Capita SIMS Agora Capita SIMS Agora

The online payments solution

Privacy Notice

Introduction

The scope of this privacy notice covers the data processed within our SIMS Agora product.

Capita Education Software Solutions (ESS), a trading name of Capita Business Services Ltd, is fully committed to keeping your information safe. This privacy notice explains what personal information we collect, why we collect it, and how we use it. We hope our notice is clear and transparent, but if you have any questions, please get in touch via the contact details in section 2.

Contents

1. Accountability

2. Who collects your personal information

3. What personal information do we collect

4. What our legal basis is for processing your personal information

5. Where your personal information is processed and how it is secured

6. How long do we keep your personal information

7. Who we share your personal information with

8. How you can amend your preferences

9. Cookie information

10. Your rights

11. Changes to our Privacy Notice

1. Accountability

SIMS Agora is a "software as a service" solution allowing you, the customer, to make payments for school items such as schools dinners and school trips.

Where your school is responsible for the information that is entered and maintained within the site, they are the Data Controller. Where your school are responsible for the information stored in the SIMS Agora system they must demonstrate compliance with data protection legislation. For further information on what personal information is stored and processed please contact your school.

Where SIMS Agora is the Data Controller, Capita ESS are responsible for the information stored in the SIMS Agora system and must be able to demonstrate compliance with data protection legislation for the processing of personal information. Additionally Capita ESS must demonstrate the same compliancy for any processing of the personal information controlled by your school.

You can refer to the Information Commissioner's Office website for full details on responsibilities of data controllers and processors.

Back to Contents

2. Who collects your personal information

Capita Education Software Solutions
Franklin Court
Priory Business Park
Cardington
Bedfordshire
MK44 3JZ

01234 838080

Website

Should you have any queries relating to the collection of your information or about this guidance please email the Capita ESS privacy contact.

Back to Contents

3. What personal information do we collect

We collect personal information about you (such as your name, billing address and email address) at the point you register as a customer of SIMS Agora.

The information we collect is captured for checkout and correspondence convenience. For instance, entering your billing address means you need not enter this each time you checkout. Similarly you can subscribe to receive communications from the school about relevant school purchasable items. We store your preferences and give you the option to amend these at any time within your My Account pages.

As part of using SIMS Agora we also collect session information from those users accessing our system, this includes the use of the third party technology Google Analytics.

This information will be used for the following:

  • To monitor the usage of our service and systems to support the development and enhancement of future features
  • To assist Capita ESS support and operations functions to tune their services to provide scalable and performant software using utilisation information of a period of time
  • To enhance the security of the system by tracking suspicious and anomalous behaviour.

Please refer to the Capita SIMS Privacy Notice regarding data processed in our business systems that is collected as part of the SIMS Primary Service for service license and support purposes.

Back to Contents

4. What our legal basis is for processing your personal information

We will only collect and use your personal information (as described in section 3) in accordance with data protection legislation. Our legal basis for processing your personal information are as follows:

  • ContractualWe may process personal information associated to a contract or product purchase. It is important for us to hold this data in order to ensure that we have records from a legal perspective to whom signed and agreed to the definitions of agreements and who to contact following issues and/or to send renewal information.
  • ConsentWhere necessary we will only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any sensitive information about you if we have your consent.
  • Legitimate InterestsWe may use and process some of your personal information where we have conducted Legitimate Interest Assessment and have a legitimate business grounds for doing so. Under European privacy legislation here is a concept of "legitimate interests" as a justification for processing your personal information. Please see section 10 for your rights.

Back to Contents

5. Where your personal information is processed and how it is secured

SIMS Agora is a securely hosted web service, delivered via the web using standard HTTPS TCP/IP protocols. The SIMS Agora service is hosted on a secure and highly scalable managed service, with the main system hosting provided by Microsoft Azure, which is reliable and resilient. Microsoft Azure matches or exceeds G-Cloud (v6) from the Cabinet Office for use across the UK Public Sector. All data is securely stored and processed within the EU and complies with UK data protection standards and requirements.

Back to Contents

6. How long do we keep your personal information

All personal information will be held in accordance with Capita plc group policy, and historical records will not be held without legitimate reason. We have a variety of automated retention policies in place that ensure data is regularly cleared down within our system if it has not been used, updated or interacted with in a reasonable amount of time. Where personal information is linked to financial records we reserve the right, on behalf of schools, to store this information for 7 years.

Essentially, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this privacy notice or until you request it is deleted.

Back to Contents

7. Who we share your personal information with

Payment Processing:

Capita Pay360 mange the instruction from you to take funds from a requested account and pass the monies on to the school.

Capita Pay360 are certified to Payment Card Industry Data Security Standard (PCI DSS) Level 1.

You can refer to the PCI Compiance Guide FAQ for more details on the data security standard.

Email Communications:

SendGrid manage distribution of payment receipts and communications about relevant school purchasable items.

SendGrid are certified by Privacy Shield.

Back to Contents

8. How you can amend your preferences

Within your My Account pages you have the ability to unsubscribe to emails correspondence and can remove your billing address information – this will mean you need to enter your billing address each time you checkout.

Back to Contents

9. Cookie information

Please refer to our Cookie Policy.

Back to Contents

10. Your rights

The right to be informedPlease contact your schools in the first instance for what information SIMS Agora processes.

The right of accessPlease contact your schools in the first instance for subject access requests regarding information stored in SIMS Agora.

The right to rectificationWhere Capita ESS are the data controller for information within SIMS Agora this can be edited by you within the website. Where the schools are the data controller please contact them directly.

The right to erasure (also referred to as the "right to be forgotten")Please contact your schools in the first instance for requests to remove information stored in SIMS Agora.

The right to restrict processingPlease contact your schools in the first instance for requests that your information is not processed in SIMS Agora.

The right to data portabilityMost information within the website can be printed or exported. Please contact your schools in the first instance for requests to provide more detail.

Back to Contents

11. Changes to our Privacy Notice

This Privacy Notice may be updated from time to time so you may wish to check it each time you submit personal information to us. If material changes are made to this Privacy Notice, for instance affecting how we would like to use your personal information, we will provide a more prominent notice.

Back to Contents

Padlock