The scope of this privacy notice covers the data processed within our SIMS Pay product.
Capita Education Software Solutions (ESS), a trading name of Capita Business Services Ltd, is fully committed to keeping your information safe. This privacy notice explains what personal information we collect, why we collect it, and how we use it. We hope our notice is clear and transparent, but if you have any questions, please get in touch via the contact details in section 2.
SIMS Pay is a "software as a service" solution allowing you, the customer, to make payments for school items such as schools dinners and school trips.
Where your school is responsible for the information that is entered and maintained within the site, they are the Data Controller. Where your school are responsible for the information stored in the SIMS Pay system they must demonstrate compliance with data protection legislation. For further information on what personal information is stored and processed please contact your school.
Where SIMS Pay is the Data Controller, Capita ESS are responsible for the information stored in the SIMS Pay system and must be able to demonstrate compliance with data protection legislation for the processing of personal information. Additionally Capita ESS must demonstrate the same compliancy for any processing of the personal information controlled by your school.
You can refer to the Information Commissioner's Office website for full details on responsibilities of data controllers and processors.
Capita Education Software Solutions
Priory Business Park
Should you have any queries relating to the collection of your information or about this guidance please email the Capita ESS privacy contact.
We collect personal information about you (such as your name, billing address and email address) at the point you register as a customer of SIMS Pay.
The information we collect is captured for checkout and correspondence convenience. For instance, entering your billing address means you need not enter this each time you checkout. Similarly you can subscribe to receive communications from the school about relevant school purchasable items. We store your preferences and give you the option to amend these at any time within your My Account pages.
As part of using SIMS Pay we also collect session information from those users accessing our system, this includes the use of the third party technology Google Analytics.
This information will be used for the following:
- To monitor the usage of our service and systems to support the development and enhancement of future features
- To assist Capita ESS support and operations functions to tune their services to provide scalable and performant software using utilisation information of a period of time
- To enhance the security of the system by tracking suspicious and anomalous behaviour.
Please refer to the Capita SIMS Privacy Notice regarding data processed in our business systems that is collected as part of the SIMS Primary Service for service license and support purposes.
We will only collect and use your personal information (as described in section 3) in accordance with data protection legislation. Our legal basis for processing your personal information are as follows:
- ContractualWe may process personal information associated to a contract or product purchase. It is important for us to hold this data in order to ensure that we have records from a legal perspective to whom signed and agreed to the definitions of agreements and who to contact following issues and/or to send renewal information.
- ConsentWhere necessary we will only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any sensitive information about you if we have your consent.
- Legitimate InterestsWe may use and process some of your personal information where we have conducted Legitimate Interest Assessment and have a legitimate business grounds for doing so. Under European privacy legislation here is a concept of "legitimate interests" as a justification for processing your personal information. Please see section 10 for your rights.
SIMS Pay is a securely hosted web service, delivered via the web using standard HTTPS TCP/IP protocols. The SIMS Pay service is hosted on a secure and highly scalable managed service, with the main system hosting provided by Microsoft Azure, which is reliable and resilient. Microsoft Azure matches or exceeds G-Cloud (v6) from the Cabinet Office for use across the UK Public Sector. All data is securely stored and processed within the EU and complies with UK data protection standards and requirements.
All personal information will be held in accordance with Capita plc group policy, and historical records will not be held without legitimate reason. We have a variety of automated retention policies in place that ensure data is regularly cleared down within our system if it has not been used, updated or interacted with in a reasonable amount of time. Where personal information is linked to financial records we reserve the right, on behalf of schools, to store this information for 7 years.
Essentially, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this privacy notice or until you request it is deleted.
Pay360 by Capita mange the instruction from you to take funds from a requested account and pass the monies on to the school.
Pay360 by Capita are certified to Payment Card Industry Data Security Standard (PCI DSS) Level 1.
You can refer to the PCI Compiance Guide FAQ for more details on the data security standard.
SendGrid manage distribution of payment receipts and communications about relevant school purchasable items.
SendGrid are certified by Privacy Shield.
Within your My Account pages you have the ability to unsubscribe to emails correspondence and can remove your billing address information – this will mean you need to enter your billing address each time you checkout.
Please refer to our Cookies page.
The right to be informedPlease contact your schools in the first instance for what information SIMS Pay processes.
The right of accessPlease contact your schools in the first instance for subject access requests regarding information stored in SIMS Pay.
The right to rectificationWhere Capita ESS are the data controller for information within SIMS Pay this can be edited by you within the website. Where the schools are the data controller please contact them directly.
The right to erasure (also referred to as the "right to be forgotten")Please contact your schools in the first instance for requests to remove information stored in SIMS Pay.
The right to restrict processingPlease contact your schools in the first instance for requests that your information is not processed in SIMS Pay.
The right to data portabilityMost information within the website can be printed or exported. Please contact your schools in the first instance for requests to provide more detail.
This Privacy Notice may be updated from time to time so you may wish to check it each time you submit personal information to us. If material changes are made to this Privacy Notice, for instance affecting how we would like to use your personal information, we will provide a more prominent notice.