Privacy & Security
Fund Manager and Joinos
Last updated: 01-April-14
“Pebble” is the trading name of SF Software Limited, a company incorporated and registered in England & Wales with company number 05580540 whose registered office is at Media Exchange Three, Coquet Street, Newcastle upon Tyne, NE1 2QB. Pebble is entered in the Information Commissioner’s register of data controllers with Registration number ZA025278.
What we collect
We collect the following information from school users:
- name and job title
- contact information including school postal address, email address and billing information
- preferences for us contacting the school user with customer surveys and/or offers
We collect the following information from parents:
- postal address and email address
- preferences for us contacting the parent with customer surveys and/or offers
We store the files you upload, download, or access with the Services. You may upload data from your MIS system for use in Fund Manager. You represent that you have the appropriate permissions and processes to transfer this data from your MIS system to Fund Manager.
When you use the Service, we automatically record information from your Device, its software, and your activity using the Services. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- If you agree we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- If you agree we may also use your information to contact you for survey purposes from time to time. We may contact you by email, phone, fax or mail. We may use the information to customise our Services according to your interests.
Fund Manager is able to store pupil names, school information, address, contact details and UPN. All of this is optional and dependent on school policy. In practice, the value of Fund Manager increases with the amount of information it processes on behalf of the school.
MISApp provides a link between your MIS system and Fund Manager only. It is designed to pull the information detailed above. At the school’s request, we can configure it to not pull:
- Contact Information
- Contact Groups
- School Attendance
- Staff Contact Details
Normally, we would recommend that MISapp is configured to pull all of this information. Current and future functionality of Fund Manager and Joinos may be dependent on this information. As stated above, this is at the school’s discretion and under your control.
Please inform us at setup of your requirements in this respect.
Finally, we include a feature that allows schools to upload images/documents to share with parents. These images are published by Fund Manager and Joinos, i.e. are publicly available; we would recommend schools not upload pupils’ photographs, or documents containing personal/sensitive information, without parental consent.
Joinos only stores the name and year group of pupils from Fund Manager. If parents choose to store additional personal information, then they must enter this manually into Joinos. Responsibility for this lies with the parent, and not with the school, but schools may remove this information if they consider it appropriate to do so.
Parents are able to pay for trips, uniforms, school dinners etc. through Joinos. All bank details are provided to, and payments processed by, Secure Trading. Please see the “Further Information” section at the end for details of Secure Trading’s privacy.
Confidentiality & Data Security
Once we receive a confirmation, we will schedule the setup and training with the school. The school’s data will be uploaded as part of this process.
Fund Manager stores accounting information and keeps a copy for auditing purposes. Schools may request a backup copy from us promptly after the end of the contract. Please see the Terms and Conditions for details.
Most Fund Manager reports provide a CSV export feature, which provides the data in a readable format that may be migrated into third party applications if desired, and depending of course on the functionality of the third party system in question.
When decommissioning hardware, our procedure includes wiping the disks of all data before returning them to our hardware provider for secure deletion.
All communication with all of our servers uses SSLv3 or TLSv1.0 or higher. We recommend our users use a browser that supports the strongest protocols possible for maximum security. For reference, our Qualys SSL Reports may be found at the links below:
We share data with Google Analytics, Secure Trading and AWS. We may share your information with another organisation in the context of any merger, including in any preceding discussions or negotiations that may or may not lead to a sale. We may disclose your information to law enforcement or regulatory bodies if required to so by them and to our auditors. We may disclose your information to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law. We do not share any data with other third parties unless a school explicitly asks us to do this. Fund Manager data is stored on a physical server in London, leased from Iomart. Joinos data is stored on Amazon Web Services (AWS), specifically:
- SQS: Temporal Storage
- Elasticache: Temporal Storage
- RDS: Secured Database Service
- S3: File Storage
Payments made to Joinos are processed by Secure Trading, a PCI DSS Level 1 certified payment service provider. Neither Joinos nor Fund Manager processes or stores any credit/debit card details. All transactions made through the Secure Trading gateway are secure.
Please see the “Further Information” section at the end for details of AWS, Secure Trading and Google’s privacy practices.
SF Software t/a Pebble takes security and data protection seriously and as a result of our dedication to online security, we recently met the payment card industry data security standard 2.0 for E-commerce and we officially became a Level 3 merchant our certificate can be viewed here.
Fund Manager keeps a daily backup which is replicated off-site. In the event of a major loss, we are able to provision a new server and restore it with at worst one day’s data loss. The timescale for recovery depends on the exact nature of the loss of service. We will endeavour to inform users once we have the information. It is not possible for the user to physically remove data from the service. We provide the ability to “cancel” incorrect data, and provide the school with the reports to audit these cancellations.
We aim to make the Services available between the hours of 9am and 4pm, when most of our users are accessing it. Wherever possible, we schedule software updates to occur outside these hours. As long as the school is able to access https://apps.mypebble.co.uk they are able to fully utilise Fund Manager. All hardware and operational costs are included in the licence, which is quoted to the school. There is no additional cost incurred for accessing Fund Manager away from your school.
Our terms and conditions can be found at terms We communicate changes on the Fund Manager dashboard, below Announcements on the Dashboard. This will be covered as part of the training. All Fund Manager data is stored and processed in the UK. Our terms and conditions for Joinos can be found at terms All Joinos data is stored and processed by AWS in Ireland. Please see ‘Further Information’ section for details. No personal information is sent to Joinos from Fund Manager. All personal information must be explicitly inserted by the parent themselves.
Parents: Please note that our registration and petitioning system at https://www.joinos.com/ runs through Fastly - a global CDN (content distribution network). All emails are sent from the AWS data centre in North Virginia, USA. These emails are for notification and sign-up services only. Parents’ registration details are stored in AWS Ireland. AWS is registered with the EU-US Safe Harbor Agreement. Please see the “Further Information” section for details.
Cookies are used for a variety of things to help improve your online experience which are as follow:
- make login faster by remembering your customer details
- make the page load quickly by sharing the workload across computers
- make sure our pages are optimised for your browser or device by giving us technical information about the device or browser you are using
Cookies can help give you content that matches your preferences. We might provide you with relevant offers because we know what other offers you liked. They also allow you to customise a page.
Safety and security
Some cookies help make sure your information is secure when using our services while keeping our forms and shopping site easy to use.
Improving our service
We use the free Google Analytics tool (see http://www.google.com/intl/en_uk/analytics/
) to collect and analyse site statistics. Google Analytics uses persistent cookies (named
_utmzto) to track data. These cookies do not collect any
personally identifiable information and are only used for the statistical collection of data such as visits and page hits. Google Analytics’ cookies store IP addresses but we cannot link those addresses to any individual or path through the website. Google uses the cookies to read information and evaluate visitors’ use of our websites in the form of statistical reports that we can access.
The Google Analytics’ code is incorporated into our websites’ code so that our sites serve the cookies, but Google has access to the cookies. You can stop being tracked by Google Analytics across all websites by going to Google’s site at: http://tools.google.com/dlpage/gaoptout .
Links are correct as at 1st November 2013.