Who we are

Smart Revise is a product provided by CRAIGNDAVE Ltd; a private company registered in England and Wales. Company number 10442992. Our registered office is:

12 Tweenbrook Avenue
Gloucester
Gloucestershire
GL1 5JY

The Directors of CRAIGNDAVE and employees are the only people with access to your personal data and are all fully aware of their responsibilities for security, privacy and confidentiality.

The Directors are:
David Hillyard
Craig Sargent
Mark Plowman
Samuel Sargent

Employees are:
Andrew Fenn

If you have any questions about how we look after your personal data, you can contact us:

• In writing, at the address above.
• By email to this address: [email protected]

Our product

Smart Revise is a web-based course companion and revision tool provided by CRAIGNDAVE Lts to educational establishments and private subscribers. Customers take subscriptions to the service, no additional personal data is held on customers beyond that which is asked for the purpose of account registration. We delete all your data when you cancel the service with us after we have confirmed with you that we will not be able to recover it.

CRAIGNDAVE Ltd is a Data Controller with respect to personal data which we collect and process for our own purposes to provide our products and services to customers. CRAIGNDAVE Ltd is a Data Processor when processing personal data on behalf of our customers, for example, educational establishments, teachers and parents etc.

Our role as a Data Controller

When you purchase access to a Smart Revise course, we collect and store only the necessary data to be able to process your order.

As a controller we make decisions abour processing activities. These are limited to the processing necessary for our legitimate interests. This includes the product storing and analysing the answers students give to questions to determine which questions to ask students in the future. This data is also used to automatically mark answers to questions and allow us to make improvements to the product.

Our lawful basis for data processing as a controller is by consent.

Our role as a Data Processor

Students can choose to join a class a teacher has created by consent. In doing so they give teachers of the class the right to determine the means of processing their data. This includes inviting other students and teachers to join the class, setting questions, assessing answers and viewing data reports.

In the teacher-student data relationship described above, CRAIGNDAVE Ltd are processors of student data for the educational establishment because we are not determining the purpose and means of the data processing by the teacher, we are facilitating it.

Our lawful basis for data processing as a processor is public task and legitimate interests of a third party (the teacher).

We are registered with the Information Commissioner’s Office.https://ico.org.uk

The full details of the Data Controller are:

CRAIGNDAVE LTD
12 Tweenbrook Avenue
Gloucester
Gloucestershire
GL1 5JY
ICO registration number: ZA462469

Data protection impact assessments (DPIA)

When a Trust, Academy or school invests in a new product, service or project that requires the handling of personal data, the Data Protection Officer at the Trust, Academy or school should undertake a data protection impact assessment.

A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. To complete this assessment the Trust, Academy or school may choose to enlist the help of other people within their own organisation.

To assist Data Protection Officers in conducting this assessment, CraignDave Ltd supply this privacy policy.

CraignDave Ltd is a limited company within the UK and complies with all legal responsibilities under the Data Protection Act 2018, incorporating EU GDPR.

It is not the position of CraignDave Ltd to complete a Trust, Academy or school's internal paperwork for impact assessments because we should not be judging ourselves, this is often referred to as 'poacher turned gamekeeper'.

All the information required for a Data Protection Officer to complete an impact assessment can be found within our privacy policies.

External services we use
We use certain external companies to process our data.

Microsoft – We use the Azure network to securely hold data on student's smart revise sessions (such as their name, email address, answers to questions, feedback from a teacher and calculated attainment), any classes they are associated with and the teachers associated with those classes. Their privacy policy can be viewed at: https://privacy.microsoft.com/en-gb/privacystatement

Zoho.eu - We use this company as our support centre, this includes handling telephone call, emails and interactions on social media. Their GDPR Policy can be viewed at: https://www.zoho.com/gdpr.html. Their privacy policy can be viewed at: https://www.zoho.com/privacy.html

Stripe - We use Stripe INC to process the payments you make though our store. Their privacy policy can be viewed at https://stripe.com/gb/privacy

Intuit QuickBooks - Your details will be process by our online invoicing, credit control and order processing provider in order to complete and process any order from you. Their privacy policy can be viewed at https://quickbooks.intuit.com/uk/privacy-policy/.

Cloudflare - We use this company to provide an extra layer of cyber attack and bot protection between our servers and the internet. Their privacy policy can be viewed at https://www.cloudflare.com/en-gb/privacypolicy/.

Contact promise
Our contact promise is a summary of how we look after your personal data.

We collect, use and store your personal data so that we can offer you the products and services you expect from us. We see your personal data as just that: it’s yours. So we will always be clear and upfront with you about what we do with your personal data, and (of course) you have control over it.

We collect your personal data for three main reasons:

1. To process any orders you make and to deliver those orders to you
2. To provide the online education tools you buy from us
3. To keep you up-to-date about product improvements

We promise:

That you can control the personal data you provide us with and that we will always be transparent about how we collect and use it.

We will always tell you what personal data we are collecting from you, the means by which we will collect it and how we will use it. We will only use your personal data for the purposes we originally told you about.

We will only send you marketing communications if you have agreed that we can do so and we will always offer you a clear and simple means of changing your preferences whenever you want to.

How do we collect your personal data?

We collect your personal data in two main ways:

When you give it to us directly

When you communicate with us or purchase our products or services, you may choose to give us certain information. For example, when you give us your name and address or when clicking on active buttons to place an order.

When our systems collect information or personal data as you use our products.

Whenever you use a website, app or other internet service, information gets recorded automatically by the IT systems used to operate that website, app or service. The most common type of information collected is in the form of cookies (small text files sent by your computer each time you visit our website) but can also include personal data transferred by the electronic device you use to access our website and its settings. The manufacturer of your device, or the provider of the operating system, will have details about what information your device shares with us.

What personal data do we collect?

We may collect the following information about you:

• Your name and contact details
  This can include your postal, billing and delivery addresses; your telephone number(s), including, if you provide it, your mobile number; and your email address
• Purchases and orders made by you
• Your correspondence with us

Smart Revise is an online question based revision tool. Data is collected on registration via HTTPS and placed into an encrypted database, and secured by password on the Microsoft Azure network.

The data collected on students when registering includes:

• Forename
• Surname
• Email address

The data collected on teachers when registering includes:

• Forename
• Surname
• Email address
• Title (optional)

If a student links their account with a teacher for the purpose of task setting, marking, feedback and analysis then we will also store details on the class name and teacher associated with this student.

Personal data we will process to comply with the law

Invoices will be stored for tax purposes.

Occasionally we may need to share data with the police, for the purposes of preventing and investigating fraud.

How and why do we use your personal data?

We use your peronal data:

• To send you the products and services you have purchased
• To manage any accounts you have registered with us so that (i) we can provide you with products and services; (ii) you can place orders; and (iii) we can fulfil those orders and communicate with you about them
• To verify your identity
• To detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same)
• To carry out research to better understand your views on our products and services
• Our legitimate interests
• Improve our existing range, associated products and services, and develop new ones
• Provide you with a quality customer service experience
• Protect you, our employees and our business
• Understand your likes and dislikes, what products you want to hear about and how best to contact you to inform you about them
• Taking legal action against any party in breach of its obligations to CRAIGNDAVE LTD, and handling any legal claims or regulatory enforcement actions taken against CRAIGNDAVE LTD

When do we share your personal data?

So that we can provide you with our products and services, we have to share some of your personal data with certain third parties.

When we share your personal data, we make sure that it remains secure:

• We ensure that all our third parties we share your personal data with have an up to date privacy policy and to ensure that they will keep your personal data secure and confidential to the standards you and we would expect
• We will only send to third parties the personal data that is necessary for the purposes it is required for

We share your data as follows:

• With core service providers to enable our business to function.
  
  This is limited to the Microsoft Azure network, Dropbox, Zendesk and Stripe. All four providers have extensive expertise in protecting data, championing privacy, and complying with complex regulations. All are committed to GDPR compliance across their cloud services.
• We do not process or store your card details on our site, this is solely done via Stripe from their plugin.
• With regulators and law enforcement agencies when required to do so by law.
  
  We are required to co-operate with regulators (like the Information Commissioner’s Office or HMRC) and law enforcement agencies (like the police or the Serious Fraud Office) in every country we operate in. Although it does not happen often, regulators and law enforcement agencies can require us to share information with them as part of an investigation; this may include your personal data. We would have to disclose your personal data where we believe that disclosure is reasonably necessary to comply with the regulator or crime enforcement agency’s demand.
• When we think it is reasonably necessary to protect you or us
  
  Occasionally businesses are subject to attempted criminal activities; this can affect both us and you. We will take all reasonable steps to protect you and our business but sometimes we may need to share your personal data where we think it is reasonably necessary to:
  • Detect, monitor, investigate or prevent any suspected illegal activities, fraud or security issues
  • Enforce our terms and conditions and to protect your and our rights and property
  • Investigate and defend any third party claims or allegations
  • As part of a business sale or purchase, merger or reorganisation
    
    From time to time we may look to purchase another business or sell or re-organise parts of our business to ensure that we remain in strong shape. Sometimes these types of corporate transactions involve the transfer of your personal data solely for the purposes of assessing the transaction. In the event that we sell or buy any business or assets, personal data which we hold about you may be one of the transferred assets.
• In aggregated format
  
  Strictly speaking this is not personal data, but on occasions we will use data from which you cannot be personally identified but which does include information that relates to you (such as a testimonial).

How long do we hold your personal data for?

We will not keep your personal data for longer than is necessary for the purposes described in this policy.

As a guide:

• We will keep personal data while your account is active
• We may keep certain categories of personal data after your account is closed in order to meet any legal or regulatory requirements, or to resolve a legal dispute, and because of this, we may keep different types of personal data for different lengths of time (for instance, we may need to keep certain personal data relating to your purchases in order to comply with HMRC’s VAT reporting requirements)
• We will delete your data when you tell us you no longer require us to keep a backup. We will prompt you for this after your account has expired beyond six months

Your rights

You have a number of rights under data protection laws; these are summarised below.

The right to be informed

We need to be clear with you about how we process your personal data. We do this through our Contact Promise and this Privacy Policy, which we will keep as up to date as possible.

The right of access

You can access the personal data we hold on you by contacting us at: [email protected] To process your request, we may ask you for proof of identity so that we can be sure we are releasing your personal data to the right person.

We will process your request within one month.

We can provide you with a copy of your personal data in electronic format or hard copy.

If we consider the frequency of your requests is unreasonable, we may refuse to comply with your request. In those circumstances, we would notify you of your right to complain to the Information Commissioner’s Office.

The right to rectification

We welcome feedback from you to ensure our records are as accurate and up-to-date as possible. If you think that the information we hold about you is inaccurate or incomplete, please ask us to correct it by contacting us at: [email protected] or by updating your details at any time through the My Account section in your online account. We will process your request as soon as we receive it or within one month of receipt at the latest.

The right to erasure

You can ask us to delete your personal data; however, this is not an absolute right. We can refuse to erase personal data which we need to keep (i) to comply with a legal obligation (for instance, we are required by HMRC to keep certain personal data for up to 6 years for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.

When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future, we will retain just enough of your personal data solely for suppression purposes.

Other than as described above, we will always comply with your request and do so promptly. We would also notify any third parties with whom we have shared your personal data about your request so that they could also comply.

The right to transfer your personal data (known as data portability)

You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data, we would be happy to help.

If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (for instance, in a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation.

Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.

When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.

We will comply with your request within one month or, if the request is complex or there are a number of requests from you, within two months.

The right to object

If you would like us to stop processing your personal data for marketing purposes simply change your marketing preferences from your account or just let us know by contacting us at: [email protected]

Cookies

Cookies are tiny text files stored on your computer when you visit certain web pages. At smartrevise.online and all its sub domains we use cookies for security purposes and to analyse system usage, health and performance.

To order products and for the operation of our products, you need to have cookies enabled.

Please note that cookies can’t harm your computer. We don’t store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors.

We’re giving you this information as part of our initiative to comply with the General Data Protection Regulation (GDPR), and to make sure we’re honest and clear about your privacy when using our products and services. We know you’d expect nothing less from us as an education provider.

For more information on cookies, visit the official ICO website at https://ico.org.uk or http://www.whatarecookies.com.

Update

We may update this policy from time to time to take account of any new business activity or to reflect any changes in law or best practice in relation to data protection. We will notify you if we do so. This policy was last updated on 6th January 2022.