Privacy policy

Privacy Policy under GDPR regulation (for Europe and companies doing business towards European area users) - Carlam Cymru

This privacy policy describes how our company collects, uses and discloses your personal information and data when you use our services through our websites and/or application.

Protocol Trin Data | Data Use Protocol

April 2025

How we use your information

The proper handling of personal information by e-sgol is very important to the delivery of our services and maintaining due diligence and professionalism. e-sgol, funded by Welsh Government, is the data controller of the personal information that schools and establishments provide us. This means e-sgol along with Welsh Government determines the purposes for which, and the manner in which, any personal data relating to students and staff is to be processed.

Personal data is any information that relates to a person who can be directly or indirectly identified from the information. Compliance with this document will assist e-sgol in meeting the requirements of the UK General Data Protection Regulation (UK GDPR) and the accompanying Data Protection Act 2018 (DPA).

e-sgol's data policy operates in conjunction with the data policies of any contributing schools. It is essential that both e-sgol's data policy and the individual school's data policy are adhered to, ensuring comprehensive compliance and protection of data. This dual adherence guarantees that all data handling practices meet the required standards and regulations set forth by both entities.

The purposes for which we use personal data

e-sgol uses the information received for the purposes below:

  • To provide learners with access to learning opportunities, including access to Hwb, the National Digital Learning Platform.
  • To share information that will support the students with their course.
  • To identify trends that will support the growth of e-sgol – including Carlam Cymru.
  • To report and evaluate e-sgol’s effectiveness.

No data will ever be published that would fully identify individual students.

e-sgol's data policy is designed to work in tandem with its safeguarding policy, ensuring a comprehensive approach to data protection and student safety. The safeguarding policy clearly emphasizes that the primary responsibility for safeguarding remains with each contributing school. This dual-policy framework ensures that both data protection and safeguarding standards are upheld, providing a secure and compliant environment for all stakeholders.

What type of information do we collect and use?

  • Name
  • Date of Birth
  • Gender
  • Email address
  • School
  • Attainment records if necessary
  • Attendance information
  • Images
  • Session recordings

Do we use information received from other sources?

The majority of the personal information we receive is sourced from other stakeholders, these include:

  • Students
  • Schools
  • Relevant local authorities
  • Parents

The following types of personal data may be obtained to support e-sgol’s evaluation processes:

  • Assessments / Test results
  • GCSE, AS, A Level results or equivalent
  • Information on attendance
  • Information on interactions

Who has access to your information?

The personal information collected may be shared with the following recipients, depending on your circumstances:

  • Welsh Government
  • Relevant local authority and associated schools
  • Seren Network

e-sgol will only provide data to another organisation for a specific purpose. Any analyses/evaluation must follow Welsh Government disclosure rules to ensure that individual students cannot be identified through any data that is shared by e-sgol.

How long will we keep your information?

e-sgol will keep the students' information until the student’s 25th birthday or for the duration of the criteria which underpin the statutory regulation. After this point, the data will be anonymized in line with best practices and only used for statistical and research purposes.

Hwb arrangements

We encourage that all e-sgol courses are facilitated and hosted through Hwb, the National Digital Learning Platform. Hwb is operated by the Welsh Government and has its own privacy notice that sets out how they collect and use personal information when visiting their website. Click here to access Hwb’s privacy notice and how they manage your rights to the personal information held about your students.

Your rights under the Data Protection Act (2018) and UK GDPR

You have the right to:

  • Obtain access to the personal data that the school is processing about you.
  • Have any inaccurate or incomplete information corrected.
  • Withdraw your consent to processing, where this is the only basis for the processing.
  • Make a complaint to the Information Commissioner’s Office (ICO), the independent body in the UK which protects information rights.

In some circumstances, you may have the right to:

  • Object to the processing of your personal information.
  • The erasure of your personal data.
  • Restrict the processing of your personal information.
  • Data portability (which gives you the right to receive personal data you have provided to the school in a structured, commonly used, and machine-readable format).

Carlam Cymru App Data Policy

To ensure compliance with UK GDPR regulations and facilitate the creation of the Carlam Cymru app, the following provisions are added:

User Profile Creation

Users can create their own profiles using personal details such as name, email address, and other relevant information. This data will not be stored centrally but will be managed locally on the user's device.

Data Handling and Security

  • Local Storage: All personal data entered by users will be stored locally on their devices. e-sgol will not have access to this data.
  • Encryption: Personal data stored on the user's device will be encrypted to ensure security and privacy.
  • User Control: Users will have full control over their data, including the ability to delete their profiles and associated data at any time.

Consent and Transparency

  • Informed Consent: Users will be informed about the data being collected and its purpose before creating their profiles. Consent will be obtained in compliance with UK GDPR standards.
  • Privacy Notice: A clear and comprehensive privacy notice will be provided within the app, detailing how personal data is handled and users' rights.

 

 

e-sgol's data policy goes hand in hand with our website's privacy notice, ensuring comprehensive data protection and privacy for all users.




 

 

Cookie Policy and other similar tracking technologies (GDPR and non GDPR)

When you visit Carlam Cymru we may send cookies or other similar tracking technologies to your computer or to any other device you use. We use cookies and similar tracking technologies to track user’s preferences and to know how he uses our services.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

For further information visit allaboutcookies.org

Cookies are used for user identification and proper assignment of historical user data collected during previous visits.

Both temporary cookie files (session cookies) and persistent cookies are used. Users may delete or remove cookies for the browser at any time or block cookies from being installed on its device. However this may affect the operation of our services or even result in its blocking.

 

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

We can use different type of cookie or tracking technologies while you are visiting our website and/or application:

  • Strictly necessary cookies: These types of cookies enable you to access and browse websites and use their features. Without these cookies, services like billing or shopping baskets cannot work properly.

  • Performance cookies: these cookies collect information and data about how you use our websites and/or application. The data collected can be used to optimize our websites and/or applications. These cookies are used to know where our visitors and users are coming from. These cookies do not collect information that identifies you personally.

  • Functionality cookies: these cookies allow our website or application to remember your choices. They can be used to memorize your localisation, or your preferences such as language settings or font size.

How to manage cookies?

You can set your browser not to accept cookies and the above website and/or application tells you how to remove cookies from your browser. However some of our websites and/or applications might not work properly without the use of cookies.

Here are some of the main explanation on how to delete cookies on your browser: https://support.google.com/chrome/answer/95647 (Chrome); https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox); https://help.opera.com/en/latest/security-and-privacy/ (Opera); https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer); https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

For mobile devices, if you don’t want to receive targeted advertising based on your center of interest coming from a mobile application, please check the parameters of the operating system of your mobile device and follow these instructions: 1) iOS Users: to enable “Limited Ad Tracking” follow the instructions given by Apple. 2) Android Users: to enable the option “deactivate ad personalisation”, follow the instructions given by Google on Google Play. 3) You might want to download  the DAA mobile AppChoices application  to control behavioral advertising online.