The scope of this privacy notice covers the data processed within our SIMS Agora product.
Capita Education Software Solutions (ESS), a trading name of Capita Business Services Ltd, is fully committed to keeping your information safe. This privacy notice explains what personal information we collect, why we collect it, and how we use it. We hope our notice is clear and transparent, but if you have any questions, please get in touch via the contact details in section 2.
SIMS Agora is a "software as a service" solution allowing you, the customer, to make payments for school items such as schools dinners and school trips.
Where your school is responsible for the information that is entered and maintained within the site, they are the Data Controller. Where your school are responsible for the information stored in the SIMS Agora system they must demonstrate compliance with data protection legislation. For further information on what personal information is stored and processed please contact your school.
Where SIMS Agora is the Data Controller, Capita ESS are responsible for the information stored in the SIMS Agora system and must be able to demonstrate compliance with data protection legislation for the processing of personal information. Additionally Capita ESS must demonstrate the same compliancy for any processing of the personal information controlled by your school.
You can refer to the Information Commissioner's Office website for full details on responsibilities of data controllers and processors.
Capita Education Software Solutions
Priory Business Park
Should you have any queries relating to the collection of your information or about this guidance please email the Capita ESS privacy contact.
We collect personal information about you (such as your name, billing address and email address) at the point you register as a customer of SIMS Agora.
The information we collect is captured for checkout and correspondence convenience. For instance, entering your billing address means you need not enter this each time you checkout. Similarly you can subscribe to receive communications from the school about relevant school purchasable items. We store your preferences and give you the option to amend these at any time within your My Account pages.
As part of using SIMS Agora we also collect session information from those users accessing our system, this includes the use of the third party technology Google Analytics.
This information will be used for the following:
Please refer to the Capita SIMS Privacy Notice regarding data processed in our business systems that is collected as part of the SIMS Primary Service for service license and support purposes.
We will only collect and use your personal information (as described in section 3) in accordance with data protection legislation. Our legal basis for processing your personal information are as follows:
SIMS Agora is a securely hosted web service, delivered via the web using standard HTTPS TCP/IP protocols. The SIMS Agora service is hosted on a secure and highly scalable managed service, with the main system hosting provided by Microsoft Azure, which is reliable and resilient. Microsoft Azure matches or exceeds G-Cloud (v6) from the Cabinet Office for use across the UK Public Sector. All data is securely stored and processed within the EU and complies with UK data protection standards and requirements.
All personal information will be held in accordance with Capita plc group policy, and historical records will not be held without legitimate reason. We have a variety of automated retention policies in place that ensure data is regularly cleared down within our system if it has not been used, updated or interacted with in a reasonable amount of time. Where personal information is linked to financial records we reserve the right, on behalf of schools, to store this information for 7 years.
Essentially, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this privacy notice or until you request it is deleted.
Capita Pay360 mange the instruction from you to take funds from a requested account and pass the monies on to the school.
Capita Pay360 are certified to Payment Card Industry Data Security Standard (PCI DSS) Level 1.
You can refer to the PCI Compiance Guide FAQ for more details on the data security standard.
SendGrid manage distribution of payment receipts and communications about relevant school purchasable items.
SendGrid are certified by Privacy Shield.
Within your My Account pages you have the ability to unsubscribe to emails correspondence and can remove your billing address information – this will mean you need to enter your billing address each time you checkout.
The right to be informedPlease contact your schools in the first instance for what information SIMS Agora processes.
The right of accessPlease contact your schools in the first instance for subject access requests regarding information stored in SIMS Agora.
The right to rectificationWhere Capita ESS are the data controller for information within SIMS Agora this can be edited by you within the website. Where the schools are the data controller please contact them directly.
The right to erasure (also referred to as the "right to be forgotten")Please contact your schools in the first instance for requests to remove information stored in SIMS Agora.
The right to restrict processingPlease contact your schools in the first instance for requests that your information is not processed in SIMS Agora.
The right to data portabilityMost information within the website can be printed or exported. Please contact your schools in the first instance for requests to provide more detail.
This Privacy Notice may be updated from time to time so you may wish to check it each time you submit personal information to us. If material changes are made to this Privacy Notice, for instance affecting how we would like to use your personal information, we will provide a more prominent notice.