When you sign up, we expect you to sign up as a representative of an organisation, Schoolscreener and Schoolscreener EZ are not available to individuals (e.g. parents).
When you or your organisation signs up for our services, they can follow two routes: For Schoolscreener clients, there will be a contract in place prior to starting the service. For Schoolscreener EZ clients or other self-service clients, all new organisations must accept the End User License Agreement which forms the contractual agreement between the Organisation and Thomson Screening.
In both these cases, your organisation is the Data Owner and Thomson Screening is the Data Processor. (as defined by GDPR).
As Data Owner, it is your responsibility to ensure that only persons specifically authorised by you can access the software and to ensure that the data added to the software is managed in accordance with GDPR requirements. We give you the tools to do this.
SchoolScreener® and SchoolScreener EZ® conform to all national requirements (eg in the EU the GDPR, in the USA HIPAA and FERPA etc).
Thomson Screening is registered with the Information Commissioner’s Office in the United Kingdom. Our Registration ID is Z3489680
We are also registered with NHS Information IG Toolkit. Our registration ID is 8HW22
We collect or store different types of personal information and each type has its own protection, access and deletion framework. These types are:
Patient identifiable information that is part of the Schoolscreener and Schoolscreener EZ operation.
It is information that you create when you use the Schoolscreener. This information is created by you, either via uploading, adding or amending records and carrying out test.
When you use the system, you will also populate it with your data: details of schools and children you screen, their results and any letters sent out to parents.
This information is highly protected and is entirely under organisation’s control. You and your colleagues are responsible for obtaining the necessary permissions from patients or their legal representatives prior to adding their data to our system. For the purposes of GDPR (General Data Protection Regulation): you are and remain the Data Owner, Schoolscreener/Thomson Screening is the Data Processor.
We provide you with tools to create, maintain and delete this information directly in the system.
Once information is added to our system we have an extensive range of security measures and process in place to protect it from harm and ensure it is available to you. Details of these security measures and our Data Protection framework are available on request as a separate document.
We work hard to protect Schoolscreener and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold.
We encrypt Schoolscreener services using SSL.
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
We restrict access to personal information to Thomson Screening employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
Details of these and additional security measures and our Data Protection framework are available in our Information Governance Policy.
Personal information necessary for conducting our business, for example user names and contact details. People in this category are linked to Thomson Screening by some form of contract, or SLA either directly or through their role in their organisation. We may also collect and use contact details of public officials available in the public domain.