Login
Try now

Privacy Policy

Privacy and Data Policy

This Privacy and Data Policy outlines how Public Sector Analytics Ltd t/a askKira, a Limited Company registered in England and Wales (Company Number: 14889377) operating in the field of education technology, collects, uses, processes, and safeguards data from users of our AI educational chatbot for educators – askKira.com. We are committed to maintaining the privacy and security of your personal information while providing valuable insights to industry leaders to drive informed decision-making within the education sector.

Data Collection and Usage

Types of Data Collected

We collect user information such as name, email address, educational background, and professional interests, as well as interactions and queries made with the AI chatbot. To continuously enhance our services, we retain anonymised documents, images, and inputs.

This data, devoid of personal identifiers, is crucial for refining our AI chatbot and offering better educational tools.

Additionally, we collect specific personal information including name, email address, job title, and date of birth. This information is collected for the purpose of generating user accounts and enabling personalisation of our services.

It’s important to note that while we collect this personal information, we do not collect any sensitive data.

Purpose of Data Collection

Your data is collected when you engage with our chatbot, subscribe to our services, download resources, or contact us for support. This engagement allows us to gather the information necessary to provide you with our services and support. As you interact with our services, we automatically collect data regarding your device and usage patterns through cookies and similar technologies. This data enhances our service’s functionality and user experience. The data collected is used to enhance our AI chatbot’s educational effectiveness and to generate insights into teaching practices and trends within the education sector.

Additionally, we utilise your data for marketing purposes, such as sending email newsletters to keep you updated on our latest products, services, and industry insights. Aggregated and anonymised data may be shared with industry leaders to inform educational policies and strategies. We may fine-tune our AI with proprietary data to enhance its utility and relevance to our users. This process is part of our commitment to providing a service that is responsive to the needs of our user base.

Data Hosting and Protection

Our services utilise Amazon Web Services (AWS) servers based in London (eu-west-2 region) and within the EEA. Additionally, some data may be processed in the United States via AWS. AWS USA is covered under the UK-US Data Bridge or Standard Contractual Clauses (SCCs). We ensure that all providers adhere to stringent data security standards regardless of location. Our Data Protection Agreement outlines the measures we take to safeguard personal and anonymised data. We are committed to ensuring that any personal data collected is processed lawfully, fairly, and transparently in compliance with UK data protection laws (including UK GDPR). We only process data for specific, legitimate purposes and take steps to minimise the collection of unnecessary personal information. Individuals retain rights over their personal data, including access, correction, erasure, and portability. We have implemented strict access control measures, encryption, and other security protocols to ensure the protection of this data throughout its lifecycle.

Data Security

We do not share your personal data with third parties without your explicit consent, except as necessary to provide the service or as required by law. To ensure your data is stored securely and inaccessible to unauthorised parties, we have established a robust Information Security Policy that governs all aspects of data handling within Public Sector Analytics Ltd.

This policy includes:

  • Access Control: Only authorised personnel have access to sensitive and anonymised data, with access granted strictly on a need-to-know basis.
  • Encryption: All sensitive data is encrypted both in transit and at rest to protect against unauthorised access.
  • Monitoring and Auditing: We continuously monitor our systems for vulnerabilities and conduct regular audits to ensure compliance with our security policies.
  • Incident Response: In the event of a security breach, we have a well-defined incident response plan to mitigate damage, notify affected parties, and resolve the issue efficiently.
  • Training: All employees and contractors undergo regular security awareness training to ensure they understand their responsibilities in protecting sensitive data.

These industry-standard security measures are designed to safeguard your data and ensure it is handled in compliance with relevant regulations.

Anonymisation

All enquiries and interactions with the chatbot are anonymised, ensuring that the data shared remains confidential and cannot be directly attributed to individual users.

Data Processing

Public Sector Analytics Ltd (t/a askKira) enters into Data Processing Agreements (DPA) with all third-party service providers and external consultants who process anonymised data on our behalf. These agreements ensure that data is processed in compliance with UK GDPR, upholding stringent data protection and privacy standards. Anonymised data is processed by our business intelligence platform and external consultants, under separate DPAs, to provision the Public Sector Analytics insights offering. This processing is conducted based on clients’ opted-in selection in their order form for anonymised usage and behavioural analytics, and is used to generate insight and intelligence reports. The DPA governs how data processors handle the data, including maintaining confidentiality, ensuring data security, and adhering to the specified processing purposes. All processors are subject to regular audits to ensure ongoing compliance with these obligations.

Users can request deletion or subject access requests in accordance with GDPR rights, including access, deletion, and data portability.

Granular Permissions and User Access Management

To safeguard your personal data, we implement rigorous user access management and granular permissions. This approach ensures that only authorised personnel can access specific data types, strictly on a need-to-know basis. Our system’s design follows the principle of least privilege, ensuring that access rights are tailored to each user’s role and responsibilities, thereby minimising potential data exposure.

Consent

As an individual using our AI educational chatbot, you consent to the collection and processing of your data as described in this policy. You can withdraw your consent at any time by discontinuing use of our services. You can also opt-out of marketing from askKira by clicking Unsubscribe at the bottom of any of our emails, declining cookies on our website or by completing this form.

Data Sharing

We anonymise user data for analytics, removing personal identifiers to understand service usage and improve educational outcomes. This approach ensures privacy while contributing valuable insights to the education sector.

Industry Insights

Aggregated and anonymised data may be shared with industry leaders, policymakers, and educational institutions to drive informed decision-making within the education sector.

Third-Party Services

We may engage third-party service providers to assist with data analysis and storage, but we ensure that they adhere to strict privacy and security standards. We may receive data about you from various third parties, including analytics providers and data aggregators, which complements the information we collect directly and supports our service improvement efforts.

We utilise third-party providers to facilitate our services. Our agreements with these providers ensure that your interactions with our chatbot are not used to train their models.

Our service providers include:

  • Amazon Web Services (AWS) – Provides secure cloud hosting and infrastructure to ensure the reliability and scalability of our platform.
  • Microsoft Azure – Supports certain cloud computing functionalities and secure data storage.
  • OpenAI – Used for AI-powered functionalities. OpenAI does not use API data for training models, though it may temporarily log data for abuse prevention.
  • Google – Includes Google Analytics for understanding website traffic and user interactions to improve our services, and Google Gemini for AI-powered functionalities.
  • Hotjar – Provides heatmaps and behavioural analytics to optimise user experience. No personally identifiable information is collected.
  • Stripe – Processes secure online payments. Stripe follows strict financial security protocols and does not share payment details with unauthorised third parties.
  • Mailchimp – Manages our email communications. Subscribers can opt out at any time, and no data is shared beyond its intended use.
  • Wonde – Securely connects with education platforms to enable data access while maintaining strict compliance with GDPR and other data protection laws.
  • Cloudflare – Provides security and performance enhancements, including DDoS protection and traffic optimisation. No personal data is sold or shared.

We ensure that all our service providers comply with relevant data protection regulations, including GDPR and UK data protection laws. Data is only processed for its intended purpose, and we do not sell or share user data with third parties outside of these essential business functions.

Legal Disclosures

While interactions with the chatbot are anonymised, please be aware that Public Sector Analytics Ltd, our parent company, may be required to disclose information in cases where there is a legal safeguarding duty to report, such as instances involving danger to oneself or to others.

Rights of Users

Access and Correction

You have the right to access and correct your personal information held by us.

Erasure

You can request the deletion of your data, and we will comply within a reasonable timeframe.

Data Subject Access Request Process

To request access to your personal data, you can contact our Data Protection Officer at [email protected]. We aim to respond to all legitimate requests within a reasonable timeframe. You may be required to provide identification to help us verify your identity. There is no fee for making a request unless the request is clearly unfounded, repetitive or excessive.

Cookies and Tracking

We use cookies and similar technologies to enhance your user experience, gather usage data for analytical purposes, and for marketing initiatives. By using our AI educational chatbot, you consent to analytics tracking via Google, Hotjar, and X to help us understand user behaviour, improve our services, and provide personalised content and advertisements. You can manage your cookie preferences through your browser settings.

Data Retention

We do not keep personal data for longer than necessary. Our data retention practices are designed to ensure that we only retain your personal information for as long as it is required to fulfil the purposes for which it was collected or to comply with legal and regulatory requirements.

To ensure compliance with data protection regulations and best practices, we adhere to the following principles:

  1. Data Inventory: We maintain a comprehensive inventory of the personal data we hold and the specific purposes for which it is required. This allows us to ensure that we only collect and retain data that is necessary for our operations.
  2. Justified Retention Periods: We carefully consider and justify the length of time we keep personal data. Our retention periods are based on legal requirements, business needs, and the rights and expectations of our users.
  3. Retention Policy: We have established a policy with standard retention periods for different categories of data, which aligns with our documentation obligations. This policy is regularly reviewed and updated to reflect any changes in legal requirements or business practices.
  4. Regular Reviews: We conduct periodic reviews of the personal data we hold. During these reviews, we assess whether the data is still necessary for the purposes for which it was collected. Data that is no longer needed is either erased or anonymised in accordance with our retention policy.
  5. Right to Erasure: We have implemented appropriate processes to comply with individuals’ requests for erasure under ‘the right to be forgotten’. These processes ensure that we can respond to such requests promptly and effectively, erasing personal data from our systems when required.
  6. Data for Specific Purposes: We clearly identify any personal data that we need to keep for public interest archiving, scientific or historical research, or statistical purposes. This data is subject to additional safeguards and may be retained for longer periods as permitted by data protection regulations.
  7. Anonymisation: Where possible, we anonymise data that we wish to retain for analytical purposes, ensuring that it can no longer be associated with individual users.

Our commitment to these data retention principles helps us maintain the trust of our users while ensuring that we have the necessary information to provide our services effectively.

Retention During and After Contract

Your data will be stored securely for the duration of our contract. Once you leave our service, your data will be retained in our database only for as long as necessary before being securely deleted. However, please note that some data may be present in system-wide cold storage backups, which we maintain as part of our data backup and restoration practices.

Public Sector Analytics Insights Dashboard

Public Sector Analytics provides an insights dashboard that shares anonymised usage and behavioural insights from across all of an organisation’s askKira userbase. This dashboard informs a school of their users’ behaviours benchmarked and compared to other similar organisations’ userbase. It’s important to note that no personal data is processed for the provision of this insights dashboard. All data used to generate insights has any identifiable traits or markers removed. We also implement a minimum sample size to generate insights to avoid bias and exposure.

Opt-in for Insights

Organisational users can opt-in to the Public Sector Analytics insights offering via the order form. This opt-in allows us to process anonymised usage and behavioural analytics data for the purpose of generating insight and intelligence reports.

Data Breach Notification

In the event of a data breach, we are committed to notifying affected users and relevant authorities as soon as possible after becoming aware of the breach, and no later than 72 hours after discovery. We have procedures in place to detect, report, and investigate suspected data breaches promptly.

In case of a breach involving our clients’ data, we will:

  1. Contain and investigate the breach, assessing the extent of the data affected.
  2. Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach poses a significant risk to individuals’ rights and freedoms.
  3. Inform affected individuals as required by law.
  4. Implement measures to mitigate further risks and provide guidance to those affected on how to protect themselves.
  5. Meticulously document all details of the breach for compliance and accountability purposes.

Risk Assessment Strategy

Public Sector Analytics Ltd employs a comprehensive Risk Assessment Strategy to identify, evaluate, and mitigate potential risks to data security and privacy. This strategy includes:

  • Regular Risk Assessments: We conduct periodic risk assessments to identify new and existing threats, vulnerabilities, and risks to data security.
  • Mitigation Plans: For each identified risk, we develop and implement mitigation strategies, including technical, administrative, and physical safeguards.
  • Ongoing Review: We regularly review and update our risk assessment processes to align with changes in the data landscape, regulatory requirements, and emerging security threats.
  • Compliance Monitoring: Our risk assessment strategy is closely aligned with UK GDPR, ensuring that we meet our legal obligations in protecting personal data. Any significant changes or findings from assessments are shared with senior management and incorporated into our security strategy.

Third-party Processing

Our business intelligence platform and external consultants process anonymised data to provision the Public Sector Analytics insights offering. This processing is done in accordance with the opt-in provided in the order form. All third-party processors are bound by contracts that require UK GDPR compliance.

The elements of data shared with these processors are limited to anonymised usage and behavioural analytics, used solely for the purpose of generating insight and intelligence reports. We ensure that no personally identifiable information is shared with these third parties.

If we change sub-processors, we commit to notifying our clients of the change and the reasons for it within a reasonable period of time, no more than 4 weeks after the change.

Data Controller

The data controller for your personal information is Public Sector Analytics Limited.

Changes to Policy

We reserve the right to modify this policy at any time. Changes will be posted on our website, and continued use of our services will indicate your acceptance of these changes.

Contact Us

If you have any questions or concerns about this policy or the data we hold, please contact our Data Protection Officer at [email protected].

By using our Services, you agree to the terms of this Privacy and Data Policy. Your privacy and the security of your data are of utmost importance to us.

Last updated: 12th March 2025

Copyright © 2023 – 2025 Public Sector Analytics Limited. Company No 14889377. All rights reserved. Policies.

Linkedin Facebook X-twitter Instagram Tiktok Youtube