Privacy Policy for Thomas Power's Computer Science NEA

Effective Date: 6th September 2024

Thomas Power's Computer Science NEA (hereafter referred to as "the Website" or "we") somewhat cares about privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal information. We are fully committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Thomas Power is the data controller for all personal data processed through this Website. If you have any questions or concerns regarding your data, please contact us at [Insert Contact Email].

2. What Data We Collect

We collect the following types of personal data from users:

  • Account Information:

    • Username: Visible to other users (e.g., on leaderboards, friends system).
    • Email address: Collected for account creation, login, and communication purposes.
    • Password: If signing up with email, the password is stored securely and hashed using industry-standard encryption techniques. We cannot view or retrieve your plain-text password.
    • OAuth Data (Google or Microsoft): If you choose to sign in via Google or Microsoft OAuth2, we collect only the necessary information (e.g., email address and username) to create and manage your account.
    • Avatar: Users may upload an avatar image. This is visible to other users and is optional.

  • User-Generated Content:

    • Input Data: The answers or responses you submit for exam marking may be sent to external services like OpenAI for evaluation. Your personal identity will not be attached to this data unless necessary for the operation of the service (e.g., session management).

  • Usage Data:

    • We collect non-identifiable usage data, including:
      • IP address (pseudonymized)
      • Browser type and version
      • Time zone settings and access times
      • Interaction data (e.g., clicks, page views)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Account Management:

    • To create and maintain your account.
    • To enable secure login via email/password or OAuth2 (Google, Microsoft).
    • To communicate important updates or changes related to your account or the Website.

  • Educational Services:

    • To process and evaluate your exam answers using AI services (OpenAI).
    • To provide feedback on your performance.
    • To support the leaderboard and friends system (only displaying usernames and avatars).

  • Analytics & Improvements:

    • To analyze user activity and improve the performance and user experience of the Website.
    • To ensure the security and proper functioning of the Website.

4. Data Sharing

We only share your personal data with third parties under the following conditions:

  • With OpenAI:

    • Your input data (exam answers) may be shared with OpenAI for marking and evaluation purposes. OpenAI processes this data anonymously and in accordance with its own privacy policy. Your input is used solely for educational purposes and is not used to build profiles or for marketing purposes.

  • With OAuth Providers (Google, Microsoft):

    • When you sign in via Google or Microsoft OAuth, your account information (such as your email and username) is shared with those providers to authenticate your identity. No other personal data is shared.

  • Legal Requirements:

    • We may disclose your personal data if required to do so by law or to comply with a legal obligation, or to protect the rights, property, or safety of the Website, our users, or others.

5. Data Security

We take the security of your personal data seriously. We employ the following measures to protect your information:

  • Password Encryption: All user passwords are hashed using a secure hashing algorithm. We do not store passwords in plain text.
  • Data Transmission: Data exchanged with the Website is secured using HTTPS (SSL/TLS encryption).
  • Data Access Controls: Only authorized personnel have access to personal data, and they are required to maintain strict confidentiality.
  • Regular Security Audits: We conduct regular audits to ensure that our data processing and storage practices meet industry security standards.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide our services. If you wish to delete your account, please contact us at [Insert Contact Email]. Upon deletion, we will remove or anonymize your personal data, except where retention is required by law (e.g., for legal disputes or regulatory obligations).

7. Your Rights Under GDPR

As a user of the Website, you have the following rights under the GDPR:

  • Right to Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request corrections to any inaccuracies in your personal data.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your data under certain conditions.
  • Right to Object: You have the right to object to the processing of your personal data for direct marketing or where the legal basis for processing is legitimate interest.
  • Right to Withdraw Consent: Where data processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at [Insert Contact Email]. We will respond to your request within one month, in compliance with GDPR regulations.

8. Third-Party Links

The Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those external websites. We recommend reviewing their privacy policies separately before providing them with any personal data.

9. Cookies

We use cookies to improve your experience on the Website. Cookies help us understand how you interact with the Website and allow us to personalize your experience. You can manage your cookie preferences through your browser settings.

10. Children’s Privacy

The Website is intended for use by students. However, users under the age of 13 must obtain parental consent before creating an account. We do not knowingly collect or process personal data from children without such consent. If we discover that we have collected data from a child without consent, we will take immediate action to delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or relevant laws. Any updates will be posted on this page, and we will notify you via email or a prominent notice on the Website if significant changes are made.

12. Contact Information

If you have any questions about this Privacy Policy or your personal data, please contact us by:

  • Email: tpower@highstorrs-mlt.co.uk

By using the Website, you agree to the terms of this Privacy Policy. Please ensure you review this document regularly for any changes.