and Cornerstones. These are accepted by a school when they purchase a licence to Maestro.https://my.cornerstoneseducation.co.uk/commercial-licence-terms-and-conditions
Privacy PolicyWhat personal information we collect, disclose and use when you use our sites and how you can exercise your privacy rights.https://my.cornerstoneseducation.co.uk/privacy-policy
Consumer terms and conditionsTerms and Conditions between an individual and Cornerstones. These are accepted by a user when they purchase a subscription to our services or purchase from our online shop.https://my.cornerstoneseducation.co.uk/consumer-terms-and-conditions
EULA and acceptable useEnd User Licence Agreement and Acceptable Use Policy. This applies to all users of our website and other platforms.https://my.cornerstoneseducation.co.uk/eula
Service Level AgreementThis sets out our commitment to you with regard to customer service, system availability and backups.https://my.cornerstoneseducation.co.uk/service-level-agreement
Complaints procedureHow you can contact us if you need to make a complaint.https://my.cornerstoneseducation.co.uk/complaints-procedure

You can also find a draft Data Processing Agreement in the Library on Maestro.

If your school decides to use Wonde to transfer data between your MIS and Maestro, data will be processed by a third party Wonde. You may wish to complete a separate DPIA for Wonde (Wonde: Data Protection PolicyWonde: Privacy policy).

Cornerstones Education is audited annually against ISO/IEC 27001 by the British Standards Institution (BSI). This is an internationally recognised standard to help companies manage and protect their information assets so that they remain safe and secure. Click the link below to download a copy of our certificate:

https://cornerstones--live.s3.eu-west-2.amazonaws.com/uploads/2023/11/30095003/IS-676822-001.pdf

FAQs

Below we have listed some examples of questions that may be found on a Data Privacy Impact Assessment (DPIA). If you need any further support, please email: dataprotection@cornerstoneseducation.co.uk.

Aims/Objectives of the project/system that is to be implemented

Example 1: Maestro is an online tool to plan, teach and assess pupils. It enables monitoring and management of a school curriculum and assists senior leaders and other stakeholders in demonstrating their in-school provision. The Cornerstones Curriculum (included on Maestro) includes age-appropriate lesson activities and resources for teachers. It is being used to reduce teacher workload and create a fun and vibrant curriculum that is progressive and relevant.
 
Example 2: It also supports subject leadership in school, helping to monitor intended and actual subject coverage and progression. It helps to ensure rich, sequenced subject learning across year groups and support teachers’ subject knowledge with quality resources.
 
Example 3: Maestro provides a seamless link between curriculum, teaching and assessment and will provide teachers with tools to help assess children’s coverage and progression, and make accurate and meaningful judgements of what is being taught and learned in the curriculum. Staff can view and share lesson plans, timetables and assessment, which allows for efficient and effective paperless curriculum delivery and management.

Scope and nature of data processing

School information: used for processing any payments, contacting you about school and setting up the school account.
Local authority information, DFE number, Address etc., Class names and year groups
 
Teacher information: used for logging in/out and audit trails and for support purposes.
First name, last name, Position in school, School email address (personal email address if no school email address)

Pupil/class information: used to track and assess pupils’ learning and to report to stakeholders.
Minimum required: First name, last name, Date of birth, Admission date, UPN, Gender
Optional*: SEN status, Ethnicity, Time in school, EAL, Most able, Service Child, Looked after child, Pupil premium
* may include special category data
 
Device and usage data: used for diagnosis of problems, personalisation of the system and support purposes.
This is not an exhaustive list, but gives an indication of the kind of data we collect. Google analytics, data about your favourite projects. Device data such a browser time, date IP address.Cookies such as _ga, _gat, _gtag_xxx, _gid, wordpress_logged_in_xxx, wordpress_sec_xxx, CSRF_TOKEN, LS_CSRF_TOKEN.

Once the account has been set up, Cornerstones will only access data with consent from the customer for a specified purpose, e.g. support, diagnosis of issues. At the end of the support call, access will be restricted once more. Access is role-based and limited to the support and development teams. All staff who have permission to access this data receive regular security training.

Data retention

We only retain the personal data collected from a user for as long as the user’s account is active, or as long as we need it to fulfil the purposes for which we have initially collected it unless otherwise required by law. Following termination of your contract, your information will be deleted from our systems after 6 months.

Data security

Maestro is hosted by Amazon AWS on servers in London, United Kingdom. All pupil data, curriculum information, attainments will be stored on these servers. Data at rest is in a VPC private subnet and is stored using AES-256 encryption. Data is transferred via HTTPS TLS(SSL).

Our Company CRM is hosted by Zoho EU on servers in Amsterdam, Netherlands. All school information (e.g. DFE number, Main contact name, Phone number), purchase history, training and contact notes will be stored on these servers.


    • Related Articles

    • Developing an assessment policy

      Welsh Government has yet to stipulate its expectations regarding assessment within the Curriculum For Wales 2022. It's essential that as a school, you decide how, when, why and what you will 'assess' or 'measure', taking into account the workload of ...

    • Recording Test Results to gain Standardised Scores and Teacher Assessment Bandings

      You can enter your children’s test scores directly in Maestro and convert them into a standardised score and a teacher assessment judgement (Within expected, Greater depth, Below etc). This information will then be pulled through to the Teacher ...

    • Training and support

      Did you know that as part of your Maestro licence, you can access free online and exceptional value face-to-face training opportunities? Options include: For senior Leaders: Customised training sessions designed specifically for your leadership team, ...

    • Wonde permissions

      In order to sync your MIS with Maestro, certain permissions need to be granted in order for the information to be shared. This article will explain which permissions we need in order to sync your classes and pupils onto Maestro. About Wonde Wonde is ...

    • Analyse pupil progress

      Analyse pupil progress is a good tool to review the impact of your curriculum. You can view an overview of assessments for single or multiple year groups, classes or learning groups, and drill down into the actual attainments for each pupil or pupil ...