By continuing to browse this site you permit us to place cookies on your browser and agree to our use of cookies.
See our Cookies Policy for more details.

Privacy Notice

Who we are

We are Equin Ltd, established 2007. Our company number is 06347232, and our ICO data protection reference is Z1904040.

Equin Ltd is the provider of Insight, a Software as a Service product.

Insight’s Purpose

Insight is an online assessment tracking tool. Since 2007, Insight has enabled schools to record staff, pupil and assessment data for the purpose of attainment and progress monitoring.

We place a high value on delivering an excellent experience for our customers. To us, this means working hard to create a product which is simple to use, genuinely helpful and well supported.

We’re committed to achieving sustainable growth. This means seeking to grow Insight’s customer base, together with the Equin Ltd team, at a rate that doesn’t result in having to compromise on the quality of the customer’s experience. This kind of growth benefits our customers, who can feel reassured that our established business is here to stay.

Our Data Protection Philosophy

As a school, you are the Data Controller in respect of the personal data you store on Insight, and Equin Ltd is the Data Processor. We collect personal information as a Data Controller as well, in order to operate our business.

Your data is yours. At all times we aim to respect any personal data you share with us, or that we receive from other organisations, and keep it safe.

We never sell personal information, and we’re committed to treating your data only in ways you’d expect. When we use third parties to help us deliver our services and products, we take care to ensure those third parties are equally committed to safeguarding your privacy.

We aim at all times to promote a positive culture around data protection and security. Our policies and processes are under constant review.

About this Privacy Notice

This Privacy Notice (“Notice”), together with our Terms of Service and any other documents referred to within, sets out our data collection and processing practices and your options regarding the ways in which your personal information is used. It applies to information we collect about:

  • Visitors to our website;
  • People who enquire about Insight
  • People who use Insight;

From time to time, Equin Ltd may develop new products or offer additional services and may update this Notice accordingly. If we need to make changes to how we process and use your personal information, we will update this Notice and keep you informed where appropriate.

Visitors to our Website

We use Google Analytics, a third party service, to monitor anonymised data about visitors to https://www.insighttracking.com. This helps us understand how visitors find and use our website, in order to make improvements to how we deliver Insight in line with our purpose defined above, and to assess the effectiveness of our marketing. This information is only processed in a way which does not identify anyone.

Use of Cookies

Please refer to our Cookies Policy for information on how we use cookies.

Information we collect as a Data Controller

We collect certain personal information in our capacity as a Data Controller, in order to run our business. We collect information:

1. When you give it to us directly

When you get in touch with us, either to make an enquiry about Insight, start a free trial, open an Insight account or seek support, we store personal information which may include your name, phone number and email address. Your means of contacting us may be via email, telephone, post or through an online social media service such as Twitter or Facebook.

We may also collect non-personally identifiable information about you, your school, and any trusts or other groups that your school may belong to. This may include your position at your school, the school’s and/or trust’s name, contact and DfE details. Non-personally identifiable information by itself cannot be used to identify or contact you. However, this information may be combined with other identifiers in a way that enables you to be identified.

Purpose
: We use this information to address and keep track of enquiries about Insight, administer Insight accounts and free trials, and to deliver ongoing support to customers in a timely and effective manner, in line with our general purpose outlined above.

Lawful basis for processing: “Contract”. This processing is necessary for us to deliver our contracts with the schools and trusts who use Insight, or to take the required steps to address enquiries prior to entering into a contract.

Purpose: We may occasionally use this information for direct marketing purposes, to let you know about new products, tools and services we offer, where these are similar in scope to those of our products, tools and services you currently use. Any such contact will be made in line with applicable law, including the Privacy and Electronic Communications Regulations (PECR) , and in line with our general purpose outlined above.

Lawful basis for processing: “Legitimate Interests”. This processing is necessary as part of our efforts to grow our business. We take the same care over personal information collected this way as over any personal information we store. If we do contact you, we’ll always give you an upfront opportunity to opt out from future contact.

Right to Object: You have the right to object to the processing of your personal information collected under this lawful basis. Please see the ICO’s guidance for more information.

Retention: We retain personal information collected this way for up to 12 months following any enquiries, or for as long as your school is a customer of or has a free trial of Insight, or indefinitely as required to keep track of requests not to be contacted. After an Insight account is closed we retain personal information where reasonably necessary to resolve disputes, enforce our Terms of Service, meet regulatory requirements, maintain security, prevent fraud and abuse, or comply with our legal obligations (including law enforcement requests). Where none of these obligations apply, your personal information will be deleted within 12 months of your account being closed. Non-personally identifiable information about you, your school, and any trusts or other groups that your school may belong to may be retained indefinitely.

2. When it is available publicly

We may collect publicly available information about you and your school which is available from external sources, including the government’s Get Information About Schools service and school or trust websites. Personal information collected this way may include your name, phone number and email address. This may be combined with non-personally identifiable information about you, your school, and any trusts or other groups that your school may belong to, including your position at your school, the school’s and/or trust’s name, contact and DfE details.

Purpose: We use this information for direct marketing purposes, in order to keep track of people and organisations who may be interested in Insight, and to contact people and organisations where appropriate in line with applicable law, including the Privacy and Electronic Communications Regulations (PECR) , and in line with our general purpose outlined above.

Lawful basis for processing: “Legitimate Interests”. This processing is necessary as part of our efforts to grow our business. We take the same care over personal information collected this way as over any personal information we store. If we do contact you, we’ll always give you an upfront opportunity to opt out.

Right to Object: You have the right to object to the processing of your personal information collected under this lawful basis. Please see the ICO’s guidance for more information.

Retention: We retain personal information collected this way for up to 12 months following any contact, or for as long as your school is a customer of or has a free trial of Insight, or indefinitely as required to keep track of requests not to be contacted. Non-personally identifiable information about you, your school, and any trusts or other groups that your school may belong to may be retained indefinitely.

Information we collect as a Data Processor

When you use Insight, either as a customer or during a free trial period, you are the Data Controller in respect of any data you store in Insight (“Customer Data”). Our Terms of Service (“Agreement”) constitute a written contract between us which allows us to act as your Data Processor in compliance with the General Data Protection Regulation (GDPR) . The Agreement contains the specific information you need to know about:

  • What personal information can be processed in Insight;
  • How and where we store that personal information;
  • Which sub-processors we use to deliver Insight.

Purpose: We process Customer Data to deliver our Agreement with the schools and trusts who use Insight. This involves storing Customer Data, importing, exporting, modifying and deleting Customer Data where instructed by you to do so, and accessing Customer Data for the purposes of offering support.

Lawful basis for processing: “Contract”. This processing is necessary for us to deliver the Agreement.

Retention: You may at any time delete or export, or ask us to delete or export, any Customer Data that you no longer require us to process. Otherwise, Customer Data is retained until our Agreement terminates, and will be deleted within 30 days of that termination.

Sharing and Access to Personal Information

Sub-processors

We use carefully selected processors and sub-processors to deliver Insight and to operate our business. These third parties supply the infrastructure, storage and associated services necessary for us to provide Insight. We have entered into GDPR-compliant, written contracts with our processors and sub-processors, and where our use of these third parties entails the transfer of personal information outside the European Economic Area ("EEA") to the United States, have chosen sub-processors which are certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks .

You can see the specific sub-processors used for the purpose of processing your Customer Data in the Terms of Service. Where we see a need to add a new sub-processor to those specified, we will first notify you to explain our purposes, and you will have the opportunity to object.

We may use additional processors to process data in our capacity as a Data Controller.

Your Authorised Users

Any employees, agents and independent contractors that you add to your Insight staff list will have access to your Customer Data (“Authorised Users”). It is your responsibility to maintain your list of Authorised Users, for example by removing staff who have left the school. We accept no liability for un-authorised access where Authorised Users have not been removed from your staff list.

Since Insight is an online service accessible via the Internet, Authorised Users may access Insight from outside the UK or EEA. In such cases, a transfer of your Customer Data outside the EEA may be deemed to have occurred. You are responsible for ensuring that Authorised Users access your account in a secure and responsible way.

Our Authorised Company Employees

Authorised employees of Equin Ltd may have access to your personal information and Customer Data. This enables us to offer timely, helpful support when you contact us. Company employees are trained to follow our data protection policies at all times and sign strict confidentiality agreements when they join the company.

Third Parties as Legally Required

We may disclose personal information to third parties in order to:

  • comply with any legal obligation
  • enforce our Terms of Service
  • prevent fraud
  • resolve disputes
  • protect the rights or safety of ourselves or our customers

Third Parties in the Event of a Sale of Business

If Equin Ltd or substantially all of its assets are sold, whether through merger, acquisition, bankruptcy, dissolution, reorganisation, or other transaction or proceeding, your personal information may be shared with any acquiring organisation and their representatives, and your personal information and Customer Data may be one of the transferred assets. In this event you will be notified.

Security

Insight is a web-based application, accessible only over a secure (HTTPS) connection. This ensures all data is encrypted while in transit.

Insight’s primary infrastructure and your Customer Data is hosted on Amazon Web Services, Inc. (“AWS”), a global leader in Infrastructure as a Service (“IaaS”). We use AWS’s data centre in Ireland, ensuring that sensitive data remains stored within the EU.

Insight’s primary server is replicated to a secondary database and is backed up daily to prevent data loss. Backups are securely stored in a separate location and are also password-protected.

Amazon take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times. Our system access to the database is via a secure, password-protected, connection.

Amazon maintain multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the AWS Compliance website and you can read more about the specifics of their approach at https://aws.amazon.com/security/.

As part of the Insight setup process, or by prior agreement to assist you in your ongoing use of Insight, you may choose to send us any Customer Data you’d like us to transfer into Insight on your behalf. You can send us data directly through Insight to ensure the highest levels of security. Please do not send sensitive data as email attachments. In this event, documents you upload to us are stored on our main servers within AWS. Authorized company employees may access this data for processing. Files we’re actively working on are stored temporarily on secure devices, for the duration of being processed.

As described in our Terms of Service, schools must provide each of their Authorised Users with their own access to Insight via an email address and password. Commonly used passwords which are known to have been previously leaked will be refused, to help ensure that secure passwords are chosen. Passwords are stored in a hashed form. We cannot view your password – if you need to reset it, you will need to follow the password reset procedure. We do not force you to change your password on a regular basis, following guidance from the National Cyber Security Centre .

We will maintain strict procedures and take all reasonable steps to protect your personal information. That said, the transmission of information via the Internet is not completely secure and so we cannot absolutely guarantee the security of Customer Data inputted to Insight. Any inputting of Customer Data is at your own risk.

Changes to this Privacy Notice

We reserve the right to change this Notice from time to time as we add new services or features or in response to changes in the law or our commercial arrangements. We will notify you where appropriate when we make any such changes.

This Notice was last updated on 24 May 2018 and replaces any other Notice previously applicable from this date.

Questions

If you have any questions about this Notice, or require any further information, please contact Insight support via email at support@insighttracking.com.

Terms of Service · Privacy Notice · Cookies Policy
© Equin Ltd 2008