Data, Privacy and Cookies Policy

Introduction

The Boxall Profile Online (“the website”) provides a bank of assessment tools, resources and functionalities to support education professionals and other professional services to identify and respond to the social, emotional, behavioural and/or mental health difficulties of children and young people.

As part of using the website, organisations will choose and consent to the provision of organisational and personal data (the “data”) through the inputting of relevant information to the website. In doing so, nurtureuk acknowledges that the ownership of the data remains with the administrating organisation (i.e. the organisation that the subscription was purchased for or that has been granted access to the website for research purposes, or the individual account owner that purchased tokens).

While using the website, we will require certain data about your organisation, yourself and the children and young people you wish to assess using the Boxall Profile. We are committed to protecting this information. This document will set out the basis on which we will collect, store and process any personal information we collect from you or that you provide to us.

Any questions regarding this data, privacy and cookies policy or complaints should be sent by email to dataprotectionofficer@nurtureuk.org or by post to:

Data Protection Officer
Nurtureuk
The Green House
244-254 Cambridge Heath Road
London E2 9DA

You can also get in touch with the Information Commissioner’s Office (ICO) for any complaints related to our information rights practices. For up-to-date contact information, please check https://ico.org.uk.

Who are we?

The website (https://new.boxallprofile.org) is owned and operated by The Nurture Group Network Limited, trading as nurtureuk. Our registered charity numbers are 1115972 (England, Wales and Northern Ireland), SC042703 (Scotland). For more information about the charity, please click here.

What is the Boxall Profile Online?

The Boxall Profile Online is the website that hosts the digital version of the Boxall Profile assessment and stores a range of strategies, resources and tools to support education professionals and other professional services. For more information on the Boxall Profile, please click here.

Terms used

The terms "nurtureuk", "we", "us", "our" and "ours" when used in this policy mean nurtureuk.

The terms "you", "your" and "yours" when used in this policy means any user of the Boxall Profile Online.

The terms “pupil”, “child”, “children”, “young person” and “young people” refer to anybody being assessed by an adult (e.g. teacher, school staff, professional services, etc.) using the Boxall Profile Online.

The term “organisation” means any school, local authority, multi-academy trust, professional services, or individual that has registered and is accessing the website (either following trial use, the purchase of tokens or a subscription, or by taking part in a research project). The organisation is represented by an account administrator (or the “admin user”), who is generally the person who first registers the organisation on the website, but may also be another user that has been granted the rights to administer the account of the organisation.

Data privacy

Data we collect, store and process

Pupil data

Every pupil assessed using the website has their own unique reference or Electronic Boxall Profile (“EBP”), a unique identifier of the pupil automatically generated by the platform or chosen when a user creates a new pupil’s record (e.g. the pupil’s Unique Pupil Number). Users shall ensure they know the EBP number of each pupil assessed. Users shall also ensure that the same EBP is used when assessing a pupil more than once.

You may choose to provide identifiable pupil data (in particular, the child’s name and their unique pupil number or any other education-wide identifier) instead of a randomly generated EBP to make it easier to use the website and monitor pupil data. We suggest maintaining an offline list (in a secure location) of all the pupils under your care, with the corresponding EBPs and/or identifiable details for your own reference.

Personal pupil data will never be used by nurtureuk for marketing, communications or research purposes, or shared with any third party without the express consent obtained from the owner of the relevant EBP.

To complete an assessment, we will ask you to provide the mandatory details about the pupil being assessed such as date of birth and gender, year group, class name, current SEBD/SEMH support accessed by the child or young person, nurturing provision accessed, context in which the child or young person is assessed, any individual factors affecting the overall development of the child/young person, for you to understand and record the context in which the pupil is assessed.

User-created website content

The website may allow users to upload content visible to all other users in the learning plan, such as new resources.

It is your responsibility to ensure that you do not provide any personal information when creating content that is shared with other users on the website, including pupils’ names, nicknames or initials as well as personal or organisational information. Nurtureuk will endeavour to delete any user-created content that contains any identifiable information. However nurtureuk cannot be held responsible for any personal information users have inputted when creating content on the website.

If you have created website content that contains identifiable information please remove the content accordingly using the editing options or get in touch at hello@boxallprofile.org to request the removal of the item created.

User data

When setting up and using your account with us, we ask you to provide the following mandatory details: email address, full name, organisation details, phone number, billing information and payment details for processing purchases through our website. This is to be able to identify you when you get in touch as well as to comply with the financial and audit rules.

If you choose to invite other users to access your organisation and/or benefit from your subscription, please note they will be able to access the following details: organisation’s name and details, administrator's full name and email address. They may access additional data depending on the roles you have assigned them. Please see the section ‘Keeping your data safe’ below for more information.

When you engage with us, for example, access our information, use our website, report a problem with our website or want to complain, we may collect and process personal information about you. Depending on your activity, this personal information may include your name, email address, telephone number or financial details you have provided. When you contact us, we will ask you a few questions to be able to identify you, your organisation and your user account. We may keep a record of that correspondence.

By submitting this personal information you enable us to support you effectively and/or provide you with the information, services, products or support you selected or requested. We may also collect details of your visits to our website, including but not limited to traffic data, location data, weblogs, and other communication data and the resources that you have accessed.

To help us create a more effective website that reflects users' needs, we may also use cookie files to collect and record information about how our site is used and collect your IP address (a number that identifies a specific internet connection) for system administration and to report aggregated information. Unless you register and sign in to your user account, cookie files and IP addresses will not identify you as an individual. For more information on cookie files and IP addresses, please read our cookies policy. By continuing to use our website, you agree to our use of cookies.

Keeping your data safe

It is your responsibility to protect your pupils’ data, personal data or organisational data inputted and stored on the website against unauthorised access. Please refrain from sharing your password/username or access to your user account to any other person or organisation. Please also ensure you sign out when you finish using the website on a shared computer and ensure you do not opt for devices to remember your access details if they are accessed by other individuals.

It is the responsibility of the administrator user to ensure any user linked to the organisation should be allowed to access or see the data the organisation has created or stored on the website. Different user roles are available to ensure members of an organisation can access the information relevant to them e.g. financial details for a user with a finance role, pupils’ data for teaching staff and so on. It is the responsibility of the administrator user to ensure that every user using the website as part of their organisation has been allocated the correct role and does not access sensitive information that they should not be able to access. You can find information about the different types of roles and their rights via our frequent asked questions area of the website, Help Centre (powered by Zendesk) or by contacting us directly.

Data ownership

Any organisational or personal data entered by a user and stored on the website remains the property of the administrating organisation the user belongs to, or the owner of the individual account that purchased tokens to allow the user to complete the assessments.

An EBP and all the associated pupil data and Boxall Profile assessments entered by a user on the website are owned by the administrating organisation, i.e. the organisation that purchased access to the website via a subscription or tokens.

The data created by any user belongs to the organisation the user is part of. If individual users choose to delete or unlink their account to their parent organisation, or if the admin user chooses to remove a user from their organisation, any pupil data created or edited by the individual user will remain accessible and owned by the parent organisation. As a consequence of deleting or unlinking their account, users will not have access to any pupil data owned by the organisation.

The admin user of one organisation may choose to merge their organisation with another organisation. For example, an individual user who previously assessed pupils using tokens may want to merge with another user to create a school’s organisation. Admin users may want to fully, or partially, merge their organisation:

Deleting data

You have the right to delete or edit any data you have inputted or stored on the website.

For pupil data, the admin user or super-user of your organisation can delete Boxall Profiles assessments or EBP records directly from their dashboard, irrespective of who created them.

Any data you have provided on the website including pupil data, personal or organisation data will be stored securely on our servers as long as it is needed for you and your organisation to use the website effectively, as well as for any relevant communication, research and improvement purposes.

If you are the admin user of an organisation, you will need to contact nurtureuk to delete your account. Deleting your account will lead to the deletion of your organisation’s account and any data owned by your organisation, unless you appoint someone else as the admin user. If you choose to delete your account without appointing another admin user, your personal data as well as any organisation and pupil data linked to your account will be deleted from the website and from our servers according to data-protection rules. None of the users belonging to your organisation will be able to access the organisation. However, their user accounts will not be deleted. If you are a user belonging to an organisation, only your personal data will be deleted; your organisational data as well as any pupil data you have inputted will remain accessible to users linked to your organisation with the relevant access rights unless the admin user chooses to delete the information.

If you no longer wish nurtureuk to store or use your information, you can contact our Data Protection Officer to request the deletion of your account. In such circumstances, you will no longer be able to access your account, the organisation you belong to or the information stored on your account.

We reserve the right to delete or archive the data associated with your account in line with the policy set out in the most recent version of our terms and conditions.

Note that we are legally required to hold some personal information to fulfil statutory obligations, for example to evidence certain financial transactions.

How we may use information

We may use any information you provide on the website in the following ways:

  1. To allow you to participate in interactive features on our website, when you choose to do so. For example, we may generate reports or paid invoices or help you complete forms by pre-filling them, using information you have previously provided.
  2. To help administer user accounts and answer user queries.
  3. To inform you about updates made to the Boxall Profile Online that are relevant to our users.
  4. To provide you with information (including marketing, fundraising or campaigning activities), services or products you have requested.
  5. To process personal information and information about organisations for the purposes of customer analysis and direct marketing to help us with our activities and to provide you with the most relevant information, such as surveys.
  6. To analyse and improve the services offered on our website by providing you with the most user-friendly navigation experience we can for your computer or other internet device.
  7. With your IP address and anonymised information about your access and use of features, your device and your browser, to identify your approximate location, analyse usage patterns, block disruptive use, and to establish the number of visits to the website from different countries and locations, or using different devices, for research and security purposes.
  8. To investigate research questions related to children and young people’s mental health; wellbeing; social, emotional and behavioural difficulties; nurture groups; or the Boxall Profile.
  9. As part of our wider research focus and to improve future products, when we may use anonymised data to analyse historic trends and updating the Boxall Profile norms.

Identifiable pupil data (e.g. names) cannot be downloaded by nurtureuk’s web administrators or user support services for research purposes. However, we can see this information on individual accounts, so we can provide you with high-quality customer service.

User queries

We endeavour to provide the best user support to ensure users are able to access and use the website effectively. For any queries, please visit our Help Centre at https://boxallprofile.zendesk.com/hc/en-gb. If you don't find the information there, please contact us directly via Help or hello@boxallprofile.org, or give us a call us at +44 (0) 20 3962 0886.

We endeavour to answer user queries within five working days. However this duration may be extended during periods of increased activity such as before or after school holidays, when the number of user requests significantly increases.

To provide the most effective user support we may ask you to provide personal, organisation or pupil information that will help us answer your query. On occasion we may ask you to provide a proof of identity before we disclose personal information to you.

Organisations have access to a broad range of information about their accounts and interactions. On request, any user whose personal information we hold may request a copy of that information. In addition, on request, we will anonymise, amend or erase any personal information we hold in relation to a user or an organisation. Pupils and/or parents cannot request us access to their own/pupil’s personal details, but on request a user can access this information on their behalf using the options available on your account.

How we will contact you

We will contact you by phone or email only if any instances in this policy applies. You can contact us to change your contact preferences by emailing hello@boxallprofile.org or calling +44 (0) 20 3962 0886.

We will never contact you to send you information about promotional and marketing materials from Boxall Profile Online team or from nurtureuk by email or phone unless you have given us your prior permission when signing up to the website.

How we handle your information and other organisations

Secure Socket Layer (SSL) encryption is used on the website to encrypt the information you provide us. This ensures that the data is collected and stored securely.

Only our nurtureuk approved support staff and/or the technical collaborators can access your data under the following circumstances:

Nurtureuk will not rent or sell your personal information to other organisations for use by them in their own direct marketing activities.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or in order to enforce or apply our terms of use for this website or other agreements; or to protect the rights, property or safety of nurtureuk, our donors or others; when you act in a professional capacity, we may share the details of the account with the headteacher of the school or director of the organisation. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection.

Also, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies if applicable. Further information is available on request about the factors we shall consider when deciding whether information should be disclosed.

How we handle direct debit or credit card information

Nurtureuk will ensure that sensitive information such as debit cards, credit cards or personal information will be collected and stored securely. We and our partners always use SSL encryption to encrypt data sent between the customer and us or our partners.

Nurtureuk is Payment Card Industry (PCI) compliant and uses external PCI compliant providers to collect this data on our behalf. We do not store PCI data on our own systems. We use GoCardless to collect Direct Debit and Stripe to accept and process payments.

To protect yourself when sending us sensitive information, please ensure that you use devices running supported operating systems and browsers that are regularly updated, and incorporate some form of malware protection. Only connect your devices to networks that you trust. We are not responsible for the security of your own devices or network.

How we handle data for research purposes

We use the website to collect and analyse data for research purposes. Nurtureuk uses the data to better understand the SEMH difficulties experienced by children and young people in the UK and beyond, in order to raise awareness of pupils’ needs in education and at the government-level. All data used for research purposes is anonymised and only used once all personally-identifiable information has been removed and data has been aggregated, so that no findings released by nurtureuk can be attributable to a specific pupil, a specific user or a specific organisation.

We will not disclose any identifiable information about individual EBPs or group of EBPs with other parties without consent. We use aggregated and anonymised data related to EBPs for research purposes, create awareness of social, emotional and mental health difficulties among the public at large and relevant authorities. For any other purposes, you will be asked for consent.

We may ask you to complete surveys that we use for research and user experience improvement purposes, although you do not have to respond to them.

Securing your passwords

Your password is encrypted and stored securely on our servers. We do not keep a record of your password. Please refrain from sharing your password details with nurtureuk staff when sending queries or calling regarding your account.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. You agree not to share that password with anyone else.

Where we store information

For the Boxall Profile Online, nurtureuk uses Internet Service Providers and servers located within European Economic Area. All servers are located in the UK. Nurtureuk shall ensure that your personal information will be held by those Internet Service Providers in compliance with European data protection regulations. By submitting your personal information to our website, you agree to the transfer, storing or processing of data to locations within the European Economic Area, or, in the case of your name, username, email address, payment and organisation details, outside of the European Economic Area under the terms provided by our third-party partners detailed below. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We use Stripe, a payment platform, to process payments related to the Boxall Profile Online. For more information on how Stripe, view the Stripe privacy policy here. Please note that Stripe may transfer data outside of the European Economic Area for storage or processing, but will do so with adequate safeguards, or your express permission.

We use GoCardless, a payment platform, to process payments related to the Boxall Profile Online. For more information on how GoCardless may collect, store or process your information, click here.

We use Zendesk, a customer-service product, to provide support to users of the Boxall Profile Online. For more information on how Zendesk collects, stores and uses data, view the Zendesk privacy policy here. Please note that Zendesk may transfer user data (including your name and organisation details) outside of the European Economic Area, but will do so with adequate safeguards, or your express permission.

How to access your personal information

You have a right to know whether or not we hold any information about you (personal data) and a right to be provided with your information within 40 days in accordance with the Data Protection Act.

You can request what kind of information we hold on you by using the contact details provided at the beginning of this document.

We do not charge for this. It helps us to find your information if you provide us with the relevant details for the nature of your contact with us.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

At any point while we are in possession of or processing your personal data, you have the following rights:

All of the above requests will be forwarded on should there be a third party involved in the processing of your details.

Updates or changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy. Each time you visit this site you should read our Privacy Policy to check that no changes have been made to any sections that are important to you. However, we endeavour to inform you when we made changes to the content of this information.

Cookies policy

We use cookies on our website so that we can tailor the content to you, ensure the website is working the way it should and make improvements. 

A cookie is a small file that is sent to your device such as your computer, tablet or mobile phone which contains information that allows us to recognise that you have used our website before. Cookies are safe and secure and are commonly used on websites.

A cookie typically contains:

How cookies work

When you visit the website, the page that you see and cookies are downloaded to your device. Your browser and our web server exchange the cookie and we use this number to recognise you when you return to our site or browse from page to page. Only the server that sends a cookie can read it, and therefore use that cookie.

This file is stored on your device’s hard drive. All websites can send a cookie to your browser if your browser settings allow it. Many websites do this to track online traffic flow.

Types of cookies

Cookies can be categorised depending on their life span:

  1. Session or temporary cookies: these cookies expire when you close your browser or when the session times out.
  2. Persistent or permanent cookies: these are usually stored on your hard disk and survive across multiple sessions and have a longer expiration date.

The types of cookies we use are:

Third-party cookies on our website

We use Stripe, a payment platform. To read more about how Stripe uses cookies, view the Stripe cookies policy here.

We use GoCardless, a payment platform. To read more about how GoCardless uses cookies, view the GoCardless cookies information here.

We use Google Analytics, a web-analytics package, to collect and analyse anonymised data on how users use our website, including information on your IP address, approximate location, date and time of accessing, and device and browser type. To find out more about the cookies Google Analytics uses, please view the Google Inc. privacy policy here. We may use Google Tag Manager to collect, analyse and act on information about how you use our website for marketing purposes. To find out more about the cookies Google Tag Manager uses, please view the Google privacy policy here.

We may use Google Optimize, a web experiment product, to collect anonymised information about how you use our websites, and to present different versions of our website to you, so we can measure the effectiveness of improvements and improve the service we provide. To read more about how Google Optimize uses cookies, please view supporting information from Google here.

We use Zendesk, a customer support product, to provide support to our users. To read more about how Zendesk uses cookies, please click here.

Controlling or deleting cookies

You can control and disable cookies through your browser settings. All browsers are different, so visit www.allaboutcookies.org to find out more.

View Privacy Policy This website uses cookies to collect and analyse information about the users of this website.
By clicking on any link on this website, you are providing consent for us to set cookies.