Table of Contents
Security Statement
Introduction
CJ Learning strongly believes in data security and has sought to work with partners who can deliver on high quality data security within its analytics solution. Therefore we have chosen to work with a provider partner who has achieved ISO27001:2013, Cyber Essentials and Cyber Essentials Plus certification.
Data Partnership
CJ Learning Technologies provides the SMARTcurriculum® Application on the LiveDataset platform and relies on the infrastructure security laid out within the Krescendo policy document (link above).
Independent Audit and Certification
- Krescendo, the company behind LiveDataset, has achieved ISO27001:2013 certification for its information security management systems and risk management process. This standard provides customers confidence that Krescendo’s processes and systems have been independently audited to preserve the confidentiality, integrity, and availability of information.
Cyber Essentials
- Cyber Essentials helps businesses like Krescendo protect themselves from the increasing threat of the cyber attack and to deliver a clear statement of the basic controls organisations should have in order to protect themselves. It is a government-backed and industry-supported scheme. Cyber essentials is designed to secure companies’ credentials when it comes to cyber security. In addition, Krescendo are Cyber Essentials Plus certified, which helps carry out vulnerability tests to ensure the company is protected from basic hacking and phishing attacks. It is important to be Cyber Essential certified as it demonstrates to customers, investors, insurers and others that minimum yet essential precautions have been put in place to protect organisations against cyber threats.
Architecture
- Krescendo software applications are architected from the ground up to include stringent enterprise data security requirements:
- Multi-layered authentication and isolation
- Resilience and recoverability
- Audit controls
- Risk management
Flexibility and Experience
- Since 2002, Krescendo has been delivering secure online systems to multinational enterprises satisfying some of the most demanding IT security requirements — including several of the world’s leading financial institutions. Krescendo has deployed applications using a variety of cloud infrastructure deployment models to meet the specific security, resilience, and access requirements for specific enterprise customers.
CJ Learning
User Access
Access to the SMARTcurriculum® Application is granted on completion of purchase or annual renewal, which includes the licence agreement process. The client will nominate a User Administrator who will be responsible for creating and maintaining access to the SMARTcurriculum® Application for the client institution. Access should only be granted to those within or directly related to the client organisation and with an appropriate professional email addresses. Access to a specific email address can be withdrawn by the User Administrator as an when appropriate.
Security of the data can only be ensured by the secure use and management of browsers and devices. CJ Learning and Krescendo have taken all responsible measures to provide access in secure environments. It is important that users ensure the appropriate use and exposure of the screen based information once access is granted.
User Passwords
Passwords are created upon receipt of an access permission email sent from within the application. It is important that secure passwords are used. These are held and maintained by the user alone.
Privacy Policy
Who We Are
CJ Learning Ltd and CJ Learning Technologies Ltd are UK-based companies, providing integrated curriculum and finance planning expertise and solutions for education providers. We can be contacted regarding this Privacy Policy and all Data Protection matters at info@cj-learning.com.
Registered office: Fleet House Unit 3, 1 Armstrong Road, Benfleet, Essex SS7 4FH
Correspondence office: 62 Wavertree Road, Benfleet Essex SS7 5AP UK
Our partner data service provider: Krescendo Ltd is a UK-based company, providing Software as a Service (SaaS) function to clients.
Please address questions to CJ Learning.
Our Commitment To Privacy
We are committed to protecting and respecting your privacy. This policy explains how we obtain and use information collected about our users. Your data is yours, and we will do our best to safeguard it for you.
Any personal information collected is done within the bounds of the General Data Protection Regulations (GDPR) and Data Protection Act (DPA), which places conditions on processing such data and provides the following rights for you:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
We work in partnership with an organisation who offer full transparency when it comes to information security and CJ Learning work to this standard. In accordance with their Privacy Policy, linked above, Krescendo are happy to share results from their most recent audits. In compliance with ISO27001, Krescendo are committed to continuously improving best practices, procedures, and carrying out regular audits for the whole Information Security Management System (ISMS) onto which the SMARTcurriculum® Application sits.
The Information collected by CJ Learning and CJ Learning Technologies
This notice applies to all information collected or submitted to the SMARTcurriculum® Application on the Krescendo website within the LiveDataset software for the purposes of supporting the accuracy and security of your data. The types of personal information collected include:
- Information that is necessary for you to start using our services
- Name
- Company name
- Company email address
Only employees of your organisation with an institution email address will be added to the system. You have the freedom to include governance and trust level operators within the User Administration facility, but they will be managed at the institutional client level, not by the provider.
- Information about your computer and about your visits to the Livedataset website, which are necessary for providing security, compatibility and ease of use, including:
- IP address
- Geographical location
- Browser version
- Operating system
- Length of visit
- Page views
- Navigation behaviour
Who has access to the data
SMARTcurriculum® Application is configured with a number of secure access levels that will enable appropriate staff access to strategic overview or granular level data. Data that is sensitive or personally identifiable is avoided where possible and when not avoidable is protected at the highest level of security. The client is responsible to manage the level of security provided to its users, with only the most senior designated staff able to see and manipulate the most personally identifiable data.
CJ Learning staff access the data only to support data entry and and provide training for the client. Krescendo Ltd staff who have access to the infrastructure tables to support the facility are limited to the Project Lead and the Lead Software Engineer.
The Way We Use Information
We will only use your data for the purposes necessary to provide our contracted services to you, including:
- To help us identify you and your accounts.
- To send you email notifications and information which you have specifically requested.
- To make our websites easier to use.
- To notify you of any changes to our websites or our services and products which may affect you.
- We never use personally identifiable information provided to us in ways unrelated to those described above, unless you have provided consent for that purpose (e.g. contact details provided for sales or marketing purposes), which you have the right to withdraw at any time.
We will retain all information while there is an ongoing relationship with your organization, and delete all data on termination of that relationship, except where we are obliged to comply with applicable laws.
We do not share any personal information with any third party, except where it is necessary for carrying out regulatory or legal obligations (e.g. employment or social security law), or for our legitimate interests (e.g. debt recovery). All information we hold is kept within the UK and is not transferred overseas, other than to allow non UK-based users to see and use their own information.
We do not share analytical data with any body outside of the client organisation. Strategic information held within the SMARTcurriculum® Application is used to inform the benchmarking capabilities of the SMARTcurriculum® Application as far as they can support the effective practice reflected in the purpose of analysing the data entered. In this regard no data is used in this benchmarking process that will identify any individual employee.
Commitment To Data Security
In compliance with ISO27001, Krescendo provide appropriate physical, electronic, and managerial procedures to safeguard and secure your information. The security of your information is very important to us and our objective is to maintain the confidentiality, integrity and availability of information as follows:
- Confidentiality – only authorised people can access your information.
- Integrity – information should be accurate and suitable for the purpose for which it is used.
- Availability – only authorised users should be able to access the data if they need it for authorised purposes.
Commitment To Children’s Privacy
We do not collect information from any child under the age of compulsory education. Individual children do not feature in the data collection or analysis and do not need to be included in the data collection or other processes described in this policy.
How You Can Access Or Correct Your Information
For information about the data collected within SMARTcurriculum® Application, you can access any personally identifiable information we collect about and maintain about you by sending us an email at info@cj-learning.com. We use this procedure to better safeguard your information.
You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
If you are unsatisfied with our responses to any reasonable requests, you have the right to lodge a complaint with the Information Commissioner’s Office.
CJ Learning Ltd is registered with the Information Commissioners Office. Registration Number: Z2332989
Cookie Policy
Cookies are very small text files that are stored on your computer by websites that you visit.
The website uses cookies to generate statistical information, which is read by analytical services. The web analytics cookies track visitor information such as geographical location, browser version, operating system, IP address, etc. It is this information that we use to tailor and improve your user experience.
You can change your browser settings so that cookies are not accepted. If you do this you may lose some of the website functionality. To find out more about cookies such as what they do, how they work, and how to enable/disable them, see the About Cookies website.
We use well-known business-oriented services, such as Google and LinkedIn, to advertise online. Clicking on these advertisements will bring you to a marketing landing page on the website and may result in a third-party remarketing cookie being stored on your computer.
These remarketing cookies may be used to serve ads to you, based on the fact that you visited our landing page. You can opt out of third-party vendors’ use of cookies at the Network Advertising Initiative opt out page.
Changes to Privacy Policy
Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you, for example via email. The current version will always be posted on our Privacy Policy page.
Should you have questions or concerns about this privacy policy please contact us at info@cj-learning.com.
Service Statement
24/7 Uptime
Krescendo staff actively monitor the infrastructure and are committed to responding to critical issues 24/7.
Licence
From time to time there will be updates and features that are added to the SMARTcurriculum® Application at no additional cost to the client. Notification of these updates will be made within the SMARTcurriculum® Application LiveDateset tables. These are scheduled during the work day and will take the tables out of operational use for minimum lengths of time. Users are advised not to enter new data during these short periods to ensure no loss of data. These updates will not impact the dashboard information and normally will not interfere with the user experience.
Additional modules, as and when developed, will be made available at additional cost to the basic user annual licence. These will be updated in the same way as the features and updates.
Support
CJ Learning Implementation staff are assessible through support@cj-learning.com and telephone number provided within the licence agreement and initialisation process. Staff will respond to your requests within 24 hours.
CJ Learning has access to a responsive team of technical specialists during London office hours. Please contact support@cj-learning.com if you need specific help.
Training
Training and development is supported through access to a programme of webinars and online learning experiences.
Face-to-face training is available through the website at https://cj-learning.com.