tellGem

THE SEX EDUCATION INITIATIVE

PRIVACY NOTICE FOR WEBSITE

Important information

  1. At The Sex Education Initiative Limited (‘TSEI’), we support students, families and schools in relation to the problems associated with sexually harmful behaviour, particularly between peers. This includes providing the ‘tell Gem’ app to schools for the purposes of enabling people to report sexual harassment, abuse or assault (‘sexually harmful behaviour’). We also provide sex education programmes and associated support services to schools.
  2. We take our obligations to protect your privacy very seriously. Data protection law (the UK General Data Protection Regulation and the Data Protection Act 2018) protects your ‘personal data’, which is information about a person from which that person can be identified. However, if you are not able to be identified from the information, it is not personal data subject to data protection law.
  3. This notice explains what we do with your personal data in two parts:
    (a) In relation to the ‘tell Gem’ app;
    (b) In relation to our other programmes and services.
  4. If you have any questions about what happens to your information, you are welcome to contact us on [email protected]

A. How we handle ‘tell Gem’ app information

What happens to reports made via ‘tell Gem’ to the school?

  1. TSEI developed the ‘tell Gem’ app to assist people wanting to report sexually harmful behaviour to their school’s Designated Safeguarding Person (‘DSP’). These reports enable schools to safeguard those students from harm, as well as to inform measures to educate students and reduce sexually harmful behaviour within schools.
  2. With respect to a report made by a student to their school’s DSP on the ‘tell Gem’ app, TSEI processes data on behalf of the school, which is the relevant data controller. We enter into legal agreements with schools clarifying the legal obligations of TSEI and the school, including under data protection law. We maintain high standards of security with respect to student reports which are securely stored and delivered in encrypted form to the school.
  3. Please see the privacy policy of the relevant school with respect to how they handle student safeguarding reports, including those received via the ‘tell Gem’ app.

What happens to anonymous ‘tell Gem’ report information which is retained by TSEI?

  1. The following personal data may be submitted via the ‘tell Gem’ app (‘the report information’):
    1. Fixed fields enabling selection of categories with respect to the following:
      1. Age, sexual orientation and ethnicity;
      2. Date, time and location of the incident;
      3. Type of incident;
      4. Whether one person or more than one person involved and how they know them;
      5. Age of person or people involved.
    2. Freeform fields:
      1. (i) Your name;
      2. (ii) Details of when the incident happened;
      3. (iii) Details of where the incident happened;
      4. (iv) Details of what happened.
  2. In accordance with the process set out at paragraph [13], specific information from only the fixed fields from the ‘tell Gem’ reports will be retained by TSEI for two additional purposes:
    1. To enable TSEI to improve the ‘tell Gem’ app and the associated education programme and support services provided to schools; and
    2. For the purposes of research into local and national measures to safeguard young people from sexual harm.
  3. This fixed field report information is referred to in this notice as ‘anonymised report information.’ For clarity, TSEI will not be able to identify any individual personal from the fixed field report information. TSEI will only share fixed field report information in the very limited circumstances set out below where the recipient is not able to identify any individual person from that information.
  4. The school to which the report is made will securely retain all the report information and may, depending on whether names or other identification information is provided, be able to identify the individual people involved.
  5. We may also need to process personal data and other information in compliance with professional, regulatory and legal obligations, for example, if we receive a court order or if a request is received by data subjects in accordance with data protection law.
  6. The ‘tell Gem’ app processes have been carefully designed to ensure that the anonymised report information retained by TSEI for these two specific purposes does not include information from which it is able to identify individual people:
    1. Once entered on the app, each report is allocated a unique number. The report information is held on the secure external Cloud based ‘tell Gem’ platform and encrypted reports are sent via an email service to schools to deal with in accordance with their safeguarding policy. A copy of the encrypted report, without the freeform fields (copy report), is sent to TSEI for the purposes of ensuring that the app is functioning;
    2. The report information is held on the secure ‘tell Gem’ platform for three days, after which the information from all freeform fields on the app is permanently deleted. This includes the name of the person making the report (if provided) and freeform details about what happened, where and when the incident happened. TSEI will also permanently delete the copy report within three days of receipt;
    3. TSEI will only retain fixed field data from the report necessary for the two purposes above. This includes age, sexual orientation and ethnicity; date, time and location of the incident; type of incident; whether one person or more than one person involved and how they know them; age of person or people involved;
    4. Report information will be deleted from the ‘tell Gem’ platform two years after the reports were made, unless required for the purposes set out in paragraph [14].
  7. If necessary, we may need to process personal data for the purposes of investigations, legal advice, tribunal or court proceedings or otherwise in compliance with our professional, regulatory or legal obligations.

What are the lawful grounds for processing report information?

  1. The process above has been designed so it is not possible for TSEI to identify anyone from the report information retained on the ‘tell Gem’ platform. In the event that anyone is identifiable because TSEI has been provided additional information, it complies with its obligations with respect to data protection law. We may rely upon the following bases for processing personal data:
    1. Where it is within the legitimate interests of TSEI, an individual student, students or schools;
    2. In compliance with legal obligations;
    3. Where necessary to protect someone’s vital interests;
    4. With consent.
  2. Where TSEI processes ‘special category data’ relating to identifiable people which is subject to additional protections. This includes information about racial or ethnic origin, health sex life or sexual orientation, this may be because:
    1. It is necessary for reasons of substantial public interest for the purposes of:
      1. Safeguarding an individual at risk;
      2. Providing confidential counselling, advice and support;
      3. Preventing and detecting unlawful acts;
      4. Ensuring equality of opportunity or treatment, for example, with respect to safeguarding measures with reference to a person’s racial or ethnic origin or sexual orientation;
    2. Exercising or defending legal claims;
    3. Where necessary to protect someone’s vital interests;
    4. With explicit consent.
  3. Information which is used for the purposes of improving the ‘tell Gem’ app, associated education programmes and support services, or shared for the purposes of research, will be completely anonymised so that it is not possible to identify any individual from that information.

Who does TSEI share report information from the ‘tell Gem’ app with?

  1. We recognise that highly sensitive information has been shared and we will therefore only share the minimum amount necessary for very specific reasons where we know your identity is completely protected and there is a strong public interest, specifically around protecting students who experience sexual harm and reducing the incidence of sexual harm experienced by students.
  2. The report information is held on a secure external Cloud based platform and encrypted reports are sent via an email service to schools.
  3. Otherwise, completely anonymised report information solely from fixed fields may be shared with:
    1. Selected specialist experts for the purposes of advising upon ways in which the ‘tell Gem’ app and the associated education programme and support services provided to schools could be improved;
    2. Trusted and reputable research organisations for the purposes of approved research programmes, for example, university based Government research projects and the Centre of Expertise on Child Sexual Abuse;
  4. Only where strictly necessary, for example where we are subject to a professional, regulatory or legal obligation, we may need to share personal data with our lawyers, public authorities, investigation authorities, regulatory bodies, Tribunals and courts.
  5. Where strictly necessary, app engineers, cyber-security experts and other technical experts may need to access the Cloud based platform in order to maintain, update or fix any technical aspects of the platform. This will be to the minimum extent necessary and subject to strict controls and conditions of confidentiality.
  6. We will never sell any information, including the report information provided on the ‘tell Gem’ app.

Security measures in relation to ‘tell Gem’ app

  1. The confidentiality and security of the personal data and other information which we process is a priority. The ‘tell Gem’ platform and all other TSEI systems are subject to strict technical measures appropriate to the highly sensitive nature of the information we process. We also have both internal processes and arrangements with schools with respect to ensure the safe transmission, receipt and storage of ‘tell Gem’ app reports on our database. Our contractual arrangements with schools address their responsibility to maintain the security of reports once received by them.
  2. Whenever ‘tell Gem’ information is shared, the minimum amount of personal data will be shared as is strictly necessary. Any sharing of personal data will be subject to carefully considered security measures appropriate to the nature of the information. Can you remove or change ‘tell Gem’ report information?
  3. Once report information is entered into the ‘tell Gem’ app, it will be included within a report to the school.
  4. If a you wish to change or delete a report you have made, you should speak with the DSP of the school or the data protection contact named in the school’s privacy notice. The school will deal with any request in accordance with its safeguarding obligations.
  5. If you wish that the anonymised report information held on the ‘tell Gem’ platform is deleted, you will need to supply sufficient information, via the school, to enable us to identify the report you have made.

B. How we handle other information

  1. TSEI also process the following categories of personal data belonging to teachers, school staff (including safeguarding staff), professional advisors, consultants, suppliers, representatives of public bodies and authorities:
    1. Contact information including name, email addresses, telephone numbers, postal addresses;
    2. Email correspondence, meeting notes and other records of communications, including in relation to the operation of the ‘tell Gem’ App;
    3. Financial information such as bank account details and financial transactions with respect to payment made to suppliers and payment received by TSEI.
  2. We may also hold attendance information, feedback and assessment information of students, teachers, family members and carers concerning school education and support sessions.

What are the purposes for using this personal data?

  1. We process this personal data for a number of reasons:
    1. For the purposes of providing educational programmes and other support services to schools to which are supplying the ‘tell Gem’ app;
    2. For the purposes of providing sex education programme to schools, for example, SH+APE;
    3. For the day to day management and administration of our organisation, for example, recruitment, employment, financial procedures and dealing with day to day correspondence;
    4. Engaging professional advisors and other suppliers including accountants, lawyers, software developers, security experts;
    5. In order to comply with our professional, regulatory and legal obligations, including:
      1. complying with data protection legislation and responding to specific requests from individuals;
      2. conduct of investigations and legal advice.

Who do we share personal data with?

  1. We will only share your personal data where it is necessary for the purposes above. We may need to share your information as follows:
    1. With schools;
    2. With professional advisors and other suppliers including accountants, lawyers, software developers, security experts;
    3. With public authorities, investigation authorities, regulatory bodies, Tribunals and courts. We only share the minimum amount of information necessary
      for the purposes above.

What are the lawful grounds for processing this personal data?

  1. We may rely upon the following bases for processing personal data:
    1. Where it is within the legitimate interests of TSEI or others such as schools, students, families or other organisations;
    2. In compliance with legal obligations;
    3. Where necessary to protect someone’s vital interests;
    4. With consent.
  2. We process limited special category personal data for other purposes, for example, we may receive health information. In the event that we process such data, it would be on the basis of the following conditions:
    1. it is necessary for reasons of substantial public interest for the purposes of:
      1. Safeguarding an individual at risk;
      2. Providing confidential counselling, advice and support;
      3. Preventing and detecting unlawful acts;
      4. Ensuring equality of opportunity or treatment;
    2. Exercising or defending legal claims;
    3. Where necessary to protect someone’s vital interests;
    4. With explicit consent. How long do we keep your information? We keep your personal data in accordance with the periods specified in our retention policy, after which it will be permanently and securely deleted.

C. General provisions

Our website and cookies

  1. Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
  2. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website
    and also allows us to improve our site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
  3. The types of cookies we use and a description of the purposes for which we use them in, as follows:
    1. Strictly necessary cookies. These are cookies that are required for the essential operation of our website.
    2. Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
    3. Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
    4. Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
    5. When you are visiting our website, you can set your browser to refuse all or some browser cookies, or to alert you when our website sets or accesses cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Do we send personal data overseas?

  1. We do not anticipate needing to send personal data out of the UK. However, if this need arises, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
    1. The transfer of your personal data to other countries that have been deemed, in accordance with applicable data protection regulations in the UK to provide an adequate level of protection for personal data.
    2. Application of specific legal safeguards to ensure that the personal data has the same protection in the other country it has in the UK.

What are your information rights?

  1. Data protection law provides people with a number of important rights with respect to the processing of their personal data:
    1. Request access to your personal data. You can request a copy of your personal data that we hold and information about how we use your information.
    2. Request correction of the personal data that we hold about you.
    3. Request deletion of your personal data where there is no good reason for us continuing to use it.
    4. Object to processing of personal data where you feel the impact upon your rights outweighs our interests in using this information.
    5. Request restriction of processing of your personal data. You can ask me to stop using your information for specific reasons.
  2. If your request relates to a report made on the ‘tell Gem’ app to a school, please contact the data protection lead at the school. Their contact details will be in the school’s privacy notice.
  3. If you want to make a request in relation to any other information which we handle, please contact [email protected]
  4. These rights are subject to various legal exceptions, including to the extent that information is completely anonymised. If you make any of the requests above, we would explain to you in our response if we relied upon any of these exceptions.
  5. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) if you are concerned about the way in which we use your information. Full details can be found on the ICO’s website. If you have any concerns, we would be grateful for a chance to deal with these before you approach the ICO.

Changes to this privacy notice

We keep this privacy notice under regular review. This privacy notice was last updated on 5th December 2022.