General Data Protection Regulations (GDPR)

We set out below the steps we have taken to ensure that the data in your GVO is appropriately handled and the procedures comply with the General Data Protection Regulation (GDPR) .

We take great pains to look after your data. The data you store on your Governors' Virtual Office is held on high performance servers located in two data centres (a main processing centre and a second, back-up, site) where your data is processed. Both are in the United Kingdom. Certificates of Approval/Registration are available to view here and here .

Data is held on RAID 10 disk storage systems, which means that even if two disks in the server should fail there will be no data loss. The centres have dual power feeds that enter the facilities at separate points and back up power supplies to protect in case of power cuts. Data is backed up once per week and stored in a separate data centre. In addition, changes to your data are backed up daily so that in the event of a disaster your system could be restored from the last full back up. The devices holding your data are in secure environments.

We use the thawte SSL Web Server Certificate which offers comprehensive stringent authentication procedures (domain name and identity verification). It also offers 256, or 128-bit encryption depending on the governor's browser capability and the cipher suite installed on the web server. This ensures that information is kept private while in transit between our web servers and a governor's web browser. We maintain a watching brief on new security technologies and will adopt the best industry practice when protecting your data.

School Leaderships Systems Ltd is registered under the Data Protection Act with the Information Commissioner's Office. Registration No.223914.

While School Leadership Systems Limited is responsible for the security of personal data whilst it is stored in your GVO, and is responsible for the procedures used by its staff if they are required to handle personal data, you are responsible for the content of your Governors' Virtual Office as described in Paragraph 4 of our standard Terms and conditions which can be inspected here.The addition and deletion of users is usually controlled by the Clerk to the Governors and changes are instantaneous so that you can keep an up to date list of authorised users. Individual Governors have their own User Name and password.

GDPR requires that there be a contractual agreement that a processor will process data in accordance with the Regulation. Accordingly, clause 16 of our standard terms and conditions has been amended (effective 16th May 2018).

A copy of our Privacy and Cookies Policy is available to view here .

Arrange a demo