MyMKC Privacy Policy
MyMKC is the Milton Keynes College configured and branded version of the myday platform.
Definitions
Data Controller, Data Processor, Data Subject and Personal Data, Sensitive Personal Data, Special Category Data, processing, Right to Object and appropriate technical and organisational security measures shall have the meanings given to them in the DPA and the GDPR.
Data Controller
Milton Keynes College
Data Processor
Collabco Ltd. Company Registration No. 6737467
Purpose
This application collects and displays Personal Data on behalf of the Data Controller for the benefit of the Data Subject promoting positive engagement through the use of data and information.
Data Categories
Specific data categories stored by myday are listed at https://myday.collabco.com/myday-data which is updated as myday is developed. Data Controllers choose which components to enable for use on the myday platform. There are some mandatory data categories, such as identity information.
Lawful Basis
Personal Data is stored within myday as part of a contractual requirement between the Data Subject and the Data Controller, under direct consent by the Data Subject.
Consent
Where consent is required for capturing additional data within myday, consent is requested from the Data Subject and a suitable withdrawal of consent is provided.
Data Protection Authority
As a UK based company, the Data Protection Authority is the Information Commissioner’s Office; registration number Z3035597.
Security
The Data Processor takes the security of data seriously. The company has internal policies and controls in place to try to ensure that data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Data Sharing
Personal Data is only shared between the Data Controller and the Data Processor with the contractual permission of the Data Controller. Personal Data is not shared with 3rd parties and is not processed outside of the EEA.
Data Hosting
myday is hosted within the Microsoft Azure public cloud platform and protected by Microsoft guarantees available at https://www.microsoft.com/en-us/trustcenter which provide equal or superior security to the myday platform, which itself is built for the Azure cloud. Microsoft are a sub-Processor of myday data as a hosting platform but do not have direct data access.
Duration
Most myday Data is replicated from the Data Controller’s environment and tracks the source data’s lifecycle. Personal Data generated by myday has its own lifecycle as listed on the Data Categories website.
Data Subject Rights
All Access, Rectification, Erasure, Restriction, Portability, Objections requests should be addressed to the Data Controller. The Data Processor will assist in the Data Controller in meeting their obligations to the Data Subject.
Restriction of Data
If Personal Data is not made available to the application, the Data Processor is unable to provide an effective solution.
Automated Decision Making
The myday experience will alter based on the nature of the relationship with the Data Controller, the Data Subject’s profile, location and other data. This enables myday to deliver a relevant experience. The Data Controller defines these targeting rules.
This privacy policy relates solely to myday.
Last updated: July 30th 2020