Who Are We?
We are the Yorkshire and Humberside Japanese School. We are a Japanese Supplementary School, and we own, operate and manage the website, www.yhjs.uk.
What Data Do You Collect?
When you visit our website, our web host will collect your IP address, the date and time you accessed our website, the device that you used, the operating system that you used, the browser that you used, the URLs you accessed, the URL you arrived from and the duration of your visit. This is to protect their systems and our website from online threats. Your data is stored on our web server for a maximum of 30 days. Some of the data collected by our web host is also compiled by them into some basic analytics data. This data is stored indefinitely and anonymously on our web server.
When you visit our website, we collect anonymous data to gain insights into its usage and identify areas for improvement. We do not create profiles or track any personally identifiable information, nor do we utilise cookies. The anonymous data we gather includes a record of your visit, the URLs you accessed, the URL you arrived from, as well as the country and city you accessed our website from. To anonymise your data, we use your IP address to get an approximate location, then encrypt your IP address and save the resulting ID to the database. This anonymised ID is subsequently used to identify any future visits you make to our website. Analytics data is stored indefinitely on our web server.
To protect our website from malicious activity, we will also we will collect your IP address, the date and time you accessed our website and the URLs you accessed. Additionally, if you are a registered user of our website, we will track the time you log in and log out of our website, any modifications that you make to the website and the IP address associated with these actions. This data is stored on our web server and is held for a maximum of 12 days.
When you add a comment to our website, we will collect a copy of your name, email address and comment. Furthermore, we will collect your IP address, the device that you used, the operating system that you used and the browser that you used. This is to help identify and prevent malicious activities like spamming, hacking attempts, and other forms of abuse. We will store your comment data on our web server for as long as it remains accessible to the public. Your comment, including your name, email address and IP address may also be collated into an email and sent to us using the PHP Mail function. We implement this practice to facilitate the prompt moderation of our website, ensuring a safe and engaging environment for all users. Your comment data is stored indefinitely on our email server. We will also send an anonymised string created from your email address to Gravatar to check if you have an associated profile image. If a profile image is available, your profile image will be downloaded to our web server and displayed alongside your comment.
When you send us a message using a contact form, we will collect your name, email address, message and any other information you include about yourself or others within the message. This is so that we can respond to the message and undertake any related actions. Your message, including your name, and email address will be collated into an email and sent to us using the PHP Mail function. Your message will then be stored indefinitely on our email server and our web server. Additionally, your contact details may be added and stored indefinitely on our contact server and our project management server.
To reduce spam, when you add a comment to our website or send us a message using a contact form, we will send your IP address, device name, operating system, browser name, the URLs you visited and the URL that you visited from to our spam protector. Your name, email address and message may also be sent. Your data will be stored on our spam protector’s servers and deleted within ninety days. If you would like to opt your email address out of long-term tracking by our spam protector, please click here and complete the form.
Any media you upload to our website will be stored on our web server, including any embedded EXIF metadata. Your media will be kept for as long as it remains accessible to the public.
When you send us an email, we collect the complete email, including your name, company name, email address, message and any other information you include about yourself or others within the message. This is so that we can respond to the email and undertake any related actions. Your email will be stored indefinitely on our email server. Additionally, we may add and store your contact details indefinitely on our contact server and project management server.
When you phone or text us, or we phone or text you, your phone number and the timestamp of your communication will be collected on the device used for the communication, as well as any linked devices. Your data will be stored indefinitely. In order to act on the phone or text message, we may also collect your name, company name, phone number and postal address. Your contact data will be added and stored indefinitely on our contact server. Additionally, our mobile phone providers may store a record of all calls and messages that we exchange.
Any voicemail messages you leave, including the date, time, and any personal details you provide in the message, will be stored on the device you called and any linked devices. The data will be stored indefinitely. In order to act on the voicemail, we may also collect your name, company name, phone number and postal address. Any contact details collected will be added and stored indefinitely on our contact server.
As we are a community group, our members use their own personal mobile accounts. Subsequently, we are unable to confirm how long your communication data may be retained by mobile phone providers.
When we communicate using an app such as Viber or WhatsApp, personal information related to our communication will be collected. This may include your name, telephone number, the timestamp of your communication, the content of your communication, your profile picture, your status and any media files you send, including any embedded EXIF metadata. Your data will be stored on the mobile device we used for the communication and any linked devices. Furthermore, the app provider generally stores a copy of your personal information used in the communication on their servers. Storage practices vary between apps, and we recommend reviewing the privacy policies of the apps you use for details. Additionally, we may add and store your contact details indefinitely on our contact server and project management server.
If we organise a meeting together, we will collect and store personal information, including the contact details of the meeting’s participants. This is so that we can coordinate the meeting, make any necessary arrangements and provide follow-up communication. Meeting data may be stored indefinitely on our contact server, our email server and our project management server.
When you choose to enrol at YHJS, we will collect <SCHOOL TO COMPLETE – CONSIDER NAME, PHONE, EMAIL, ADDRESS, ZOOM IDs, ETC* Furthermore, *YHJS TO COMPLETE IF REQUIRED>. This is so that we can contact you in relation to school matters. Enrolment data may be stored indefinitely on our file server, our email server, our contact server and our accounts server.
When you register or are registered as a user on our website, we collect your name, email address and password, as well as any additional details you choose to provide in your user profile. This information allows you to modify the content of our website and personalise your user experience. For support purposes, website administrators will have access to view and edit the data stored in your user profile. Your profile data will be stored on our web server and will be deleted when your profile is deleted. As part of the registration process, we may send an email that provides your username and contains a link so that you can set your password. We will also receive a confirmation email that will include your username and email address. For our records, all emails related to your registration will be stored on our email server indefinitely.
When you attempt to log in to our website, your IP address and the number of logins you attempted will be added to our access log. This is to protect our site from unauthorised logins. Our access log is held on our web server, and data is held for a maximum of seven days.
If you visit suspicious URLs or register too many login attempts on our website, your IP address will be recorded on our web server, and your access to our website will be blocked. This website is also part of a network of websites managed by our web host and, if you visit suspicious URLs or register too many login attempts on any site within the network, your IP address, the device that you used, the operating system that you used and the browser that you used will be recorded by our web host, and your access to all sites on the network will be blocked.
<YHJS TO CONFIRM> To ensure the security of this website, all publicly accessible information will be scanned for malware by our site scan provider. This includes scanning any personal information that you posted publicly. Our site scan provider retains the scanned data on their servers for 30 days.
<YHJS TO CONFIRM> All data added to our web server is backed up on our file server and all data added to our file server, our email server and our contact server is backed up on our backup server. All data added to our web server is also backed up on our remote web backup server. All data stored on our mobile devices is backed up to our mobile device servers.
All data stored on our individual mobile devices is backed up, with each member utilizing their own mobile device servers as part of their personal account infrastructure.
All information stored on our file server, email server, contact server and mobile device server may also be stored on select local computers and mobile devices.
Please rest assured, we will never send you any unsolicited marketing or spam, and we will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the UK Data Protection Act 1988 (DPA), the EU Data Protection Directive 1995 (DPD) and the EU General Data Protection Regulation 2018 (GDPR).
Do You Use Embedded Content?
We avoid using embedded content such as videos, images and articles. This is because embedded content appears like it is part of our website, but is actually from another website, which has its own set of policies in relation to cookies, privacy and tracking. Where we do use embedded content, we will clearly label the content as embedded to avoid confusion.
Does Your Site Use Browser Caching?
Our website utilises browser caching, which involves storing certain website files, such as images, scripts, stylesheets, and static content, on your device’s local storage. This allows for faster subsequent visits as the files are retrieved from your device’s cache instead of being downloaded again from our servers. Please be aware that cache files are temporary and set to expire after a maximum of one year. Additionally, it’s important to note that any content you post on our website may be downloaded and stored on other users’ devices. We advise against posting sensitive or personally identifiable information as we cannot control or be held responsible for the actions of other users who store cached data from our website on their devices.
Does Your Site Use a Content Delivery Network?
Who Has Access To My Data?
<YHJS TO CONFIRM> Our school has a parent head of school, parent secretary, parent treasurer and parent web managers. Depending on what data you provide us, one or all of the above people may have access to your data. The parent head of school, parent secretary and parent treasurer have access to all data stored on our email server, file server, contact server, and accounts server. Our parent web managers have access to our web server. Access to the mobile devices you communicate with is limited to the device owner. In the event of a security breach, attack, or malfunction, we may need to provide temporary third-party access to our servers. This is done solely to resolve any issues and ensure the security of our systems.
How Do You Secure My Data?
<YHJS TO CONFIRM> Data security is of great importance to us, and to protect your data, we have put in place a variety of measures to safeguard the data we collect from you. This includes the following:
– Only keeping your data for as long as we need to and for as long as we have your permission to keep it.
– Password protecting all data that we hold about you.
– Passcode protecting all mobiles devices.
– Password protecting all computers and laptops.
– Using two-step authentication on all mobile devices, computers and laptops.
– Using two-step authentication to protect our website, web server, file server, email server, contact server and our backup server.
– Adding the facility to remotely erase all content on a device in the event of a theft as soon as the device connects to the internet.
– Encrypting all data stored on our local devices, file server and contact server.
– Ensuring all data transferred between our web server and your web browser is encrypted.
– Ensuring all emails are encrypted before being sent across the internet.
– Ensuring all emails are protected by SPF, DKIM, and DMARC authentication protocols.
– Securing our website using established and highly reputable security software.
– Undertaking daily scans of our site to ensure no malware is present.
If you would like more information about the measures we take to protect your data, please feel free to ask for a copy of our Data Protection Policy by sending a message to firstname.lastname@example.org.
Where Is My Data Stored?
SiteGround is our web host, and they provide our web server, CDN servers and our web backup servers, all of which are powered by Google. <YHJS TO CONFIRM> also provides our file, email, contact server and backup server, <YHJS TO CONFIRM> provides our accounts server, and mobile device servers are handled individually by our community members through their respective mobile accounts. <YHJS TO CONFIRM> SiteGround provides our site scanning service, and Akismet provides our spam protection service. <YHJS TO CONFIRM>All data collected and processed is stored within the European Economic Area (EEA), with the exception of data stored on mobile phone servers, Akismet’s servers, and Gravatar’s servers. However, we would like to reassure you that all our providers adhere to the General Data Protection Regulation (GDPR) guidelines. <YHJS TO CONFIRM> We have also entered into Data Processing Agreements with Akismet and Gravatar to ensure the proper handling and safeguarding of your data.
Why Do You Use Third Parties?
We use some third parties because they can perform some services we require more effectively and securely than ourselves.
Can I Learn More About Your Third-Party Providers?
To obtain more information regarding the storage and processing of your data by the third parties we collaborate with, please click on the links provided below.
Do You Share My Data?
We may, from time to time, share the anonymised data that we collect with third parties such as prospective investors, affiliates and partners. Furthermore, in certain circumstances, we may be legally required to share some of your data. Examples of this include court orders and government requests. Please be aware, in such circumstances, we will not require any further consent to share your data with the parties involved.
Can I See the Data That You Hold About Me?
If you would like to access or review the data we hold about you, please contact us at email@example.com. We will then make reasonable efforts to provide you with access to your data and review it. However, please be aware that we may require identification to process your request. In some cases, we may not be able to fulfil your request as it would interfere with the rights of other individuals or it would require disproportionate effort or expense. If we are unable to fulfil your request, we will provide you with a clear explanation of why we cannot do so.
Can You Remove the Data That You Hold About Me?
If you would like us to remove any data we hold about you, please contact us at firstname.lastname@example.org. We will make reasonable efforts to delete the data from our servers. However, please be aware that certain legal or security obligations may require us to retain some data, and we may require identification to process your request. Additionally, please note that specific information cannot be deleted from our backups due to technical limitations. Nevertheless, we maintain a record of deletion requests, and we will apply them to future backup restorations to ensure the eventual removal of your data.
What If the Data You Hold About Me Is With a Third-Party?
We only use reputable third parties that support requests for access, review, and deletion of personal data. In the event that your data is held by a third party on our behalf, we will collaborate with them to facilitate your request.
Can I Withhold My Data?
You can access our website without providing any personal data. You can do this by choosing not to complete any of the online forms.
Do You Comply with Legislation Outside of the EU?
We take data protection and user privacy laws seriously, and our website is designed to comply with the rigorous standards set out by the EU legislation. This means that our website is likely to be compliant with data protection and user privacy legislation set out by most other countries and territories. However, if you have any questions or concerns about whether our website is compliant with the data protection and user privacy legislation in your country of residence, please do not hesitate to contact us at email@example.com.
What Happens If You Have a Security Breach?
In the event of a security breach where there is a risk to your rights and freedoms, we will notify you and the appropriate regulatory authorities within 72 hours of becoming aware of the breach.
Our notification will include details of the breach, the nature of the data affected, the likely consequences of the breach, and the measures we have taken or will take to address the breach and mitigate any negative impact on your personal data. We will also provide you with any additional information or advice you may need to protect yourself from the consequences of the breach.
Who Is Your Data Protection Officer?
We do not process personal data on a significant scale and therefore do not require a Data Protection Officer.
What Happens if I Want to Make a Complaint?
If you believe that we are using your data unlawfully, or not adequately protecting your data, you have the right to file a complaint with the supervisory authority responsible for upholding information rights in your country or region. Please click the link below for a list of the supervisory authorities within the EU.
Furthermore, please click the following link for the UK’s supervisory authority.
Please be aware that, as we are a community organisation, we are exempt from ICO registration. For more details about ICO exemption, please click here.
Before filing a complaint, we recommend that you first try to resolve any issues or concerns you may have with us. We will make every effort to address your concerns and ensure that your data protection rights are upheld.
Do You Have Any Other Terms or Policies?
What Happens if Your Business Changes Hands?
Where Can I Get Further Information?