What is GDPR?
At AllYearbooks Limited, considering the nature of the service we offer, we take privacy concerns extremely seriously. Customers who have specific privacy concerns or GDPR questions are encouraged to speak to a member of the AllYearbooks staff by phone or email.
You can view further information on GDPR on the Information Commissioner's Office (ICO) website.
AllYearbooks Limited is registered with the ICO as required since 16th June 2006 registration number Z861788X.
We still to continue to follow good practice as we have always done:
- Use personal information fairly and lawfully
- Collect only the information necessary for the specific purpose
- Ensure it is relevant, accurate and up to date
- Only hold as much as you need, and for as long as you need it
- All the subject of the information to see it on request and
- Keep it secure
We have outlined below how we will endeavour to comply with GDPR.
Information and who we are
For the purpose of data protection laws, AllYearbooks Limited, company registration - 5137269. Our registered address is The Colour Laboratory, Lelant, St Ives, Cornwall, TR26 3HU is the data processor. Our role is to keep your data safe and provide a platform to do so leaving you the control of the overall project.
Why do you collect information from me?
The information that you provide to us is in order for us to allow you to create yearbooks, we will not be selling, leasing or sharing your data with anyone other than those involved in producing your yearbook. However, the information we provide is critical for your order.
During your yearbook journey you will receive emails from our customer support team, as well as our prompt emails which are sent out to try and keep you on track – for these emails there is always a way for you to unsubscribe, in which we will remove you from our mail list and if you are an editor in the book we will remove you also. If you have a preference of how you would like to be contacted please just let us know.
Anytime you are using the site and you are uploading images or anything to our site we use Secure Socket Layer technology – which in short is standard technology for keeping an internet connection secure and safeguarding any sensitive data. Using SSL technology ensures all data sent between the web server and the browser remains encrypted. This can be identified by the little padlock and the word secure in the browser bar – if you click this you will see – Connection is secure. Along with some options for settings and to see further information about cookies.
Where is data stored securely?
We take active measures to secure your data. Our servers are hosted in the UK by Microsoft and all data is fully encrypted in transit and in storage. Email correspondence may be stored outside of the EU however we ensure this is transferred securely.
How long is data stored?
We hold your contact information on our CRM internally from the point you are a customer with us, the data that we save is your name, school name, email address of our contact and our correspondence with you whilst you have been a customer. This information relates to the editors and teachers who organise the book. Not the non-editorial students. (Except where those students may be discussed by teachers or editors in emails and other correspondence).
With reference to your yearbook anything that is uploaded will be locked from the point of being sent to print.
Once your yearbook has been printed (or abandoned) we will keep all the information online for that yearbook for the following academic year – in case of that information and ideas from it would be useful. Following that (up to 6 months longer) your yearbook and all the information in it will be deleted from our servers. In addition, we keep backup copies of your information in our offices to refer to previous yearbooks.
Each year we have a transition period this is in September in which we remove data. We keep a copy of your yearbook cover should you wish to use the same design again for the following year.
All yearbook images, text and data is deleted at the transition period.
Do we use third parties?
The information shared with our printers, is name, delivery address and the yearbook PDF.
We use a third party for payment management, the information shared with stripe is to collect payments to fulfil financial payments securely.
The website uses Sendgrid to fulfil mail services.
The other third parties that we use are Olark, for our website chats, Google Analytics are used to collect details of visitor behaviour patterns, we do this to find out things like how many visitors visit the site and to focus on user experience. The information is not used to identify anyone.
Can I be deleted, the right to be forgotten?
As part of GDPR everyone now has the right to be forgotten, if you do have a member in the yearbook that following printing would like to be forgotten please do call us to discuss how we can deal with your specific request, we will endeavour to do this in a timely fashion. We do keep copies of information for backup purposes.
What is OK to include?
Creating a yearbook is fun, and can still involve all students, we are here to help and if you have any questions please do get in touch. We offer help in the profile questions section of the yearbook designer and on our blog to make creating your yearbook easy and as hassle free as possible.
As the data controller it is up to you what you would like to include, you can decide. If you have any questions then please call us and we can do our best to advise perhaps on what other schools and PTA’s are doing.
Hopefully we have answered any questions you have, however If you do have any specific questions please do send them to firstname.lastname@example.org.