We are always transparent about our policies, and keep them on Github so you can track any changes. To browse the full history of changes, ask questions or suggest ammendments please join us on Github
Assembly is committed to raising the standards of privacy and security applied to the management of education data, and we know our partners share this commitment. Therefore, we have created this Developer Agreement, which sets out a range of commitments that both Assembly and our Third Party Developer partners agree constitute good practice. You should also read this document in conjunction with our Glossary of Terms.
We’ve tried to keep this agreement as readable and user-friendly as possible. We have, however, stuck to some conventional legal document practices (such as capitalisation of ‘You’ and ‘Us’ in relation to each party) where it’s helpful for clarity.
This agreement is between You, a Third Party Developer and Assembly Partner, and Assembly. If you do not, or cannot, agree to these terms you should not use the Assembly platform.
Assembly are committed to providing the highest quality tools for the purposes of education and school improvement. Therefore, with respect to data security and privacy, we will not ask you to accept anything that we ourselves are unable to accept. Like you, we agree to comply with the Data Security and Privacy Pledge below. Our Terms of Service incorporate the standards outlined in the pledge, as well as additional commitments that we make to schools.
As an Assembly Partner, You agree to comply with the following pledge at all times:
Assembly and You both agree to:
Act as Data Processors for schools, who remain the Data Controllers at all times
Process the data received from schools for the purposes of education and school improvement only, and only for those purposes necessary to provide the service explicitly offered to schools
Adhere strictly to the terms of the Data Protection Act 1998 and any future amendments or applicable legislation, including legislation arising from the General Data Protection Regulation (GDPR), which is enforceable from May 2018 onwards
Only store and process the minimum data required to provide our services
Transport and store all personal data originating from schools using modern and best practice encryption technologies. At a minimum, this will include Secure Socket Layers (SSL/TLS) for encrypted data transfer over the internet, encryption of all data at rest, and password-protected identities for all end users
Comply with all Subject Access Requests made against the data stored
Ensure that all staff spending time in schools hold a valid Disclosure and Barring Service certificate
Ensure that all data is held securely, with pseudonymisation where appropriate; take steps to ensure that data is not corrupted or lost; and offer a way of restoring access to data in the event of a physical or technical incident
Only retain data for as long as is required to accurately provide the service explicitly offered to schools
Delete personal data where no longer required to provide the service explicitly offered to schools, or where requested by a Data Controller
Always maintain adequate liability insurance
Audit our services against this pledge periodically and provide evidence of compliance to the other party whenever requested
Report any significant breaches of security to our users, each-other, and the Information Commissioner’s Office (ICO) and other authorities without undue delay and within 72 hours
Make Terms of Service and Privacy Policies clearly, and publicly, available on our websites
Ensure that all employees and subcontractors are aware of, and abide by, this agreement and all applicable Terms of Service and Privacy Policies
Assembly and You both agree NOT to:
Use the school data made available via the Assembly platform for the purposes of advertising or marketing, or for any purpose other than the service explicitly provided to schools, or where agreed by schools on a case by case basis
Transport personal data originating from schools in an unencrypted format
Access, attempt to access, or inspect any data without the Data Controller’s express permission
Claim ownership or exclusive rights over any of the data processed or created as part of services provided to schools
Share information with other third parties except where specifically agreed by schools or where required by law
Change any Terms of Service or Privacy Policies without giving schools the opportunity to opt-out of such changes
As a Third Party App Developer you agree to:
Pass data back to the Assembly Platform securely, and using using modern and best practice encryption technologies, in the event that there is a mutually agreed purpose for you to do so
Ensure that your Assembly account details are kept secure at all times and notify Us of any unauthorised use of your password or account or other breaches of security
As a Third Party App Developer you agree NOT to:
If You do not comply with any part of this agreement, Assembly reserve the right to suspend or terminate Your access to the Assembly platform with immediate effect.
If Assembly terminate Your access to the Assembly platform due to breach of this agreement, You agree to delete all data provided to You through the Assembly platform within three working days.
Assembly reserve all rights in our intellectual property and You may not use our intellectual property (code, trademarks or other material) without Our consent.
Assembly and You both agree:
that no failure or delay to exercise any right or remedy under this agreement or by law shall constitute a waiver of that right or any other right or remedy.
that if any part of this agreement becomes invalid it will be modified to the minimum extent necessary to make it valid. If Assembly cannot agree this with you, the relevant provision shall be deleted. Any modification to or deletion of a provision shall not affect the validity of the rest of the agreement.
that any dispute or claim arising out of or relating to this agreement that cannot be resolved by negotiation within 14 days shall be resolved through arbitration. Either party shall give notice of seeking a resolution through arbitration using the CEDR procedure and English law. Either party may seek an interim remedy in court if necessary.
that any dispute or claim arising out of or relating to this agreement shall be governed by the law of England and that the courts of England shall have exclusive jurisdiction provided that Assembly can take action in other places if You are in breach of this agreement
that products, services and communications must not:
You accept that you will maintain and support any applications You develop which are provided through the Assembly platform.
You accept that Assembly is provided to You on an “as is” and “as available” basis. The Assembly platform is provided to You without guarantees or warranties. Assembly makes no guarantee that the website, the platform or any of our tools are error free or that access will be continuous or uninterrupted.
Assembly shall not, under any circumstances, be liable to You, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with this agreement for: loss of profits, sales, business, or revenue (direct or indirect); business interruption; loss of anticipated savings; loss or corruption of data or information; loss of business opportunity, goodwill or reputation; or, any indirect or consequential loss or damage. Assembly are not excluding liability for death or personal injury caused by negligence, breach of any implied term and any other matter for which it would unlawful to exclude liability.