What data do we store about you?

Why we store this data

The information we collect and store about you is the minimum amount of data required to allow you to utilise the PebblePad services.

Where we store the data and how it's kept safe

How long we keep the data for?

How is data destroyed?

Individual user data is removed using standard OS and database calls, this happens 30 days after the account is marked for deletion. Provisioned storage containing sensitive data is wiped using the DoD 5220.22-M sanitising method before being returned to cloud storage pools if it is no longer required.

What you can ask us about your data

All requests relating to data we hold about you should be directed to datasecurity@pebblepad.co.uk.

Requesting the removal of the data we hold about you

If you access PebblePad through your university or another organisation:

  1. Contact your PebblePad administrator and request for your data to be removed.
  2. Your organisation will then notify us of the request and it will be treated as a priority.
  3. Upon receiving your request, we will create an inventory of all data we hold in connection with you. This will include: PebblePad user account details, all assets created or collaborated upon, submitted work, shared assets, information in logged files, support tickets, information in marketing databases.
  4. The inventory is then presented to your institution and they will enter into a conversation with you about the implications of deleting this data.
  5. Following an agreement between you and your organisation, we will remove all data required as a priority.
  6. Finally, we will notify all parties when the removal is complete.

If you access PebblePad through a Personal or Alumni account:

  1. Please contact us at datasecurity@pebblepad.co.uk to request that the data we hold about you is removed.
  2. After receiving your request, we will create an inventory of all data we hold about you and share this with you.
  3. If after viewing the inventory you still want us to delete the data then you will need to confirm via email. Once we have received consent to delete your data, we will remove it without delay and notify you when the process is complete.

Last updated: 03 March 2018