This is the privacy and data ethics policy of the Micro:bit Educational Foundation. It defines how we deal with your information across all our products and services. Any material changes to this policy will be communicated either directly or via a banner update to the site as relevant.
We are committed to keeping your personal data safe and secure, and handling it in accordance with our legal obligations.
We aim to make data collection and removal as simple as possible to ensure privacy.
We work with a range of partners who have their own privacy policies. Relevant policies are detailed here under Third-party websites.
We are passionate about making brilliant products and services. We use data to help us understand which content, products and services are most interesting and useful for our audience. We also use data to help us identify errors and test features. We also use personal data to stay in contact with our audiences.
Audiences - teachers and children
Although we have users of all ages, the BBC micro:bit and the resources provided on this website are designed for those aged between 8-14 and the educators who teach them. We consult with children and educators on a regular basis to help the Foundation design new products, as well as policies on data collection and processing.
The Foundation is based in the UK and subject to GDPR legislation from 25 May 2018. The Foundation is registered with the Information Commissioner’s Office.
Under Article 8 of GDPR legislation (and the UK Data Protection Bill) only children aged 13 or over are able provide their own consent. This age may vary in different nations.
As a responsible global organisation, we therefore request that children under the age of 13 seek consent from whoever holds parental responsibility for the child when using the Foundation services.
Cookies and analytics
The Micro:bit Educational Foundation completes a risk assessment before entering into arrangements with platform partners to ensure their policies are in line with our values and practices. Where these are managed by partners we have linked their privacy policies below.
What are cookies?
Cookies are small files that our website places on your device (computer, tablet or phone). They allow us to distinguish you from other users of our website.
Cookies contain an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored on your device by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either "persistent" or "session": a persistent cookie will be stored by a web browser and will remain valid until its expiry date, unless you delete it; a session cookie, on the other hand, will expire at the end of your session, which is when you close the web browser. We use both of these types of cookie on microbit.org.
What are cookies used for?
Cookies allow us to recognise and count the number of visitors, to see how people move around our website, how long they spend on it and how often they return. Knowing whether you’re visiting for the first time or you’ve been here before helps us work out which features or pages are more popular with you. This lets us improve the way our website works, for example by helping us to ensure that you can easily find what you are looking for. This also helps us create more things on our website that you want to see (and less of what you don’t want). Analytics also tell us which pages on our site were the first and last you visited, which helps us in the same way.
The analytics can tell us where in the world you are and what language you have displayed on your computer. This allows us to focus more on creating exciting content that is relevant to where you live and in your language. As we are committed to users of all backgrounds, we treat all locations the same, so you will see the same content regardless of where you are.
What are IP addresses?
IP (Internet Protocol) addresses are used to identify computers and devices when they are connected. They are numbers, a bit like telephone numbers, assigned to each device on a network (such as your computer at home or in school) that allow devices to communicate with other devices on a computer network (such as printers, other computers or the internet). Your school, work, home or mobile network may also have its own unique external IP address that allows it to communicate with other computers and websites across the internet.
How we support privacy
On our main site (excluding third party subdomains) we support privacy in the following ways:
- We use Google Analytics cookies on microbit.org. Google stores anonymised IP addresses on its servers in the US.
- Neither the Micro:bit Educational Foundation nor Google associate your IP address with any information that can identify you personally. We don’t store personal information such as your name, age or email address in cookies.
- We do not use geo-location data from your device but, as with other websites, we may be able to determine your approximate location from your IP address. See the section below on server logs.
- We only share data with Google for the analytics purposes outlined in this policy.
- Our Google Analytics dashboard can only be accessed by people working for, or on behalf of, the Micro:bit Educational Foundation.
- We may use Google Analytics cookies on our own subdomains such as our Python editor python.microbit.org.
- For more information about Google Analytics cookies see Google’s information about safeguarding your data.
How long are cookies kept?
Analytics cookies are kept on your device for up to two years. See Google’s information on cookie usage for more details. You are in control of your cookies - you can delete them by following the guidance below.
Consent and controlling cookies
Please note that if you block certain categories of cookies some functionality of our website or third party websites such as makecode.microbit.org will be reduced.
Websites like microbit.org need web servers to process all the HTTP requests coming from browsers. Web servers make a note of every request or error in logs. A human or a computer can read these logs and determine:
- Which page and feature of the website is being requested
- The time and date of the request
- The IP address making the request which in turn provides the country where the IP address is located
- The HTTP request code and the response the websever gave(e.g 404 for an error)
- The browser and build version that made the HTTP request
- The operating system and version of the machine making the request
The Foundation web team may look at these internal server logs to fix errors(such as the server being slow or a page being broken). We may use these logs if we think the website is under attack.
We process the data from these logs using analytics software. This assumes that the data isn’t being faked. The software processes the data, essentially counting up all the types of requests. The processed data allows the Foundation to know how the website is being used(popularity of pages or browsers) and from the IP address, we can determine which country or region is making the request.
We never combine this data with any data from any other system. So we never know how you use the website with your unique data provided to the Foundation in 3rd party systems. We also do not use this data to show you content based on a location.(So a student in Edinburgh UK has the same experience as someone in San Paulo, Brazil).
We purge logs to save space and to secure the data on a regular basis.
The Python Editor
The editor at python.microbit.org is hosted and maintained by the Foundation and is subject to this policy. This includes the use of server logs and Google Analytics (as stated above).
Student code, names and related information are communicated between the teacher and students using a Micro:bit Educational Foundation Web service running in Amazon Web Services and a third-party communication service provided by Pusher. All data is transmitted securely via HTTPS. The third-party Pusher service cannot read student names or code. We do not retain the content of the messages. Whenever possible we switch to direct connections between the teacher and students (using WebRTC).
After creating or joining a classroom, a strictly necessary cookie containing a temporary identifier for your session is stored by your browser. This identifier is removed when you sign out or end the classroom session.
Third party web sites
Web sites operated by a third party on our behalf may collect information about you for the purpose of providing you the service. These include:
- The makecode.microbit.org editor, provided by Microsoft. Read their privacy statement and their Student Pledge.
- Our translation system, provided by Crowdin. Read their privacy polic
- Our public repositories hosted on Github. Read their privacy statement.
- We may link to content provided by third parties. These links point to a different website and may open in a new tab.
Mobile and desktop applications operated by a third party on our behalf may collect information about you for the purpose of providing you the service and are subject to their respective app store policies. These include:
The Windows App, provided by Microsoft is hosted on the Microsoft App store and subject to their privacy statement and their Student Pledge
Other Third Parties
We occasionally work with other third parties in ways that require us to share your personal data with them. E.g. if we are conducting research to improve our services with organisations like Discovery. Wherever this is necessary, we will always ask for your consent before sharing any of your data. How third parties manage your data will be subject to their respective privacy policies.
The Foundation is active on a range of public platforms including GitHub, Twitter, Facebook, Instagram, LinkedIn and Slack, and follow their privacy policies. We treat these forums as public. For example, if you say something on Twitter in a public message we might quote you on Facebook, and we might talk to you on Slack about a GitHub pull request.
We may make use of:
to manage our Social Media communications.
do your :bit challenge
The Micro:bit Educational Foundation will only ever use personal details that are sent with a do your :bit entry for the competition and as per the details shared via the terms and conditions. Entries will be shared with challenge partners ('Co-creators' and 'In collaboration with' partners) for judging purposes. These partners are listed on the website.
We will only collect children’s personal data (names) if parental consent is given on the entry form.
All personal details collected in competition entries will be deleted by 30 September 2021, with the exception of where consent has been gained to keep various media for a longer period.
To have your entry and personal data deleted at any time during the competition, please contact email@example.com
Your Personal Data
If you wish to remove your data from any of these systems, please follow the respective instructions. For anything not listed, please open a support ticket
- microbit.co.uk including legacy editors
- Unsubscribe from all Foundation communications sent via mailchimp
Please note further information may be found via the Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to raise any concerns can be found at www.ico.org.uk
the right to be informed about the personal information we hold about you, we do this via this privacy notice and ensuring a breach policy is in place to mitigate the results of a breach and inform you if a breach occurs. If you think a breach has occurred, please contact firstname.lastname@example.org and the data controller (the Head of Operations) will action this information.
the right to access (obtain a copy) of the personal information we hold about you; you may request this via our support desk
the right to have inaccurate information we hold about you rectified; through raising any corrections to us via our support desk
the right to have your data erased or to restrict processing (the right does not apply when there are lawful reasons for the continued processing of the information); also via our support desk
the right to object to your data being used for direct marketing of profiling; via contacting us on the details below
the right to personal data you have provided to us (supplied in a common electronic format) which we process automatically on the basis of your consent or the performance of a contract. Also via raising a ticket on support desk
Questions, complaints or queries
The Foundation is a small, growing organisation. We are always looking to be better. Especially when collecting and using personal information for any individual. For this reason, we take any complaints and suggestions for improvements very seriously. Please contact us: email@example.com