MyMKC Privacy Policy

MyMKC is the Milton Keynes College configured and branded version of the myday platform.

Definitions

Data Controller, Data Processor, Data Subject and Personal Data, Sensitive Personal Data, Special Category Data, processing, Right to Object and appropriate technical and organisational security measures shall have the meanings given to them in the DPA and the GDPR.

Data Controller

Milton Keynes College

Data Processor

Collabco Ltd. Company Registration No. 6737467

Purpose

This application collects and displays Personal Data on behalf of the Data Controller for the benefit of the Data Subject promoting positive engagement through the use of data and information.

Data Categories

Specific data categories stored by myday are listed at https://myday.collabco.com/myday-data which is updated as myday is developed. Data Controllers choose which components to enable for use on the myday platform. There are some mandatory data categories, such as identity information.

Lawful Basis

Personal Data is stored within myday as part of a contractual requirement between the Data Subject and the Data Controller, under direct consent by the Data Subject.

Consent

Where consent is required for capturing additional data within myday, consent is requested from the Data Subject and a suitable withdrawal of consent is provided.

Data Protection Authority

As a UK based company, the Data Protection Authority is the Information Commissioner’s Office; registration number Z3035597.

Security

The Data Processor takes the security of data seriously. The company has internal policies and controls in place to try to ensure that data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Data Sharing

Personal Data is only shared between the Data Controller and the Data Processor with the contractual permission of the Data Controller. Personal Data is not shared with 3rd parties and is not processed outside of the EEA.

Data Hosting

myday is hosted within the Microsoft Azure public cloud platform and protected by Microsoft guarantees available at https://www.microsoft.com/en-us/trustcenter which provide equal or superior security to the myday platform, which itself is built for the Azure cloud. Microsoft are a sub-Processor of myday data as a hosting platform but do not have direct data access.

Duration

Most myday Data is replicated from the Data Controller’s environment and tracks the source data’s lifecycle. Personal Data generated by myday has its own lifecycle as listed on the Data Categories website.

Data Subject Rights

All Access, Rectification, Erasure, Restriction, Portability, Objections requests should be addressed to the Data Controller. The Data Processor will assist in the Data Controller in meeting their obligations to the Data Subject.

Restriction of Data

If Personal Data is not made available to the application, the Data Processor is unable to provide an effective solution.

Automated Decision Making

The myday experience will alter based on the nature of the relationship with the Data Controller, the Data Subject’s profile, location and other data. This enables myday to deliver a relevant experience. The Data Controller defines these targeting rules.

This privacy policy relates solely to myday.

Last updated: July 30th 2020