Policy Table of Contents

CJ Learning Technologies Ltd provides the SMARTcurriculum® Application using the LiveDataset platform provided by Krescendo Ltd. Krescendo is a UK based, international data services company enabling companies to ‘easily manage and augment data in a secure, centrally controlled environment with a familiar grid interface. Many users collaborate together on the data, with access permissions managed centrally.’

 
CJ Learning and CJ Learning Technologies (hereafter referred to as CJ Learning) data policies work in synergy with those of Krescendo, as the data handling provider, and are in compliance with General Data Protection Regulations (GDPR) and Data Protection Act (DPA)
 
Krescendo update and publish their policies, represented here in the following policy frameworks: 
Please use the links to access the LiveDataset policy positions. We present these to reassure clients of the security, privacy and service delivery relating to their data.

The details below outline the CJ Learning security, privacy and service frameworks and how our provision works alongside our provider partner’s policies.

Security Statement

Introduction

CJ Learning strongly believes in data security and has sought to work with partners who can deliver on high quality data security within its analytics solution. Therefore we have chosen to work with a provider partner who has achieved ISO27001:2013Cyber Essentials and Cyber Essentials Plus certification.

Data Partnership

CJ Learning Technologies provides the SMARTcurriculum® Application on the LiveDataset platform and relies on the infrastructure security laid out within the Krescendo policy document (link above). 

Independent Audit and Certification

  • Krescendo, the company behind LiveDataset, has achieved ISO27001:2013 certification for its information security management systems and risk management process. This standard provides customers confidence that Krescendo’s processes and systems have been independently audited to preserve the confidentiality, integrity, and availability of information.

Cyber Essentials

  • Cyber Essentials helps businesses like Krescendo protect themselves from the increasing threat of the cyber attack and to deliver a clear statement of the basic controls organisations should have in order to protect themselves. It is a government-backed and industry-supported scheme. Cyber essentials is designed to secure companies’ credentials when it comes to cyber security. In addition, Krescendo are Cyber Essentials Plus certified, which helps carry out vulnerability tests to ensure the company is protected from basic hacking and phishing attacks. It is important to be Cyber Essential certified as it demonstrates to customers, investors, insurers and others that minimum yet essential precautions have been put in place to protect organisations against cyber threats.

Architecture

  • Krescendo software applications are architected from the ground up to include stringent enterprise data security requirements:
    • Multi-layered authentication and isolation
    • Resilience and recoverability
    • Audit controls
    • Risk management

Flexibility and Experience

  • Since 2002, Krescendo has been delivering secure online systems to multinational enterprises satisfying some of the most demanding IT security requirements — including several of the world’s leading financial institutions. Krescendo has deployed applications using a variety of cloud infrastructure deployment models to meet the specific security, resilience, and access requirements for specific enterprise customers.
 

CJ Learning 

User Access

Access to the SMARTcurriculum® Application is granted on completion of purchase or annual renewal, which includes the licence agreement process. The client will nominate a User Administrator who will be responsible for creating and maintaining access to the SMARTcurriculum® Application for the client institution. Access should only be granted to those within or directly related to the client organisation and with an appropriate professional email addresses. Access to a specific email address can be withdrawn by the User Administrator as an when appropriate.

Security of the data can only be ensured by the secure use and management of browsers and devices. CJ Learning and Krescendo have taken all responsible measures to provide access in secure environments. It is important that users ensure the appropriate use and exposure of the screen based information once access is granted. 

User Passwords

Passwords are created upon receipt of an access permission email sent from within the application. It is important that secure passwords are used. These are held and maintained by the user alone.

Privacy Policy

Who We Are

CJ Learning Ltd and CJ Learning Technologies Ltd are UK-based companies, providing integrated curriculum and finance planning expertise and solutions for education providers. We can be contacted regarding this Privacy Policy and all Data Protection matters at info@cj-learning.com.
Registered office: Fleet House Unit 3, 1 Armstrong Road, Benfleet, Essex SS7 4FH
Correspondence office: 62 Wavertree Road, Benfleet Essex SS7 5AP UK
 
Our partner data service provider: Krescendo Ltd is a UK-based company, providing Software as a Service (SaaS) function to clients. 
Please address questions to CJ Learning.

Our Commitment To Privacy

We are committed to protecting and respecting your privacy. This policy explains how we obtain and use information collected about our users. Your data is yours, and we will do our best to safeguard it for you.
 
Any personal information collected is done within the bounds of the General Data Protection Regulations (GDPR) and Data Protection Act (DPA), which places conditions on processing such data and provides the following rights for you:
  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.
 
We work in partnership with an organisation who offer full transparency when it comes to information security and CJ Learning work to this standard. In accordance with their Privacy Policy, linked above, Krescendo are happy to share results from their most recent audits. In compliance with ISO27001, Krescendo are committed to continuously improving best practices, procedures, and carrying out regular audits for the whole Information Security Management System (ISMS) onto which the SMARTcurriculum® Application sits.

The Information collected by CJ Learning and CJ Learning Technologies

This notice applies to all information collected or submitted to the SMARTcurriculum® Application on the Krescendo website within the LiveDataset software for the purposes of supporting the accuracy and security of your data. The types of personal information collected include:
  • Information that is necessary for you to start using our services
    • Name
    • Company name
    • Company email address
Only employees of your organisation with an institution email address will be added to the system. You have the freedom to include governance and trust level operators within the User Administration facility, but they will be managed at the institutional client level, not by the provider.
 
  • Information about your computer and about your visits to the Livedataset website, which are necessary for providing security, compatibility and ease of use, including:
    • IP address
    • Geographical location
    • Browser version
    • Operating system
    • Length of visit
    • Page views
    • Navigation behaviour

Who has access to the data

SMARTcurriculum® Application is configured with a number of secure access levels that will enable appropriate staff access to strategic overview or granular level data. Data that is sensitive or personally identifiable is avoided where possible and when not avoidable is protected at the highest level of security. The client is responsible to manage the level of security provided to its users, with only the most senior designated staff able to see and manipulate the most personally identifiable data.  
 
CJ Learning staff access the data only to support data entry and and provide training for the client. Krescendo Ltd staff who have access to the infrastructure tables to support the facility are limited to the Project Lead and the Lead Software Engineer.

The Way We Use Information

We will only use your data for the purposes necessary to provide our contracted services to you, including:
  • To help us identify you and your accounts.
  • To send you email notifications and information which you have specifically requested.
  • To make our websites easier to use.
  • To notify you of any changes to our websites or our services and products which may affect you.
  • We never use personally identifiable information provided to us in ways unrelated to those described above, unless you have provided consent for that purpose (e.g. contact details provided for sales or marketing purposes), which you have the right to withdraw at any time.
We will retain all information while there is an ongoing relationship with your organization, and delete all data on termination of that relationship, except where we are obliged to comply with applicable laws.
 

We do not share any personal information with any third party, except where it is necessary for carrying out regulatory or legal obligations (e.g. employment or social security law), or for our legitimate interests (e.g. debt recovery). All information we hold is kept within the UK and is not transferred overseas, other than to allow non UK-based users to see and use their own information.

 

We do not share analytical data with any body outside of the client organisation. Strategic information held within the SMARTcurriculum® Application is used to inform the benchmarking capabilities of the SMARTcurriculum® Application as far as they can support the effective practice reflected in the purpose of analysing the data entered. In this regard no data is used in this benchmarking process that will identify any individual employee.

Commitment To Data Security

In compliance with ISO27001, Krescendo provide appropriate physical, electronic, and managerial procedures to safeguard and secure your information. The security of your information is very important to us and our objective is to maintain the confidentiality, integrity and availability of information as follows:
  • Confidentiality – only authorised people can access your information.
  • Integrity – information should be accurate and suitable for the purpose for which it is used.
  • Availability – only authorised users should be able to access the data if they need it for authorised purposes.

Commitment To Children’s Privacy

We do not collect information from any child under the age of compulsory education. Individual children do not feature in the data collection or analysis and do not need to be included in the data collection or other processes described in this policy.

How You Can Access Or Correct Your Information

For information about the data collected within SMARTcurriculum® Application, you can access any personally identifiable information we collect about and maintain about you by sending us an email at info@cj-learning.com. We use this procedure to better safeguard your information.
 
You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.
 
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
 
If you are unsatisfied with our responses to any reasonable requests, you have the right to lodge a complaint with the Information Commissioner’s Office.
 
CJ Learning Ltd is registered with the Information Commissioners Office. Registration Number: Z2332989

Cookie Policy

Cookies are very small text files that are stored on your computer by websites that you visit.
 
The website uses cookies to generate statistical information, which is read by analytical services. The web analytics cookies track visitor information such as geographical location, browser version, operating system, IP address, etc. It is this information that we use to tailor and improve your user experience.
 
You can change your browser settings so that cookies are not accepted. If you do this you may lose some of the website functionality. To find out more about cookies such as what they do, how they work, and how to enable/disable them, see the About Cookies website.
 
We use well-known business-oriented services, such as Google and LinkedIn, to advertise online. Clicking on these advertisements will bring you to a marketing landing page on the website and may result in a third-party remarketing cookie being stored on your computer.
 
These remarketing cookies may be used to serve ads to you, based on the fact that you visited our landing page. You can opt out of third-party vendors’ use of cookies at the Network Advertising Initiative opt out page.

Changes to Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, revise the Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you, for example via email. The current version will always be posted on our Privacy Policy page.
 
Should you have questions or concerns about this privacy policy please contact us at info@cj-learning.com.

Service Statement

24/7 Uptime

Krescendo staff actively monitor the infrastructure and are committed to responding to critical issues 24/7.

Licence

From time to time there will be updates and features that are added to the SMARTcurriculum® Application at no additional cost to the client. Notification of these updates will be made within the SMARTcurriculum® Application LiveDateset tables. These are scheduled during the work day and will take the tables out of operational use for minimum lengths of time. Users are advised not to enter new data during these short periods to ensure no loss of data. These updates will not impact the dashboard information and normally will not interfere with the user experience.

Additional modules, as and when developed, will be made available at additional cost to the basic user annual licence. These will be updated in the same way as the features and updates. 

Support

CJ Learning Implementation staff are assessible through support@cj-learning.com and telephone number provided within the licence agreement and initialisation process. Staff will respond to your requests within 24 hours.  
 

CJ Learning has access to a responsive team of technical specialists during London office hours. Please contact support@cj-learning.com if you need specific help.

Training

Training and development is supported through access to a programme of webinars and online learning experiences. 

Face-to-face training is available through the website at https://cj-learning.com. 

Safeguarding Policy

Scope

This policy applies to all CJ Learning Ltd and CJ Learning Technologies Ltd [hereafter referred to as CJ Learning] staff, including senior managers and the board of directors, paid staff, volunteers and sessional workers, agency staff, students or anyone working on behalf of CJ Learning [hereafter referred to as staff]. It will provide staff with the overarching principles that guide our approach to safeguarding.

Purpose

To protect children and young people [learners] who are contractually linked to CJ Learning and direct recipients of its services and/or who live or study in establishments in which CJ Learning delivers services.

 CJ Learning believes that a child or young person should never experience abuse of any kind. We have a responsibility to promote the welfare of all children and young people and to keep them safe. We are committed to practice in a way that protects them.

 CJ Learning recognises that:

  • the welfare of the child is paramount, as enshrined in the Children Act 1989
  • all children, regardless of age, disability, gender, racial heritage, religious belief, sexual orientation or identity, have a right to equal protection from all types of harm or abuse
  • some children and adults are additionally vulnerable because of the impact of previous experiences, their level of dependency, communication needs or other issues
  • working in partnership with children, young people, their parents, carers and other agencies is essential in promoting young people’s welfare.

Actions

Within the duties undertaken by CJ Learning as far as they involve interaction for or with young learners, each employee and representative of CJ Learning commits to safeguard children and young people by:

  • valuing them, listening to and respecting them

Key Action:

1.      Do not prompt conversation to illicit a safeguarding related disclosure but be open to direct young people to staff in each institution designated as safeguarding personnel [as indicated in their safeguarding policy]. 

  • adopting child protection practices through procedures and a code of conduct for staff and volunteers

Key Action:

1.      Ensure that CJ Learning staff have been made aware of safeguarding personnel when entering an education establishment and ensure that they are aware of their safeguarding policy.

  • effective e-safety and related procedures

Key Action:

1.      No contact with learners through personal social media accounts. Social media use through company controlled and moderated accounts only.

2.      No use of personal email to connect with learners. Contact will be minimal and only through company email if necessary.

  • providing effective management for staff and volunteers through supervision, support and training

Key Action:

1.      Ensure that all staff have a copy of this policy and that they sign a declaration of having read policy.

2.      Provide all CJ Learning staff with access to appropriate updates related to current safeguarding practice.

  • recruiting staff and volunteers safely, ensuring all necessary checks are made

Key Action:

1.      Ensure all CJ Learning staff working with or coming into contact with children or young people have an enhanced DBS certificate that has been annually renewed.

2.      Ensure all staff have current annually updated enhanced DBS in the previous 12 months from proposed engagement with each customer.

Legal framework

This policy has been drawn up based on laws and guidance that seek to protect children, namely:

  • Keeping Children Safe in Education Link
  • The General Data Protection Regulation (GDPR) (EU) 2016/679 Link
  • Multi-agency statutory guidance on female genital mutilation 2016 Link
  • All relevant government guidance on safeguarding children, particularly ‘Working together to safeguard Children’ 2019 Link
  • Prevent Duty Guidance, Home Office 2015 Link
  • The Protection of Freedoms Act 2012 Link
  • The Education Act 2011
  • Safeguarding Vulnerable Groups Act 2006 Link
  • The Children Act 2004
  • The Female Genital Mutilation Act 2003 and Statutory FGM Reporting Guidance Link
  • The Sexual Offences Act 2003
  • The Education Act 2002
  • The Data Protection Act 1998
  • The United Convention of the Rights of the Child 1991
  • The Children Act 1989

We are committed to reviewing our policy and good practice annually.

Dated:                  Version 1.04 September 2020

Next review:      September 202