Privacy & Security

Fund Manager and Joinos

Last updated: 01-April-14

This document outlines Pebble’s privacy policy for Fund Manager and Joinos. All referring to MISapp will be covered alongside Fund Manager, where appropriate.

“Pebble” is the trading name of SF Software Limited, a company incorporated and registered in England & Wales with company number 05580540 whose registered office is at Media Exchange Three, Coquet Street, Newcastle upon Tyne, NE1 2QB. Pebble is entered in the Information Commissioner’s register of data controllers with Registration number ZA025278.

Privacy

This Privacy Policy provides our policies and procedures for collecting, using, and disclosing your information. Users can access the Fund Manager service and/or Joinos service (the “Services”) through our websites at https://apps.mypebble.co.uk, https://my.joinos.com and/or https://joinos.com applications on Devices, through APIs, and through third-parties. A “Device” is any computer used to access the Fund Manager Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your access of the Services, regardless of how you access them, and by using our Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy. All of the different forms of data, content, and information described below are collectively referred to as “information.”

Pebble is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy policy. Pebble may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 28th October 2013.

What we collect

We collect the following information from school users:

  • name and job title
  • contact information including school postal address, email address and billing information
  • preferences for us contacting the school user with customer surveys and/or offers

We collect the following information from parents:

  • name
  • postal address and email address
  • preferences for us contacting the parent with customer surveys and/or offers

Files

We store the files you upload, download, or access with the Services. You may upload data from your MIS system for use in Fund Manager. You represent that you have the appropriate permissions and processes to transfer this data from your MIS system to Fund Manager.

Log Data

When you use the Service, we automatically record information from your Device, its software, and your activity using the Services. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • If you agree we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • If you agree we may also use your information to contact you for survey purposes from time to time. We may contact you by email, phone, fax or mail. We may use the information to customise our Services according to your interests.

Security

Risks

Fund Manager is able to store pupil names, school information, address, contact details and UPN. All of this is optional and dependent on school policy. In practice, the value of Fund Manager increases with the amount of information it processes on behalf of the school.

MISApp provides a link between your MIS system and Fund Manager only. It is designed to pull the information detailed above. At the school’s request, we can configure it to not pull:

  • Contact Information
  • UPN
  • Contact Groups
  • School Attendance
  • Staff Contact Details

Normally, we would recommend that MISapp is configured to pull all of this information. Current and future functionality of Fund Manager and Joinos may be dependent on this information. As stated above, this is at the school’s discretion and under your control.

Please inform us at setup of your requirements in this respect.

Finally, we include a feature that allows schools to upload images/documents to share with parents. These images are published by Fund Manager and Joinos, i.e. are publicly available; we would recommend schools not upload pupils’ photographs, or documents containing personal/sensitive information, without parental consent.

Joinos only stores the name and year group of pupils from Fund Manager. If parents choose to store additional personal information, then they must enter this manually into Joinos. Responsibility for this lies with the parent, and not with the school, but schools may remove this information if they consider it appropriate to do so.

Parents are able to pay for trips, uniforms, school dinners etc. through Joinos. All bank details are provided to, and payments processed by, Secure Trading. Please see the “Further Information” section at the end for details of Secure Trading’s privacy.

Confidentiality & Data Security

Once we receive a confirmation, we will schedule the setup and training with the school. The school’s data will be uploaded as part of this process.

Fund Manager stores accounting information and keeps a copy for auditing purposes. Schools may request a backup copy from us promptly after the end of the contract. Please see the Terms and Conditions for details.

Most Fund Manager reports provide a CSV export feature, which provides the data in a readable format that may be migrated into third party applications if desired, and depending of course on the functionality of the third party system in question.

When decommissioning hardware, our procedure includes wiping the disks of all data before returning them to our hardware provider for secure deletion.

All communication with all of our servers uses SSLv3 or TLSv1.0 or higher. We recommend our users use a browser that supports the strongest protocols possible for maximum security. For reference, our Qualys SSL Reports may be found at the links below:

We share data with Google Analytics, Secure Trading and AWS. We may share your information with another organisation in the context of any merger, including in any preceding discussions or negotiations that may or may not lead to a sale. We may disclose your information to law enforcement or regulatory bodies if required to so by them and to our auditors. We may disclose your information to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law. We do not share any data with other third parties unless a school explicitly asks us to do this. Fund Manager data is stored on a physical server in London, leased from Iomart. Joinos data is stored on Amazon Web Services (AWS), specifically:

  1. SQS: Temporal Storage
  2. Elasticache: Temporal Storage
  3. RDS: Secured Database Service
  4. S3: File Storage

Payments made to Joinos are processed by Secure Trading, a PCI DSS Level 1 certified payment service provider. Neither Joinos nor Fund Manager processes or stores any credit/debit card details. All transactions made through the Secure Trading gateway are secure.

Please see the “Further Information” section at the end for details of AWS, Secure Trading and Google’s privacy practices.

SF Software t/a Pebble takes security and data protection seriously and as a result of our dedication to online security, we recently met the payment card industry data security standard 2.0 for E-commerce and we officially became a Level 3 merchant our certificate can be viewed here.

Integrity

Fund Manager keeps a daily backup which is replicated off-site. In the event of a major loss, we are able to provision a new server and restore it with at worst one day’s data loss. The timescale for recovery depends on the exact nature of the loss of service. We will endeavour to inform users once we have the information. It is not possible for the user to physically remove data from the service. We provide the ability to “cancel” incorrect data, and provide the school with the reports to audit these cancellations.

Availability

We aim to make the Services available between the hours of 9am and 4pm, when most of our users are accessing it. Wherever possible, we schedule software updates to occur outside these hours. As long as the school is able to access https://apps.mypebble.co.uk they are able to fully utilise Fund Manager. All hardware and operational costs are included in the licence, which is quoted to the school. There is no additional cost incurred for accessing Fund Manager away from your school.

Legal

Our terms and conditions can be found at terms We communicate changes on the Fund Manager dashboard, below Announcements on the Dashboard. This will be covered as part of the training. All Fund Manager data is stored and processed in the UK. Our terms and conditions for Joinos can be found at terms All Joinos data is stored and processed by AWS in Ireland. Please see ‘Further Information’ section for details. No personal information is sent to Joinos from Fund Manager. All personal information must be explicitly inserted by the parent themselves.

Parents: Please note that our registration and petitioning system at https://www.joinos.com/ runs through Fastly - a global CDN (content distribution network). All emails are sent from the AWS data centre in North Virginia, USA. These emails are for notification and sign-up services only. Parents’ registration details are stored in AWS Ireland. AWS is registered with the EU-US Safe Harbor Agreement. Please see the “Further Information” section for details.

Cookies

Cookies are used for a variety of things to help improve your online experience which are as follow:

  • make login faster by remembering your customer details
  • make the page load quickly by sharing the workload across computers
  • make sure our pages are optimised for your browser or device by giving us technical information about the device or browser you are using

Personal preferences

Cookies can help give you content that matches your preferences. We might provide you with relevant offers because we know what other offers you liked. They also allow you to customise a page.

Safety and security

Some cookies help make sure your information is secure when using our services while keeping our forms and shopping site easy to use.

Improving our service

We also use cookies to measure and analyse how visitors use the site. This helps us develop it and make it easier to use.

Third-party cookies

Mypebble.co.uk uses Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html .

We use the free Google Analytics tool (see http://www.google.com/intl/en_uk/analytics/ ) to collect and analyse site statistics. Google Analytics uses persistent cookies (named _utma, _utmb, _utmc and _utmzto) to track data. These cookies do not collect any personally identifiable information and are only used for the statistical collection of data such as visits and page hits. Google Analytics’ cookies store IP addresses but we cannot link those addresses to any individual or path through the website. Google uses the cookies to read information and evaluate visitors’ use of our websites in the form of statistical reports that we can access.

The Google Analytics’ code is incorporated into our websites’ code so that our sites serve the cookies, but Google has access to the cookies. You can stop being tracked by Google Analytics across all websites by going to Google’s site at: http://tools.google.com/dlpage/gaoptout .

Further information

Links are correct as at 1st November 2013.