Mega Seating Plan and data protection

I take data protection very seriously, especially because Mega Seating Plan deals mostly with children's data. On this page you can learn about what data is collected and stored, how it is used and how it relates to the terms of the UK's Data Protection Act 1998.

What data is collected and stored?

User data

This is data collected by Mega Seating Plan about visitors to the website. I use Google Analytics tools to monitor website visits (this is an anonymous tracking tool that is very common on websites) - there is a little more detail about this on the Privacy Policy page.

Aside from this, during registration I collect your name, email address, password (for non-Google sign-in users only) and your IP address, to be used as follows:

Student data

The student data that is uploaded to the servers is flexible, although the default column headings include name, form, gender, SEN, EAL, ethnicity, more able, target, grade, reading age and pupil premium. This level of data is clearly personal and categories such as ethnicity woud be classed as sensitive by the Data Protection Act. In order to protect student privacy, student data is not personally identifiable. This is achieved by encrypting student names when stored in the database; only the owner of the data (and colleagues that they have chosen to share it with) have access to the decryption key..

Student data is stored in a common database, with data only accessible to the user that has created it, when logged in via their password. Student data will never be sold to or shared with third parties.

How is the data used?

The data collected about website users is used only to improve the experience of website visitors.

Student data is used only for the purposes required by the website:

Data is stored in a MySQL database currently hosted by SiteGround. The server is located in London, UK.

Data Protection Act 1998

Mega Seating Plan is not registered with the Information Commissioner's Office, as the data stored is not "personally identifiable", and therefore falls outside the scope of the Data Protection Act 1998. Student names in the database are encrypted and may only be accessed by the user who uploaded the data, or by other users that they have deliberately chosen to share this data with.