Admin Users are any users that create an account on Track My Read.
Admin Users create a Track My Read account, and log in to Track My Read using Google authentication, meaning that no admin passwords are stored in Amazon Web Services.
By creating a Track My Read account using Google authentication, you are agreeing to Google terms.
Track My Read uses Amazon Web Services database in the Ireland region to store all of its data.
Admin Users can configure their school (or ‘organisation’) with pupil (or ‘participant’) lists consisting of first name, last name, class and year group, plus a unique generated passcode.
Admin Users can create Track My Reads and assign participants to them.
Participants can log in with a combination of their organisation’s unique log in URL, their username and a generated passcode.
The only personal information that appears on a participant’s dashboard is their first name along with aggregated summaries of their personal reading logs.
Admin Users are only able to view participant information for participants at their own organisation. The participant information consists of first name, last name, class, year group and logged reading session data.
Read for Good has no access to participant identifying information – Read for Good can see the participant’s reading data, but there is no identifying information (names are converted into unique reference codes). Therefore no GDPR data processing agreements are required between the organisation (the school) and Read for Good, as stated in the ICO’s Anonymisation of Data policy.
The only identifying information Read for Good has access to is the Admin User’s email address, name, organisation name and job title and these are stored within the Amazon Web Services database.
By agreeing to these Terms and Conditions, the Admin User is agreeing to Amazon Web Services role as a Data Processor of the participants’ first name, surname, class and year group, and their associated reading data. This is governed by AWS’s GDPR compliance policy detailed in full here and summarised as:
AWS as a data processor – When customers use AWS services to process personal data in the content they upload to the AWS services, AWS acts as a data processor. Customers can use the controls available in AWS services, including security configuration controls, for the handling of personal data. Under these circumstances, the customer may act as a data controller or data processor itself, and AWS acts as a data processor or sub-processor. AWS offers a GDPR-compliant AWS GDPR Data Processing Addendum (AWS GDPR DPA) that incorporates AWS’s commitments as data processor. The AWS GDPR DPA, which includes Standard Contractual Clauses, is part of the AWS Service Terms and is automatically available for all customers who require this to comply with the GDPR.
Inviting participants to take part in Track My Read by email is optional. Email addresses entered as part of this process are not stored on Amazon Web Services and so do not trigger any GDPR issues.
Only selected developers who work under contract to Read for Good have access to the Amazon Web Services database server. Access is controlled via a maintained list of public keys.
Upon request, Admin User accounts and all associated data can be deleted by Read for Good via our developers. Otherwise all Track My Read data is kept in perpetuity.
In the event of a data breach, the developers will alert Read for Good as soon as possible, when our Data Breach Policy will be enacted.