The Boxall Profile® Online (“the website”) provides a bank of assessment tools, resources and functionalities to support education professionals and other professional services to identify and respond to the social, emotional, behavioural and/or mental health difficulties of children and young people.
As part of using the website, organisations will choose and consent to the provision of organisational and personal data (the “data”) through the inputting of relevant information to the website. In doing so, nurtureuk acknowledges that the ownership of the data remains with the administrating organisation (i.e. the organisation that the subscription was purchased for or that has been granted access to the website for research purposes, or the individual account owner that purchased tokens).
By using the Boxall Profile, a subscribing organisation is accepting the Data Processing Agreement within the terms and conditions for use of the service).
While using the website, we will require certain data about your organisation, yourself and the children and young people you wish to assess using the Boxall Profile. We are committed to protecting this information. This document will set out the basis on which we will collect, store and process any personal information we collect from you or that you provide to us.
Any questions regarding this data, privacy and cookies policy or complaints should be sent by email to dataprotectionofficer@nurtureuk.org or by post to:
Data Protection Officer
Nurtureuk, Insight House, Riverside Business Park, Stoney Common Road, Stansted, Essex, CM24 8PL
You can also get in touch with the Information Commissioner’s Office (ICO) for any complaints related to our information rights practices. For up-to-date contact information, please check https://ico.org.uk.
The website (https://new.boxallprofile.org) is owned and operated by The Nurture Group Network Limited, trading as nurtureuk. Our registered charity numbers are 1115972 (England, Wales and Northern Ireland), SC042703 (Scotland). For more information about the charity, please click here.
Nurtureuk, which manages the Boxall Profile® Online, is ISO27001:2013 certified for information security management (certificate number: 188274). To achieve certification, nurtureuk successfully completed a detailed two-stage audit with an external auditor looking at every aspect of managing systems, protecting data, and continuously improving how information is managed securely. Achieving the ISO standard shows the effectiveness of nurtureuk’s approach to handling information, from recruiting and developing team members, to managing access to systems, and making sure data is backed up regularly.
The Boxall Profile® Online is the website that hosts the digital version of the Boxall Profile® assessment and stores a range of strategies, resources and tools to support education professionals and other professional services. For more information on the Boxall Profile®, please click here.
The terms "nurtureuk", "we", "us", "our" and "ours" when used in this policy mean nurtureuk.
The terms "you", "your" and "yours" when used in this policy means any user of the Boxall Profile® Online.
The terms “pupil”, “child”, “children”, “young person” and “young people” refer to anybody being assessed by an adult (e.g. teacher, school staff, professional services, etc.) using the Boxall Profile® Online.
The term “organisation” or "administrating organisation" means any school, local authority, multi-academy trust, professional service, or individual that has registered and is accessing the website (either following trial use, the purchase of tokens or a subscription, a group of subscriptions, or by taking part in a research project). The organisation is represented by an account administrator (or the “admin user”), who is generally the person who first registers the organisation on the website, but may also be another user that has been granted the rights to administer the account of the organisation.
Every pupil assessed using the website has their own unique reference or Electronic Boxall Profile® (“EBP”), a unique identifier of the pupil automatically generated by the platform or chosen when a user creates a new pupil’s record (e.g. the pupil’s Unique Pupil Number). Users shall ensure they know the EBP number of each pupil assessed. Users shall also ensure that the same EBP is used when assessing a pupil more than once.
You may choose to provide another identifier for pupil data (such as their unique pupil number or another identifier used by your systems) in addition to the randomly generated EBP to make it easier to use the website and to monitor pupil data. We strongly advise that you do not use an identifier that makes any pupil directly identifiable (such as the pupil's name). Instead, we suggest maintaining an offline list (in a secure location) of all the pupils under your care, with the corresponding EBPs and/or identifiable details for your own reference.
Personal pupil data will never be used by nurtureuk for marketing or communications purposes, or shared with any third party without the express consent obtained from the administrating organisation that is the owner of the relevant EBP.
Pupil data may be used by nurtureuk for research purposes only after being anonymised or pseudonymised so that no pupil, user or organisation may be directly identified. We will not share pupil data that has not been anonymised with any third parties for research purposes.
To complete an assessment, we will ask you to provide the mandatory details about the pupil being assessed such as date of birth and gender, year group, class name, current SEBD/SEMH support accessed by the child or young person, nurturing provision accessed, context in which the child or young person is assessed, any individual factors affecting the overall development of the child/young person, for you to understand and record the context in which the pupil is assessed.
The website may allow users to upload content visible to all other users in the learning plan, such as new resources.
It is your responsibility to ensure that you do not provide any personal information when creating content that is shared with other users on the website, including pupils’ names, nicknames or initials as well as personal or organisational information. Nurtureuk will endeavour to delete any user-created content that contains any identifiable information. However nurtureuk cannot be held responsible for any personal information users have inputted when creating content on the website.
If you have created website content that contains identifiable information please remove the content accordingly using the editing options or get in touch at hello@boxallprofile.org to request the removal of the item created.
When setting up and using your account with us, we ask you to provide the following mandatory details: email address, full name, organisation details, phone number, billing information and payment details for processing purchases through our website. This is to be able to identify you when you get in touch as well as to comply with the financial and audit rules.
If you choose to invite other users to access your organisation and/or benefit from your subscription, please note they will be able to access the following details: organisation’s name and details, administrator's full name and email address. They may access additional data depending on the roles you have assigned them. Please see the section ‘Keeping your data safe’ below for more information.
When you engage with us, for example, access our information, use our website, report a problem with our website or want to complain, we may collect and process personal information about you. Depending on your activity, this personal information may include your name, email address, telephone number or financial details you have provided. When you contact us, we will ask you a few questions to be able to identify you, your organisation and your user account. We may keep a record of that correspondence.
By submitting this personal information you enable us to support you effectively and/or provide you with the information, services, products or support you selected or requested. We may also collect details of your visits to our website, including but not limited to traffic data, location data, weblogs, and other communication data and the resources that you have accessed.
To help us create a more effective website that reflects users' needs, we may also use cookie files to collect and record information about how our site is used and collect your IP address (a number that identifies a specific internet connection) for system administration and to report aggregated information. Unless you register and sign in to your user account, cookie files and IP addresses will not identify you as an individual. For more information on cookie files and IP addresses, please read our cookies policy. By continuing to use our website, you agree to our use of cookies.
It is your responsibility to protect your pupils’ data, personal data or organisational data inputted and stored on the website against unauthorised access. Please refrain from sharing your password/username or access to your user account to any other person or organisation. Please also ensure you sign out when you finish using the website on a shared computer and ensure you do not opt for devices to remember your access details if they are accessed by other individuals.
It is the responsibility of the administrator user to ensure any user linked to the organisation should be allowed to access or see the data the organisation has created or stored on the website. Different user roles are available to ensure members of an organisation can access the information relevant to them e.g. financial details for a user with a finance role, pupils’ data for teaching staff and so on. It is the responsibility of the administrator user to ensure that every user using the website as part of their organisation has been allocated the correct role and does not access sensitive information that they should not be able to access. You can find information about the different types of roles and their rights via our frequent asked questions area of the website, Help Centre (powered by Zendesk) or by contacting us directly.
Any organisational or personal data entered by a user and stored on the website remains the property of the administrating organisation the user belongs to, or the owner of the individual account that purchased tokens to allow the user to complete the assessments.
An EBP and all the associated pupil data and Boxall Profile® assessments entered by a user on the website are owned by the administrating organisation, i.e. the organisation that purchased access to the website via a subscription or tokens.
The data created by any user belongs to the organisation the user is part of. If individual users choose to delete or unlink their account to their parent organisation, or if the admin user chooses to remove a user from their organisation, any pupil data created or edited by the individual user will remain accessible and owned by the parent organisation. As a consequence of deleting or unlinking their account, users will not have access to any pupil data owned by the organisation.
The admin user of one organisation may choose to merge their organisation with another organisation. For example, an individual user who previously assessed pupils using tokens may want to merge with another user to create a school’s organisation. Admin users may want to fully, or partially, merge their organisation:
You have the right to delete or edit any data you have inputted or stored on the website, with the exceptions noted below.
We’re legally required to hold some personal information to fulfil our statutory obligations – for example, we're required to hold some information related to financial transactions. We may also be required to hold some data to meet other legal or contractual requirements, and in some cases where a separate data processing agreement (for example, with your employer, or with an organisation that has commissioned services on your behalf) covers the use of all or some of your data.
For pupil data, the admin user or super-user of your organisation can delete Boxall Profile® assessments or EBP records directly from their dashboard, irrespective of who created them.
Any data you have provided on the website including pupil data, personal or organisation data will be stored securely on our servers as long as it is needed for you and your organisation to use the website effectively, as well as for any relevant communication, research and improvement purposes.
To delete a user account, please login, go to the top right corner menu and click on My account details. You can then use “Delete your account”. Your account will be permanently deleted. If your account is linked to an organisation and you are the only user/admin on the account you will NOT be able to delete your account. An organisation must have at least one admin at all times. To delete your account you will need to add another admin to the organisation before you can remove your account. If you don't want your account to be deleted, you can change the details of the account to another person's details when you log in and then use My Account details options. To delete an organisation you must contact the customer service team. A user deleting their own account will NOT trigger the deletion of any data from an organisation - it is only the access to that organisation that will be removed. Removing yourself as an admin from an organisation will leave that organisation entirely intact, including any data that you might have created for that organisation. The data belongs to the organisation rather than the user in our system, and so the organisation's data is only removed when the organisation is removed, and that only happens as the result of a request to customer services from an admin of that organisation.
If you no longer wish nurtureuk to store or use your information, you can contact our Data Protection Officer to request the deletion of your account. In such circumstances, you will no longer be able to access your account, the organisation you belong to or the information stored on your account.
We reserve the right to delete or archive the data associated with your account in line with the policy set out below.
We will not delete or archive data from active subscriptions. We may delete or archive data if a subscription has been inactive (with no logins or assessments completed) for two years. Other agreements may apply that will extend this period.
We may use any information you provide on the website in the following ways:
Identifiable pupil data (e.g. pupil identifiers) cannot usually be downloaded by nurtureuk’s web administrators or user support services for research purposes, unless it has been entered in the incorrect field. However, we can see this information on individual accounts, so we can provide you with high-quality customer service.
We endeavour to provide the best user support to ensure users are able to access and use the website effectively. For any queries, please visit our Help Centre at https://boxallprofile.zendesk.com/hc/en-gb. If you don't find the information there, please contact us directly via Help or hello@boxallprofile.org, or give us a call us at +44 (0) 20 3962 0886.
We endeavour to answer user queries within five working days. However this duration may be extended during periods of increased activity such as before or after school holidays, when the number of user requests significantly increases.
To provide the most effective user support we may ask you to provide personal, organisation or pupil information that will help us answer your query. On occasion we may ask you to provide a proof of identity before we disclose personal information to you.
Organisations have access to a broad range of information about their accounts and interactions. On request, any user whose personal information we hold may request a copy of that information. In addition, on request, we will anonymise, amend or erase any personal information we hold in relation to a user or an organisation. Pupils and/or parents cannot request us access to their own/pupil’s personal details, but on request a user can access this information on their behalf using the options available on your account.
We will contact you by phone or email only if any instances in this policy applies. You can contact us to change your contact preferences by emailing hello@boxallprofile.org or calling +44 (0) 20 3962 0886.
We will never contact you to send you information about promotional and marketing materials from Boxall Profile® Online team or from nurtureuk by email or phone unless you have given us your prior permission when signing up to the website.
Secure Socket Layer (SSL) encryption is used on the website to encrypt the information you provide us. This ensures that the data is collected and stored securely.
Only our nurtureuk approved support staff and/or the technical collaborators can access your data under the following circumstances:
Nurtureuk will not rent or sell your personal information to other organisations for use by them in their own direct marketing activities.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of nurtureuk, our donors or others; when you act in a professional capacity, we may share the details of the account with the headteacher of the school or director of the organisation. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection.
We may be required to share some personal information with our auditors or insurers as part of audit or investigations into insurance claims, but we will always do so to the minimum degree possible, and under conditions of confidentiality. Also, if we investigate a complaint, we will need to share personal information with the organisation concerned and with other relevant bodies if applicable. Further information is available on request about the factors we shall consider when deciding whether information should be disclosed.
Nurtureuk will ensure that sensitive information such as debit cards, credit cards or personal information will be collected and stored securely. We and our partners always use SSL encryption to encrypt data sent between the customer and us or our partners.
Nurtureuk is Payment Card Industry (PCI) compliant and uses external PCI compliant providers to collect this data on our behalf. We do not store PCI data on our own systems. We use GoCardless to collect Direct Debit and Stripe to accept and process payments.
To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems and browsers that are regularly updated, and incorporate some form of malware protection. Only connect your devices to networks that you trust. We are not responsible for the security of your own devices or network.
We use the website to collect and analyse data for research purposes. Nurtureuk uses the data to better understand the SEMH difficulties experienced by children and young people in the UK and beyond, in order to raise awareness of pupils’ needs in education and at the government-level. All data used for research purposes is anonymised and only used once all personally-identifiable information has been removed and data has been aggregated, so that no findings released by nurtureuk can be attributable to a specific pupil, a specific user or a specific organisation.
We will not disclose any identifiable information about individual EBPs or group of EBPs with other parties without consent. We use aggregated and anonymised data related to EBPs for research purposes, create awareness of social, emotional and mental health difficulties among the public at large and relevant authorities. For any other purposes, you will be asked for consent.
We may ask you to complete surveys that we use for research and user experience improvement purposes, although you do not have to respond to them.
Your password is encrypted and stored securely on our servers. We do not keep a record of your password. Please refrain from sharing your password details with nurtureuk staff when sending queries or calling regarding your account.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.
Depending on the nurtureuk services you use, buy, or sign up for on this website, your personal information, or the personal information of others you are working on behalf of, may be transferred, stored, or processed in other systems, by other data processors, and in other locations. If you express an interest in a product, service, or campaign, ask for information on the charity, or apply for a job or role with the charity, your personal information may also be transferred, stored, or processed in other systems, by other data processors, and in other locations. When we use the services of other data processors, we do so to fulfil our obligations under the terms and conditions of the services we provide, and in the legitimate interests of developing our charity, and improving your use of our products and services.
By submitting personal information through this website for these specific services or for specific reasons, you are agreeing to the transfer, storing, or processing of data in locations within the UK and the EEA, and, in some specific cases, to other locations under the terms of data processing agreements we have made with the sub-processors listed in this section. We will always take all steps reasonably necessary to ensure that this data is treated securely and in accordance with this privacy policy, and in line with UK data protection regulations, including the Data Protection Act 2018 and the UK GDPR and if sub-processing involves a transfer outside of the UK and EEA, we will always ensure that our data processing agreement with the sub-processor includes, as a minimum, the Standard Contractual Clauses, along with the UK International Data Transfer Addendum if available, or UK equivalents approved by the ICO. When you (or another user you are working on behalf of) use these services, we may also issue an additional privacy notice that relates to the specific service, the specific programme (for example, a programme of work commissioned by a third party), or to the specific platform or system through which the service is delivered. Any additional terms within these privacy statements, along with any relevant terms within data processing agreements that we have with your employer, or with a third party commissioning our services on your behalf, should be considered part of this privacy policy.
For the Boxall Profile® Online, nurtureuk uses Internet Service Providers and servers located within the UK, and all data related to children and young people is held solely on these servers. All our servers are located in the UK, and all data is encrypted at rest and in transit. Our servers are secured by the hosting organisation in line with the following certifications for data security: SOC 1 Type II, SOC 2 Type II, ISO/IEC 27001:2013, PCI-DSS.
In addition to the standard protection offered by our hosting organisation, we contract with a third-party specialist organisation to test the security of our platform at least annually and ensure that any recommendations are acted upon within reasonable time. Nurtureuk ensures that your personal information is held by our Internet Service Providers in compliance with UK data protection law, including the Data Protection Act 2018 and the UK GDPR.
Access to your data within the website is restricted to a small group of trained nurtureuk administrators, with multiple levels of security protection to prevent unauthorised access.
To manage contact data and our relationships with customers, members, and partners, we use Salesforce CRM, a customer relationship management tool. The data we collect may include personal details including your name and email address, your relationship to an organisation, your job title, details of your use of nurtureuk products and services, including bookings for training courses and sessions. In addition, as part of our administration of the site, or if you opt in to be contacted by us for marketing emails, we use Salesforce Account Engagement, an e-mail tool, to manage mailing lists and to send emails to you. This data is processed and stored within cloud-based Salesforce CRM servers based in the EEA. Data is stored encrypted (at rest when stored on the servers, in the database, in search index files, and in the file system).
We use Zendesk, a customer support tool, to provide support on the use of this website and nurtureuk products and services, and if you email one of our email addresses through this website. The data we collect and process in this way may include your name and email address, your relationship to an organisation, the content of your original enquiry or customer service query, along with any replies to resolve your query, which may include additional data you choose to share (for example, any additional information within your email signature). This data is processed and stored safely in encrypted form in the UK or EEA.
To manage payments for products and services within this website, we use Stripe, a cloud-based payment platform. For more information on how Stripe handles this data, please view the Stripe privacy policy here. Please note that, depending on the specific products or services you have opted to purchase, Stripe may transfer data outside of the UK and EEA for storage or processing, but will do so with adequate safeguards, or your express permission. In its processing agreements with us and with any sub-processors, Stripe uses the Standard Contractual Clauses and the International Data Transfer Addendum approved by the ICO, which provide a high level of protection for user data.
We use GoCardless, a payment platform, to process direct debit payments related to the Boxall Profile® Online. GoCardless will process and store your data safely on servers within the EEA. For more information on how GoCardless may collect, store, or process your information, click here.
As part of our administration of the site, we use Postmark, an e-mail tool, to manage mailing lists and to send emails to you. The data that is held on Postmark servers may include your name, your email address, the identify of your employer or another organisation you are connected to. This data may be processed and stored safely in encrypted form outside the UK or EEA. Our data processing agreement with Postmark includes the EU Standard Contractual Clauses approved by the Information Commissioner’s Office, which offer essentially equivalent protection as under the UK GDPR.
If you request an invoice for a purchase of a product or service from within this website, we will use a third-party service provider to process this request. As part of this processing, your name, email address and relationship to an organisation may be collected and stored by our provider, to service these requests, and to meet requirements in law, such as retention of sales records for VAT purposes. Our provider may also contact you on our behalf to resolve any issues with payment or invoices, or to comply with audit requirements. To manage invoicing and customer data related to these requests, we use Iplicit, a cloud-based accounting system. If your data is held on this system, it is stored securely on servers within the UK or EEA.
We use Google Cloud and Google Workspace services to store and process some information related to your use of nurtureuk services, and to store emails you may send to us through this website, and some forms you may complete within the website. This data may be stored on Google cloud-based servers within the UK or EEA, encrypted at rest.
We use Thinkific, a learning management platform, to host our digital courses and to provide each Boxall Profile® Online Subscription with a coupon code to access the Introduction to the Boxall Profile® Online Course. No personal data is stored on Thinkific as part of this process. To access the Introductory course users will register their details on the Thinkific learning platform.
You have a right to know if nurtureuk is storing any of your personal data, and a right to be provided with that information promptly(with some exceptions, as specified under the UK GDPR).
You can request what kind of information we hold on you by using the contact details provided at the beginning of this policy.
We do not charge for this. It helps us to find your information if you provide us with the relevant details for the nature of your contact with us.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
At any point while we are in possession of or processing your personal data, you have the following rights:
All of the above requests will be forwarded on should there be a third party involved in the processing of your details.
We reserve the right to make changes to this policy. Each time you visit this site you should read our policy to check that no changes have been made to any sections that are important to you. However, we endeavour to inform you when we made changes to the content of this information.
We use cookies on our website so that we can tailor the content to you, ensure the website is working the way it should and make improvements.
A cookie is a small file that is sent to your device such as your computer, tablet or mobile phone which contains information that allows us to recognise that you have used our website before. Cookies are safe and secure and are commonly used on websites.
A cookie typically contains:
When you visit the website, the page that you see and cookies are downloaded to your device. Your browser and our web server exchange the cookie and we use this number to recognise you when you return to our site or browse from page to page. Only the server that sends a cookie can read it, and therefore use that cookie.
This file is stored on your device’s hard drive. All websites can send a cookie to your browser if your browser settings allow it. Many websites do this to track online traffic flow.
Cookies can be categorised depending on their life span:
The types of cookies we use are:
We use Stripe, a payment platform. To read more about how Stripe uses cookies, view the Stripe cookies policy here.
We use GoCardless, a payment platform. To read more about how GoCardless uses cookies, view the GoCardless cookies information here.
We use Google Analytics, a web-analytics package, to collect and analyse anonymised data on how users use our website, including information on your IP address, approximate location, date and time of accessing, and device and browser type. To find out more about the cookies Google Analytics uses, please view the Google Inc. privacy policy here. We may use Google Tag Manager to collect, analyse and act on information about how you use our website for marketing purposes. To find out more about the cookies Google Tag Manager uses, please view the Google privacy policy here.
We may use Google Optimize, a web experiment product, to collect anonymised information about how you use our websites, and to present different versions of our website to you, so we can measure the effectiveness of improvements and improve the service we provide. To read more about how Google Optimize uses cookies, please view supporting information from Google here.
We use Zendesk, a customer support product, to provide support to our users. To read more about how Zendesk uses cookies, please click here.
We use Hotjar to better understand our customers' needs and to improve their online experience. Hotjar is a technology service that tells us about people’s behaviour on our website: how much time they spend on which pages, which links they click, what they do and don’t like etc. Using cookies and other technologies, Hotjar gathers the following information about each visitor to our site:
Hotjar stores this information for us in a pseudonymised user profile. Hotjar is contractually forbidden to sell any data collected on our behalf. For further information, please see the 'about Hotjar' section of Hotjar’s support site.
You can control and disable cookies through your browser settings. All browsers are different, so visit www.allaboutcookies.org to find out more.
| Description of data subjects | Description of the personal data | Controller | How is the data collected (sources) | Purpose of processing | Main lawful basis (Article 6 GDPR) | Who data is shared with | How and where is the data stored | Transferred outside EEA? | Transfer impact assessment? | Covered by privacy notices, DPA or contract terms? | Retention policy |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Users of the Boxall Profile® Online (BPO) website | Hotjar behaviour tracking and cookies, anonymised data on devices, location, clicks, etc. | nurtureuk | On the website via Google analytics and Hotjar | Improve products and services, improve customer journeys | Consent | n/a | Fully anonymised data shared with subprocesses _ Google, Hotjar | Hotjar and Google servers | Yes | No | Deletion after five years, except where required for legal compliance |
| Logged-in users of Boxall Profile® Online (BPO) | Basic details (Name, Email, details of employer, job title) | BPO organisations (e.g subscribing school, commisioner or token-using organisation) | Via BPO website | For identification purposes and to support customer queries | Consent | Server providers, Salesforce CRM, Postmark, Google cloud storage | BPO website, Salesforce CRM, Postmark | Yes, for Postmark | Yes | Yes, terms and conditions and data policy consent | BPO organisation is controller - nurtureuk reserves the right to delete after account inactive for two years |
| Logged-in users of Boxall Profile® Online (BPO) | Details of usage of the BPO tool by users and organisations | nurtureuk | Via BPO website | To support customer queries, to send emails to users, and to improve products and services | Consent | Server providers, Salesforce CRM, Postmark, Google cloud storage | BPO website, Salesforce CRM, Postmark | No | N/a | Yes, terms and conditions and data policy consent | Deletion after five years, except where required for legal compliance |
| Customer support requests for BPO, nurtureuk | Basic details: name, email address, details of employer, job title and descriptions of requests | nurtureuk | Via BPO website, Gmail addresses, Zendesk | For identification purposes and then support customer queries | Consent | Zendesk, Google cloud storage (for nurtureuk email addresses), Salesforce CRM (ticket details) | Zendesk, Salesforce CRM | No | N/a | Yes, terms and conditions and data policy consent | Deletion after five years, except where required for legal compliance |
| Data on children and young people profiled within BPO | Required information when profiling: DOB, gender, level of need from answers to questionnaire interventions accessed Current nurturing provision Context in which assessed Optional information as added by the user: Pupil's name individual factors affecting the overall development of the child/young person |
BPO organisations | Via BPO website | Providing BPO tool to users, BPO organisations and commissioners | Contract | Anonymised data may be shared with commissioning organisations. | BPO web servers, Google workspace | No | N/a | Yes, terms and conditions, processing described in detail in privacy policy | BPO organisation is controller - nurtureuk reserves the right to delete after account inactive for two years |
| Data on children and young people profiled within BPO | Required information when profiling: DOB, gender, level of need from answers to questionnaire interventions accessed Current nurturing provision Context in which assessed Optional information as added by the user: Pupil's name individual factors affecting the overall development of the child/young person |
nurtureuk | Via BPO website | Research | Contract | Anonymised data shared with commissioned researchers, commissioning bodies or other bodies if and when research is created. | BPO web servers, Google workspace | No | n/a | Yes, terms and conditions, processing described in detail in privacy policy | All data anonymised or pseudoanonymised - retained as required for research |
| Customers making card purchases on the BPO site | Details of orders, purchases or interactions, redacted credit card details | nurtureuk | Via BPO website. Collected by Stripe on behalf of nurtureuk | To enable ordering and contract fulfillment | Consent | Full data held by Stripe, limited data shared with finance partners | Stripe, limited details on BPO website | Yes, for Stripe | Yes | Yes, terms and conditions and data policy consent | Deletion after five years, except where required for legal compliance. Review every year |
| Customers making invoice purchases on the BPO site | Details of orders, purchases or interactions, redacted credit card details | nurtureuk | Via BPO website. Collected by Stripe on behalf of nurtureuk | To enable ordering and contract fulfillment | Consent | Limited data shared with finance partners and Iplicit | Stripe, limited details on BPO website, Iplicit or with finance partners | No | Yes | Yes, terms and conditions and data policy consent | Deletion after five years, except where required for legal compliance. Review every year |
| Customers making direct debit purchases on the BPO site | Details of orders, purchases or interactions, redacted credit card details | nurtureuk | Via BPO website. Collected by Stripe on behalf of nurtureuk | To enable ordering and contract fulfillment | Consent | Full data held by GoCarddless, limited data shared with finance partners | GoCardless limited details on BPO website | No | N/a | Yes, terms and conditions and data policy consent | Deletion after five years, except where required for legal compliance. Review every year |
View Privacy Policy
This website uses cookies to collect and analyse information about the users of this website.
By clicking on
any link on this website, you are providing consent for us to set cookies.