Solutionpath customer privacy policy
Last updated 02/09/2024
1. Solutionpath Privacy Statements & Customer Notice
This privacy statement and customer privacy notice describes how Solutionpath Ltd (StREAM by Kortext) collects and uses personal information and data when you engage with our website and also how we conform to our UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, domestic data protection legislation responsibilities when you become a valued customer of our product. This document has been produced to address both scenarios of web data usage and data used in our products.
Solutionpath Privacy Statement (Web)
Your privacy is important to Solutionpath Ltd. This privacy statement provides information about the personal information that Solutionpath Ltd collects through your engagement with our website, and the ways in which Solutionpath Ltd uses that personal information.
1.1 Personal information collection
Solutionpath Ltd may collect and use the following kinds of personal information:
- information about your use of this website;
- information that you provide using for the purpose of registering with the website;
- information about transactions carried out over this website;
- information that you provide for the purpose of subscribing to the website services; and
- any other information that you send to Solutionpath Ltd.
1.2 Using personal information
Solutionpath Ltd may use your personal information to:
- administer this website;
- personalise the website for you;
- enable your access to and use of the website services;
- publish information about you on the website;
- send to you products that you purchase;
- supply to you services that you purchase;
- send to you statements and invoices;
- collect payments from you; and
- send you marketing communications.
Solutionpath Ltd will not use your personal information:
- That is sensitive to data or of a highly personal nature;
- Concerning vulnerable data subjects;
- To be processed on a large-scale;
- From systematic monitoring; and
- Used for profiling or scoring.
Where Solutionpath Ltd discloses your personal information to its agents or sub-contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, Solutionpath Ltd may disclose your personal information to the extent that it’s required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
1.3 Securing your data
Solutionpath Ltd will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Solutionpath Ltd will store all the personal information you provide on its secure servers.
Information relating to electronic transactions entered into via this website will be protected by encryption technology.
1.4 Cross-border data transfers
Information that Solutionpath Ltd collects may be stored and processed in and transferred between any of the countries in which Solutionpath Ltd operates to enable the use of the information in accordance with this privacy policy.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available around the world.
You agree to such cross-border transfers of personal information.
1.5 Use of Cookies
Our Website, wwww.kortext.com/stream (formerly www.solutionpath.co.uk)uses cookies to improve its user-friendliness and functionality. By using our website, you consent to our use of cookies. Brief details about our use of cookies is below. Please refer to our cookie policy for more information.
A cookie is a file which is placed on your computer or other IT-equipment and which makes it possible to anonymously record what actions users make on our site.
Cookies often also ensure our site works correctly and some functions will not work without the use of cookies.
Solutionpath Ltd uses cookies to optimise your visit to this website when browsing to continually improve the user experience. Solutionpath Ltd uses third party cookies from widely used analytics system Google Analytics and Force 24 to generate statistics on the use of the website and from anonymous tracking software to recognise IT-equipment and to track how often you visit the website. You can learn more about privacy at Google (see section 7) or opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on. Force24 cookies are enabled at the point of cookie acceptance on this website. They allow us to understand our audience engagement thus allowing better optimisation of our marketing activity that is better tailored to your legitimate interests. The information stored by Force24 cookies remains anonymous until:
- Our website is visited via clicking from an email or SMS message, sent via the Force24 platform and cookies are accepted on the website.
- A user of the website completes a form containing email address from either our website or our Force24 landing pages. The Force24 cookies will remain on a device for 10 years unless they are deleted. You can unsubscribe from our email preferences at any time.
Cookies cannot be used to identify individuals. Solutionpath Ltd does not disclose the gathered information to anyone else.
Cookies can be disabled by changing your browser settings and deleting the cookies that are already on your PC. Note, however, that there may be web pages or features you will then be unable to see or use.
1.6 Updating this statement
Solutionpath Ltd may update this privacy policy by posting a new version on this website.
You should check this page occasionally to ensure you’re familiar with any changes.
1.7 Other websites
This website contains links to other websites.
Solutionpath Ltd isn’t responsible for the privacy policies or practices of any third party.
1.8 Contact Solutionpath Ltd
If you’ve any questions about this privacy policy or Solutionpath Ltd’s treatment of your personal information, please write:
by email to hello@solutionpath.co.uk or, by post to;
Solutionpath Ltd, Floor 2, Mill 7, Mabgate Mill, Leeds, LS9 7DZ
1.9 Related Solutionpath policies
POL-Information Security Policy Statement
POL-Quality & Environmental Policy Statement
POL-Solutionpath Ethical Standards Policy Statement
POL-Solutionpath Sustainability Policy
2. Customer Privacy Notice (product data)
Solutionpath Limited (the Company) is aware of its obligations under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, domestic data protection legislation and is committed to processing our customers data securely and transparently. This privacy notice sets out, in line with current data protection obligations, the types of data that we process on your behalf as a customer of the Company’ products. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to current and former customers.
2.1 Data processor details
The Company is a data processor, meaning the natural or legal person, public authority, agency or other body which processes personal data on behalf of a data controller.
The Company acts as data processor on behalf of our customers (data controllers) and under our customers authority. In doing so, we serve our customers interests rather than our own.
Although as a Company we make our own day-to-day operational decisions, we comply with Article 29 which means we only process our customers personal data in line with their (data controller’s) instructions, unless it is required to do otherwise by law.
If the Company acts without our customers (data controller’s) instructions in such a way that it determines the purpose and means of processing, including to comply with a statutory obligation, we will be a controller in respect of that processing and will have the same liability as our customer (data controller).
The Company contact details are as follows:
Company Registered Address: Solutionpath Limited, 26-32 Oxford Road, Suite B, 6th Floor, Avalon House, Bournemouth, Dorset, BH8 8EZ, England
Solutionpath Office Address: Solutionpath Limited, Floor 2, Mill 7, Mabgate Mills, LEEDS, West Yorkshire, LS9 7DZ, England
2.2 Data protection principles
In relation to customers personal data, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for reasons that we find proper for the course of your contract in ways that have been explained and agreed with you
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it to fulfil our contractual obligations
- process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed.
2.3 Types of data we process
Depending on our data sharing agreement with you (please refer to your data sharing agreement for completeness). We may hold many types of data, such as (& not limited to):
- your staff and student personal details including name, address, date of birth, email address, contact telephone number
- Enrolment Status’, Study Mode, Course Level, UCAS Points, exam number
- Previous qualifications
- Nationality & gender
- Attendance records, use of academic systems such as library resources records, VLE logins and access records and lecture capture records
2.4 How we collect your data
We collect data about your staff and students in a variety of ways and this will usually start when we undertake a data ingestion using data feeds where we will either collect the data from customers directly or via an API. This includes the data our customers would normally collect while either recruiting their staff or enrolling their students.
Personal data is kept in either your on-premise database or within the AWS cloud (if you are a cloud customer).
2.4.1 Technical Information about data collection
Data will either come from source systems. These will be sourced via a secured encrypted route and physically located either within an Amazon Web Services (AWS) UK (London region) only or, in an on-premise server of the customer’s choice.
2.5 Why we process your data
The law on data protection allows us to process your data for certain reasons only:
- in order to perform the service and deliver the contract that we are party to
- in order to provide analytical engagement information using student data which may be used by our customers to enhance their student experience
- in order to carry out legally required duties
- in order for us to carry out our customers legitimate interests
- to protect our customers interests
- where something is done in the public interest and
- where we have obtained your consent.
All of the processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first three reasons set out above to process your data. For example, we need to collect personal data in order to:
- carry out the contract that we have entered into with you and
- ensure you receive a fully functioning product.
We need to collect your data to ensure we are complying with legal requirements such as:
- to carry out the contract that we have entered into with you
We also collect data so that we can carry out activities which are in the legitimate interests of our customers. We have set these out below:
- processing is necessary for the purposes of the legitimate interests pursued by our customer (the data controller)
2.6 Special categories of data
We will not process special categories of data unless you have requested that we do so within the parameters of our contract with you. In these circumstances we must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:
- you have given explicit consent to the processing (in limited circumstances)
- we must process the data in order to carry out our legal obligations
- we must process data for reasons of substantial public interest
- you have already made the data public.
We will use your special category data:
- when processing is necessary for the purposes of the legitimate interests pursued by our customer (the data controller)
We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under specific law. However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent. Consent, once given, may be withdrawn at any time.
2.7 If you do not provide your data to us
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract with us. If you do not provide us with the data needed to do this, we will be unable to perform those duties and unable to fulfil our contract with you.
2.8 Sharing your data
Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties. This includes, for example, sharing your data with analysts and developers to create a personalised dashboard experience.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
We do not share your data with bodies outside of the European Economic Area.
2.9 Protecting your data
The Company will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.
The Company will store all the personal information you provide on its secure cloud servers.
Information will be protected by encryption technology. The company and our service providers (e.g., AWS) follow certified systems of control (ISO 27001) that are independently certified.
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction, and abuse. We have implemented processes and policies to guard against such as:
- Policies and procedures – measures are in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data.
- Business Continuity and Disaster Recovery strategies that are designed to safeguard the continuity of our service to our customers and to protect your people and assets.
- Appropriate restrictions on access to personal information.
- Monitoring and physical measures, to store and transfer data securely.
- Periodic training on privacy, information security, and other related subjects for employees and contractors.
- Risk management.
- Contracts and security reviews on third-party providers of services.
2.10 Solutionpath policies
- POL – StREAM Subscription Services Acceptable Use Policy
- POL – Freedom of Information Act Policy and Procedure
- POL – Information Security Policy Statement
- POL – Quality & Environmental Policy Statement
- POL – Solutionpath Ethical Standards Policy Statement
- POL – Solutionpath Sustainability Policy
- POL – Solutionpath Right to Erasure and Subject Access Rights Policy and Procedure
2.11 Solutionpath Procedures
The full suite of information Security procedures are held within our Company Integrated Management System – Information Security Folder. Below is a list of some of the control procedures we have implemented to protect customers data
- 7.2 During Employment and Termination of Employment
- 9.1 Business Requirements of Access Control
- 9.2 User Access Management and Responsibilities
- 9.3 System and Application Access Control
- 10.1 Cryptographic Controls and Key Management
- 11.1 Secure Areas
- 11.2 Equipment Security
- 11.3 Access Control for Solutionpath Office
- 11.4 Removal and Security of Offsite Information Assets
- 11.5 Unattended Equipment and Clear Desk Policy
- 12.1 Operational Procedures and Responsibilities
- 12.7 Username Administration (SOP)
- 13.1 Network Security Management
- 16.1 Reporting Information Security Incidents and Improvements
- 16.2 Responding to Information Security Incidents and Weaknesses
- IS-Data Breach Procedure
We do not share customers data with third parties, unless expressly authorised by customers, or where required by law, where we provide written instructions to them to ensure that your data are held securely and in line with current data protection requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
2.12 How long we keep your data for
In line with data protection principles, we only keep your data for as long as we need it, which will be at least for the duration of your contract with us though in some cases we will keep your data for a period after your contract has ended, up to a maximum 7 years.
2.13 Automated decision making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human intervention)
2.14 Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold about you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold about you. To do so, you should make a subject access request. You can read more about this in our subject access request policy which is available to view in the IMS POL-Solutionpath Right to Erasure and Subject Access Rights Policy and Procedure
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data, we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold about you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in a way that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please refer to POL-Solutionpath Right to Erasure and Subject Access Rights Policy and Procedure.
2.15 Making a complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO. The ICO helpline is 0303 123 1113
2.16 Data Protection Officer
The Company’s Data Protection Officer can be contacted on email: data@kortext.com