Privacy Notice – Kernow Connect
Last Updated: October 2024
1. Introduction
Kernow Connect is a secure platform for managing EOTAS packages and family budgets. We host and manage Kernow Connect on behalf of clients (such as local councils or education authorities) who process data for their own service users. We act as a Sub-Processor, handling data strictly under the written instructions of our clients (Processors), who are contracted by Data Controllers such as councils or organisations.
2. Data Controller and Processor Roles
- The client organisation (such as a local council or education authority) acts as the Data Processor.
- The ultimate organisation or council acts as the Data Controller.
- Kernow Connect acts as the Sub-Processor, providing hosting, infrastructure, and application management services.
3. Categories of Data Processed
The Kernow Connect platform may process the following categories of personal data:
- Identifiers such as names, email addresses, family names, and user IDs
- Financial information including receipts, invoices, bank statements, amounts, dates, and supplier information
- Location data such as postcodes for mileage journey calculations
- Authentication and access records (magic link authentication)
- Communication data including comments and messages between families and coordinators
- Usage data including device information, session information, and error logs
We do not collect or process special category data directly unless required by the Controller via client systems.
4. Purpose of Processing
Data is processed solely to provide software functionality, hosting, and maintenance. This includes:
- EOTAS (Education Other Than At School) package management
- Receipt and bank statement processing and storage
- OCR (Optical Character Recognition) text extraction from receipts
- Mileage tracking and route visualization
- System access, authentication, and user management
- Communication facilitation between families and coordinators
- Budget tracking and financial reporting
We do not use any client data for independent analytics, profiling, or marketing.
5. Data Subject Rights
Individuals whose data is processed within Kernow Connect have the following rights under UK GDPR:
- Right to access their personal data
- Right to rectification of inaccuracies
- Right to erasure, restriction, or objection (where applicable)
- Right to data portability
- Right to object to certain types of processing
- Right to withdraw consent (where consent is the legal basis)
Requests must be submitted to the Data Controller responsible for the data (typically your local council or education authority).
6. Security Measures
We implement appropriate technical and organisational measures to safeguard data, including:
- Encryption at rest and in transit (bank-level encryption)
- Role-based access control and Row Level Security (RLS) policies
- Magic link authentication (no passwords to compromise)
- Audit logging and monitoring
- Regular security audits and updates
- Breach response procedures and incident management
- Secure file upload validation and scanning
- Family-based data isolation
7. Contact
For privacy or data protection enquiries, contact:
Kernow Connect
17 Green Lane, Penryn, Cornwall, TR10 8QQ
Email: info@jhpdev.co.uk
Website: kernowconnect.co.uk
8. Complaints and Regulatory Authority
If you have concerns about how your data is handled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
This Privacy Notice is reviewed annually or upon material change in processing or infrastructure. Kernow Connect (operated by JHPDev Ltd) operates in compliance with UK GDPR and the Data Protection Act 2018.