PRIVACY POLICY

 

Please note that this privacy policy applies to the Startup Sherpas Platform only, and therefore talks about how we collect and use your data if you are using our service as a young person either on a SuperSquad programme, or if your school gave you access to RealWork.

If you are part of the Aviva Tech Reach programme, by agreeing to this Privacy Policy, you also agree to the Aviva Tech Reach privacy policy.

This privacy policy explains how Startup Sherpas Education Limited uses the personal information we collect from you when you use our platform.

Here is what we will explain: 

  • What data do we collect?
  • How do we collect your data?
  • How will we use your data?
  • How do we store your data?
  • How long we keep information
  • What are your data protection rights, and what is our legal reason to collect and use your data?
  • What are cookies?
  • How do we use cookies?
  • What types of cookies do we use?
  • How to manage your cookies
  • Privacy policies of other websites
  • Changes to our privacy policy
  • How to contact us
  • How to complain

What data do we collect?

We collect the following personal identification information (specifically your contact information) to provide our service:

  • Your name (first and last name)
  • Your email address
  • Any content you upload (your work) as part of a programme into My Journal.

How do we collect your data?

There are 2 ways we will collect this data, either:

  • Directly from you (if you were selected to be on a SuperSquad), when you sign up to our programme through the platform, or upload any work to My Journal, or…
  • From your school, college, university or other education organisation that have bought the service for their students, and you happen to be one of them.

How will we use your data?

We use your data to create your account and sign-in details you will use to access our platform, and also to provide information about your progress and any programme user created content (i.e. your ‘work’) which can be accessed by your school careers lead (for our school RealWork platform), or Startup Sherpa’s employees if you are on one of our SuperSquads.

How do we store your data?

We take protecting your security and privacy seriously, and we follow industry standards to protect the integrity of your information. This means we do things like provide secure communication with our servers at all times, encrypt content in transit, and run regular 3rd party security audits (our annual PenTest) to make sure your information is secure.

In addition, we have strict controls in place to limit access to your personal data to those Startup Sherpas Education Limited staff and contractors who have a specific need to access this information.  They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We will notify you and any applicable regulator of any data breach where we are legally required to do so.

Data transfer

Specifically, our platform servers are in the UK with our partner Ionos. They hold all the relevant security certifications we expect from our partners. Our servers hold the database where your personal information is stored.

We also partner with Amazon AWS, specifically using it’s S3 service to store and host any user created content uploaded to My Journal. These servers are also based in the UK.

If (as a school careers lead or admin), you would like Startup Sherpas to help with uploading your users, we require the transfer of a CSV file from you which we will share a Google Drive link for. Therefore Google is also one of our data processors in this specific situation.

None of the data processing or transfers takes place out of the UK.

How long do we keep your data for?

Category of DataData Storage TypeRetention Period
Platform – User Sign-In DataSQL Platform Database, hosted by our hosting partner, Ionos.6 years – all student users are given 5 years access to the platform, with 1 year additional for users to choose to continue membership
Platform – User Generated Content (My Journal)Digital images, videos and documents stored in Amazon AWS S3 Storage6 years – all student users are given 5 years access to the platform, with 1 year additional for users to choose to continue membership
Platform – Enrolment data file (for supported onboarding only)CSV file with email, first and last name. Transferred from school via Google Drive to Startup Sherpas to upload to websiteImmediate deletion after the data is processed
 

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  • Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here.
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  • Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide our service are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you or an educational organisation you are a part of as a student. All of your data protection rights may apply except the right to object.

What are cookies?

Cookies are text files placed on your computer to make our platform work, or sometimes they are used to collect information about you.

For further information, visit allaboutcookies.org.

How do we use cookies?

We only use cookies to keep you signed in as you use the platform and take part on our programmes.

What types of cookies do we use?

There are a number of different types of cookies, however, our platform only uses strictly necessary cookies.

Our cookie list

CookieDescriptionType
swpm_sessionUser session managementNecessary
simple_wp_membership_sec_<token>User session managementNecessary
swpm_in_useUser session managementNecessary
wordpress_logged_in_<token>User session managementNecessary
wordpress_sec_<token>User session managementNecessary

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

Some of our content links to other websites. Our privacy policy applies only to our platform, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

Startup Sherpas keeps its privacy policy under regular review and places any updates on this web page. Check our the ‘Last Updated’ section at the end.

How to contact us

Email

hello@startupsherpas.org

The data controller of your personal information is Startup Sherpas Education Ltd which is registered with the Information Commissioner’s Office (“ICO”) with registration number ZB252426.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

12 October 2024