This policy (together with our Terms and Conditions and any other documents referred to on it) sets out the basis on which we will process any personal data we collect from you, or which you provide to us, in the course of using our site motional.io.
When you use our site, there are a number of ways in which you provide information and other data to us. By using the site, you consent to us processing and collecting this data, on the terms and for the reasons which are explained below.
HOW YOUR INFORMATION IS COLLECTED
You may complete forms on our site such as our contact form, or by registering with us online. You may email us or otherwise call us to use our services. We may also collect information through technology such as essential cookies and usage logs.
Steps Along the Way routinely collects three different categories of data:
- Participant assessment data
- Personal contact details of Participants Parent, Guardian or next of Kin, teaching staff and care givers
- Enquiries to our site via the contact form
INFORMATION WE MAY COLLECT ABOUT YOU
From every visit you make to our site, we may automatically collect the following:
- Your first and last name, email and/or postal address, telephone number or other information you provide when you fill out a contact form on the Site
- Your IP address
- Your Internet Service provider (“ISP”)
- Any referring or exit pages taking you to or from our site
- Your login information
- Your web browser type and version
- Your time zone & location
- Date/time stamp
- Clickstream data
- Any browser plug-ins and versions used on your browser
- Your operating system
- Your platform / device details
- Information we collect when you interact with our content on the Site. This may include information such as the fact that you viewed or interacted with our content.
HOW YOUR INFORMATION IS USED
We may use your information to:
- send you our newsletters from time to time if you choose to be sent them.
- ensure that content from our site is presented in the most optimised and effective manner for you and for your computer.
- diagnose or fix technology problems.
- control unauthorized use or abuse of the Site and our products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal
- provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- carry out our obligations arising from any contracts entered into between you and us.
- allow you to participate in interactive features of our service, when you choose to do so.
- notify you about changes to our service
- deliver customer service and respond to your inquiries
- administer our site including data analysis, testing, traffic monitoring, research, statistical and survey purposes
If you do not want us to use your information for marketing purposes, please tick the relevant box on the form on which you submit your data. You can also contact us directly by emailing firstname.lastname@example.org
ACCESS TO INFORMATION (Notice to UK Users)
You have the right under the UK Data Protection Act to access the information which we hold about you. If you wish to exercise this right, please send your request to email@example.com
STORAGE AND SECURITY
While data is in transit we use TLS 1.3, X25519, and AES_128_GCM. Data at rest is stored in AWS RDS databases which use the industry standard AES-256 encryption algorithm or on encrypted S3 buckets with access restricted.
- To protect passwords we run 10 rounds of bcrypt
- We enforce strong passwords that don’t appear in HaveIBeenPwned.
- We verify with a nominated person at the school before adding new users to the account.
- We use a “scoped to the tenant” approach for fetching data, so when someone logs in to Motional they will only be able to access data belonging to children on the team that they’re logged in to
- We keep logs of logins
- We have a strict firewall that rate limits access to avoid brute force attempts
- We have alarms set and can disable the site within minutes if necessary
- Motional staff only use trusted wifi networks and company devices to access our backend system
- Motional staff access is tiered depending on user role
- We are entirely hosted on AWS in London, with multi zone availability and automatic failover.
- We have a disaster recovery plan and rehearse it at least 6 monthly
- We have Cyber Essentials accreditation
From 1st Sep 2021 new accounts and subscription renewals will transfer to our new Data Processor Agreement which is now part of our standard T&Cs. We will be deleting data much sooner after the end of a subscription now. When your subscription ends or when you remove a Participant from your account, we start a transfer window of 90 days. We continue to store that data so that the team the Participant moves on to can request permission from you to transfer it to them. This can aid in smooth transitions between settings and improve continuity of approach. You can override this 90 period in your team settings. Bare in mind that whatever period you change it to, that data will be irretrievably destroyed automatically at the end of it. So if one of your staff deletes a Participant or Snapshot by accident, we can recover it back to your account if it is within that transfer window.
If you have a concern about your privacy or you would like to know more about how your personally identifiable information is collected, or used please contact us. We ask that when you contact us with a complaint, please include contact information and clearly describe your complaint. We will respond to your request or complaint within a reasonable time and will let you know next steps in resolving your complaint. If you are not satisfied with our response, you may also contact the Information Commissioner’s Office.
NOTICES AND REVISIONS