diff --git a/app/views/terms_and_conditions/show.html.erb b/app/views/terms_and_conditions/show.html.erb index 0c0bc4fa..18959244 100644 --- a/app/views/terms_and_conditions/show.html.erb +++ b/app/views/terms_and_conditions/show.html.erb @@ -6,7 +6,7 @@

1. Introduction

-

1.1 The Check a Teacher’s Record Service (as defined below) is a web service operated by the Department of Education (DfE). This web service is used by the Teaching Regulation Agency (TRA) as an executive agency to DfE to provide You with the Service (as also defined below).

+

1.1 The Check the Children’s Barred List Service (as defined below) is a web service operated by the Department of Education (DfE) to provide You with the Service (as also defined below).

1.2 When referring to:

    @@ -19,23 +19,19 @@

    1.4 By accessing and using the Service, You confirm that You accept and are bound by the Terms and have a valid basis for accessing and using the Service. If You do not agree to these Terms, You are not permitted to use this Service and You should not attempt to do so.

    -

    1.5 These Terms refer to the following additional terms, which also apply to your use of the Service:

    +

    1.5 These Terms refer to the following additional terms, which also apply to your use of the Service:

      -
    1. our privacy notice that details the processing of Personal Data through the Service (as may be amended by us from time to time);
      2. +
    2. our privacy notice that details the processing of Personal Data through the Service (as may be amended by us from time to time);
    3. any DfE Sign-In terms and conditions that govern the access to the Service (as such terms of use may be amended by us from time to time).

    1.6 Where there is a separate data sharing agreement, memorandum of understanding or any other agreement (as applicable) in place between DfE and your organisation, these Terms are mandatory and supplemental to the obligations set out in any such separate agreements or memorandum of understanding. Please note that these Terms include an Annex which contain additional obligations which will only apply where there is no separate data sharing provisions in place between DfE and your organisation. In the event of any conflict or inconsistency between these Terms and any separate data sharing agreement, memorandum of understanding or any other agreement between DfE and your organisation, these Terms shall prevail.

    -

    1.7 The Service is a free service available for local authorities, schools, multi-academy trusts, accredited teacher training providers, other professional regulators, teacher supply agencies and other authorised organisations as permitted access by the DfE to view the record of any:

    -
      -
    1. trainee, newly qualified or fully qualified teacher holding early years teacher status or qualified teacher status – with the exception of teachers who have achieved qualified teacher status through holding qualified teacher learning and skills (QTLS);
      2. - -
    2. teacher with an active restriction (including any teacher with QTLS to whom this applies);
      3. +

      1.7 The Service is a free service available for schools, higher education institutions, multi-academy trusts and local authorities to make a childrens’ barred list check for any new employee who will be undertaking regulated activity. The list is usually checked as part of a new employee’s enhanced Disclosure and Barring Service (DBS) check. This service can be used to make a separate check if the new employee either:

      +
        +
      1. will start working with children while waiting for the result of an enhanced DBS check;
        2. -
      2. teacher who has been the subject of a decision by the Secretary of State for Education not to impose a prohibition order following a determination by a professional conduct panel of unacceptable professional conduct, conduct that may bring the teaching profession into disrepute or conviction of a relevant offence
        3. - -
      3. individual with a teacher reference number not included in the above.
        4. +
      4. does not need an enhanced DBS check because they’ve worked with children in a school or college within the last 3 months.

      @@ -47,50 +43,45 @@

      Destructive Features: means any thing or device (including any software, code, file or programme) that may prevent, impair or otherwise adversely affect the operation of any computer software, hardware, network, programme or data including but not limited to computer viruses, worms, trojan horses or technologically harmful software.

      -

      Check a Teacher’s Record: the web service through which access to the information regarding a teacher and the status of that individual is made available to certain third parties by DfE as more particularly described in Clauses 1.8 and 3.4(a), as DfE may update from time to time.

      +

      Check the Children’s Barred List: the web service through which access to the Children’s Barred List is made available to authorised parties as more particularly described in Clauses 1.7 and 3.4(a), as DfE may update from time to time.

      EU GDPR: the EU General Data Protection Regulation (Regulation (EU) 2016/679).

      Personal Data: the personal data relating to an individual made available through the Service.

      +

      Regulated Activity: The full legal definition of regulated activity is set out in Schedule 4 of the Safeguarding Vulnerable Groups Act 2006 as amended by the Protection of Freedoms Act 2012. HM Government has produced a Factual note on regulated activity in relation to children: scope1 and Keeping Children Safe in Education (KCSiE)2 guidance provides the following definition.

      + +

      Regulated activity includes:

      + +
        +
      1. teaching, training, instructing, caring for or supervising children if the person is unsupervised, or providing advice or guidance on physical, emotional or educational well-being, or driving a vehicle only for children;
        2. + +
      2. work for a limited range of establishments (known as ‘specified places’, which include schools and colleges), with the opportunity for contact with children, but not including work done by supervised volunteers.
        3. +
      + +

      Work under (a) or (b) is regulated activity only if done regularly. Some activities are always regulated activities, regardless of frequency or whether they are supervised or not.

      +

      Terms: means these terms and conditions that govern a user's access to and use of the Service.

      -

      Service: means the Check a Teacher’s Record Web Service.

      +

      Service: means the Check the Children’s Barred List Web Service.

      UK GDPR: the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

      -

      Valid Basis: an authorised reason to access use the Service to support your role in a) conducting safeguarding checks in line with Keeping Children Safe In Education or to comply with DfE funding requirements, b) verifying the qualified teacher status, early years teacher status, early years professional status, statutory induction status, mandatory qualification for teaching those with sensory impairments or a DfE national processional qualification, or c) an approved other use where you have written approval from DfE to use the servicethe statutory induction process.

      +

      Valid Basis: a school, higher education institution, multi-academy trust and local authority undertaking children’s barred list checks in accordance with the Safeguarding of Vulnerable Groups Act 2006 and the Keeping Children Safe in Education (KCSiE) guidance.

      -

      You, your and your organisation: means all directors, officers and employees of an organisation, that have approved access to the Service by DfE and are engaged in the performance of that organisation’s obligations to undertake statutory checks on teachers as required in legislation.

      +

      You, your and your organisation: means all directors, officers and employees of an organisation, that have approved access to the Service by DfE and are engaged in the performance of that organisation’s obligations to undertake statutory checks on teachers as required in legislation.

      3. Terms of Use

      3.1 These Terms must be complied with whenever You access the Service. You acknowledge that in addition to complying with these Terms, You must also comply with all applicable law, including Data Protection Legislation.

      -

      3.2 In accessing the Service, You also acknowledge your organisation is an independent controller, as defined in Data Protection Legislation, with responsibility for ensuring:

      -
        -
      1. your use of data obtained from the Service complies with Data Protection Legislation; and
        2. +

        3.2 In accessing the Service, You also acknowledge your organisation is an independent controller, as defined in Data Protection Legislation, with responsibility for ensuring that your use of data obtained from the Service complies with Data Protection Legislation and in accordance with these Terms.

        -
      2. any processors required to access the Service on your organisation’s behalf do so with a valid basis for processing and always use any Personal Data obtained from the Service in compliance with Data Protection Legislation and in accordance with these Terms.
        3. -
      -

      3.3 Without prejudice to Clause 3.2 and as set out in Clause 1.6, You will also need to comply with the Annex to these Terms in circumstances where your organisation does not have a separate data sharing agreement or memorandum of understanding (as applicable) in place with DfE.

      +

      3.3 Without prejudice to Clause 3.2 and as set out in Clause 1.7, You will also need to comply with the Annex to these Terms in circumstances where your organisation does not have a separate data sharing agreement or memorandum of understanding (as applicable) in place with DfE.

      3.4 As a user of this Service, You will at all times:

        -
      1. comply with the provisions of Data Protection Legislation in respect of all Personal Data, understanding that such Personal Data is provided to enable only authorised users from a registered organisation to carry out necessary checks on whether a trainee or teacher has:
        2. -
      2. -
          -
        1. achieved qualified teacher status, early years teacher status or early years professional status;
          2. - -
        2. completed their induction;
          3. - -
        3. been awarded a mandatory qualification for teachers of hearing impaired or visually impaired pupils;
          4. - -
        4. successfully completed a leadership or specialist national professional qualification;
          5. - -
        5. any teaching restrictions placed against them or has been the subject of a decision by the Secretary of State for Education not to impose a prohibition order following a determination by a professional conduct panel of unacceptable professional conduct or conduct that may bring the teaching profession into disrepute or the conviction of a relevant offence.
          6. -
        -
        3. +
      3. comply with the provisions of Data Protection Legislation in respect of all Personal Data, understanding that such Personal Data is provided to enable only authorised users from a registered organisation to carry out necessary checks on whether a new employee undertaking regulated activity has been barred from working with children.
      4. not disclose any Personal Data from the Service to any unauthorised third party.
        5. @@ -108,7 +99,7 @@
      5. reserves the right to reset user passwords.
        6. -
      6. owns all intellectual property rights (which is protected by Crown copyright) in and to the Service which includes any and all data (including Personal Data) or other information or material made available or published via the Service and these rights are licensed (not sold) to You. You have no intellectual property rights in relation to the foregoing other than the right to use them in accordance with these Terms.
        7. +
      7. owns all intellectual property rights (which is protected by Crown copyright) in and to the Service which includes any and all data (including Personal Data) or other information or material made available or published via the Service and these rights are licensed (not sold) to You. You have no intellectual property rights in relation to the foregoing other than the right to use them in accordance with these Terms.

      3.6 DfE may terminate these Terms and your (and your organisation's) access to and use of the Service at any time and for any reason by written notice with immediate effect.

      @@ -163,9 +154,10 @@
    3. any "robot", "bot", "spider", "scraper" or other automated device, program, tool, algorithm, code, process or methodology to access, obtain, copy, monitor or republish any portion of the Service or any content or services accessed via the same; or
    4. any automated analytical technique aimed at analysing content in digital form to generate information which includes but is not limited to patterns, trends and correlations,
      5. - -
    5. the provisions in this Clause should be treated as an express reservation of our rights in this regard, including for the purposes of Article 4(3) of Digital Copyright Directive ((EU) 2019/790). This Clause shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.
    + +

    the provisions in this Clause should be treated as an express reservation of our rights in this regard, including for the purposes of Article 4(3) of Digital Copyright Directive ((EU) 2019/790). This Clause shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.

    +

    6.12 You must not violate or attempt to violate the security of the Service. You must not probe, scan or test the vulnerability of a system or network related to the Service. You must not misuse our Service by knowingly introducing Destructive Features. You must not attempt to gain unauthorised access or authentication to our Service (or any data held within it), the server on which our Service is stored, or any server, computer or database connected to our Service, through data mining, web scraping, hacking, spoofing, using another person’s password or by any other means. You must not attack our Service through a denial-of-service attack or a distributed denial-of service attack. Each of these acts is a criminal offence. We will report any such offence to the relevant law enforcement authorities and cooperate with them to determine your identity. In the event of such a breach your rights to use the Service will cease immediately.

    7. Our Responsibilities and Liabilities @@ -204,6 +196,71 @@

    Email: teaching.status@education.gov.uk

    Website: https://www.gov.uk/government/organisations/teaching-regulation-agency

    + +

    Annex

    +

    + 1. Introduction +

    +

    If there is no data sharing agreement or memorandum of understanding (as applicable) in place between DfE and your organisation, the provisions of this Annex together with the Terms set out above shall apply to your access and use of the Service.

    +

    + 2. Data Protection +

    +

    2.1 By agreeing to these Terms, You confirm and acknowledge that:

    +
      +
    1. Your organisation remains responsible for its compliance obligations under the Data Protection Legislation;
      2. + +
    2. You are only permitted to access the Service and process the Personal Data for the purposes set out in Clause 1.7, your access is on a strictly need-to-know basis and shall be for no longer than is necessary. If any Personal Data is retained by You or your organisation that retention must at all times comply with Data Protection Legislation;
      3. + +
    3. Your organisation has implemented and will maintain appropriate technical and organisational security measures to ensure that all Personal Data are sufficiently protected against any Personal Data Breach (as defined in Data Protection Legislation) and that the requirements of Article 32 of the UK GDPR are met at all times;
      4. + +
    4. You will take all necessary precautions to preserve both the integrity and security of the Personal Data You process as well as prevent any corruption or loss of any Personal Data (or any part thereof);
      5. + +
    5. You and your organisation will remain responsible for dealing with and responding to: +
        +
      1. any Subject Access Request (or purported Subject Access Request, as defined in Data Protection Legislation);
        2. +
      2. other requests, complaint or communication from a Data Subject (as defined in Data Protection Legislation);
        3. +
      3. any communication from the Information Commissioner's Office (or such other regulatory authority);
        4. +
      4. any request from a third party to disclose Personal Data where compliance with such request is required or purported to be required by applicable law
        5. +
      + relating to your organisation's obligations under the Data Protection Legislation, unless otherwise agreed with DfE; +
      6. + +
    6. You shall promptly report to DfE any circumstance of which You become aware which may: +
        +
      1. mean that these Terms have not been complied with;
        2. +
      2. cause DfE to breach the Data Protection Legislation as a result of Processing (as defined in Data Protection Legislation) carried out in connection with these Terms; and
        3. +
      3. mean that there has been unauthorised Processing of any Personal Data under these Terms.
        4. +
      +
      7. + +
    7. You are responsible for any digital, downloaded, or saved copies of data or other content You access through the Service;
      8. + +
    8. You will ensure that Data Subjects are aware of how You and your organisation use their data through the Service, including but not limited to, making available a privacy notice that details your use of the Service;
      9. + +
    9. No transfer of Personal Data outside of the United Kingdom shall take place (or be attempted) without the prior written consent of DfE;
      10. + +
    10. You agree that where any Personal Data contains information relating to the racial or ethnic origin, physical or mental health, sexual orientation, gender identity, religion/belief, biometric information, trade union membership, political or philosophical beliefs of an individual these are special categories of personal data (as defined in Data Protection Legislation) or are required to be treated as special categories of personal data under these Terms.
      11. +
    +

    + 3. Records +

    + +

    You shall maintain complete and accurate records and information to demonstrate your compliance with these Terms and Data Protection Legislation.

    + +

    + 4. General +

    + +

    These Terms may not be assigned, varied or otherwise transferred, in whole, or in part, by You without the prior written consent of DfE.

    + +

    These Terms are between You and us and nobody else can enforce them.

    + +

    These Terms contain the whole agreement and understanding between You and DfE and supersede any prior written, or oral, agreement which may have been entered into between us relation to its subject matter.

    + +

    If we delay in enforcing these Terms (or any of them), DfE will still be entitled to enforce them later.

    + +

    If a court decides that any of these Terms are invalid, the remainder of the Terms will still apply.

    + <% if current_dsi_user %> <%= form_with url: terms_and_conditions_path, method: :patch do |f| %> <%= f.govuk_submit "Accept" %>