Terms & Conditions

The Kit Room refers to equipment store within the Creative Media department at Nescot. Only current Nescot Creative Media students and employees are able to book equipment and studios from the Kit Room.

You should check all equipment borrowed from the Kit Room before taking it away. Once the equipment leaves the Kit Room, you are responsible for the replacement or repair cost of any part of the equipment that is lost or damaged. You must ensure that all the equipment listed is present in the bag or case before you leave the Kit Room. If there are any issues with the equipment, bring this to the attention of the tutor or tutor demonstrator that has given the equipment to you. Repair and replacement costs are evaluated on a case-by-case basis and will be sent to you (and/or your legal guardian if relevant). Any faults that occur or damaged that is caused to equipment should be reported as soon as possible to a tutor or via email to kitroom@nescot.ac.uk.

You must not use the equipment/facilities in a way that breaches any Nescot guidelines, policies, regulations or brings Nescot into disrepute. Student users are not permitted to use this equipment for profit or private use. Equipment must be collected and returned during the time slots selected at the time of booking. You may request to change the collection and return dates with at least one working days’ notice; this will be evaluated on a case-by-case basis and acceptance depends on other bookings for the equipment.

The Kit Room reserves the right to cancel any bookings at any time, as well as requesting the return of currently booked equipment.

Equipment booked from the Kit Room can not be taken outside of the United Kingdom.

Failure to return the equipment to the Kit Room at the date and time confirmed in your booking will result in a fine of £5 per day. Fines are automatically issued by the Siso Smarthub system and will be outlined in an email sent to your student email address. Details of any fine may be sent to your parent or legal guardian if relevant. If you do not collect your booking on time, it may be cancelled, in which case you will have to make a new booking.

Equipment that is returned poorly packed, wet or dirty will incur a £5 fine per item. You will be charged for the repair or replacement cost of any equipment that is damaged due to negligence or misuse.

If you believe you have been issued a fine in error, contact kitroom@nescot.ac.uk.

You will not be able to collect or create any bookings while you have an outstanding balance.

If any equipment is stolen it should be immediately reported to the Kit Room via email at kitoom@nescot.ac.uk or phone at 020 8394 1731. The Kit Room can provide the serial numbers, make and model information, which you should include in a report made to the local police of where the theft took place.

Equipment should be kept secure at all times while in your possession. It should never be left unattended in a vehicle, regardless of whether it is locked. You may be liable for the full cost of replacement for any equipment stolen while left unattended or unsupervised. A tutor or tutor demonstrator can help you leave your equipment in a secure location on college premises during your booking.

Your tutor will inform you if a risk assessment is necessary for your booking. Risk assessments can be created before or after you create your booking. Risk assessments should be created on Siso website. If you need any assistance with this, you should contact a tutor, tutor demonstrator or kitroom@nescot.ac.uk. The risk assessment should be accurate and up to date. A complete risk assessment does not absolve you from your responsibilities and liabilities under UK law. By completing the Risk Assessment, you are confirming that you have assessed all the risks involved in your activity as far as possible and will take any and all measures to eliminate and manage any risks present, or which may subsequently arise, whilst involved in producing work using Nescot's equipment. You confirm that you have discussed your activity and risks with your tutor and accept full legal responsibility to ensure the health and safety of all persons affected by your actions and the actions of those directly and indirectly involved. Nescot tutors and tutor demonstrators reserve the right to cancel your booking if a risk assessment is incomplete, or if the risk involved is deemed to be too high. The Kit Room reserves the right to ban users from booking equipment if it is learned that risk assessments have been completed inaccurately.

Studio spaces should be checked before you start using them to ensure that they are in the order and condition outlined at the point of booking. Any issues should be reported to the Kit Room before you begin using the space. You need to be trained in the studio spaces before you can book them. You should not operate any equipment you are not familiar with. Students are not permitted to adjust any equipment which is rigged on the ceiling of studio spaces, this includes the use of ladders. You must return all facilities to their original condition at the end of your session. You must check in to your facilities within 15 minutes of the start of your booking. You must vacate facilities by the time that your booking ends. Failure to comply may result in a fine or ban from booking further equipment or rooms. The person who made the booking for the studio is responsible for the studio and the equipment within it for the duration of the booking. Any damage caused should be reported immediately. Studios should be secured while unattended, a tutor, tutor demonstrator or Kit Room staff can lock the room for you. If damage is caused by a third party during your booking should be reported to a tutor immediately. You remain responsible for any other people you invite into the studio space while it is booked.

Should you become ill during your booking you should inform your tutor and the Kit Room ASAP. We will not issue fines if you are unable to return your kit due to illness unless you fail to contact us. This allows us to make arrangements for other future bookings which may be impacted. In the event of a long-term illness, the Kit Room may make arrangements to collect the kit if it is safe to do so. The Kit Room may validate any reported illness reports with a tutor or a team from wider college.

Siso is committed to respecting the privacy and data protection rights of its clients and users of our services. This document, therefore, sets out Siso’s data protection compliance, to provide the assurances to our clients and prospective clients that we take such compliance seriously and to address some of the common questions we are asked about our company and services, with regards to the protection of personal data.

Siso is governed by UK data protection laws which include the General Data protection Regulation (GDPR) and the UK’s implementation thereof, the Data Protection Act 2018 and any subsequent data protection law introduced in the UK. Throughout this statement terms like “personal data”, “processing”, “data subject”, “data controller” and “data processor” have the same meaning as defined in UK data protection legislation.

As a UK company, Siso are committed to ensuring our business, services and internal processes are GDPR compliant, that we continue to maintain that compliance and ensure it meets the full requirements of the law. We are also committed to safeguarding any personal data we process on behalf of our clients and apply the same compliance standards to our clients’ data, as we do our own.

•We check all our systems and processes to ensure they meet the requirements of GDPR, particularly in terms of ensuring appropriate technical and organisational measures are in place to ensure the security of our clients’ data at all times.

•We do not allow all members of staff to access client data and what access is available, is limited to specific circumstances

•Our staff are trained in GDPR compliance and understand their responsibilities for managing the systems that process our clients’ personal data

•We have internal policies which set out the data protection responsibilities across the whole of our business

•We only process data that is inputted into our systems by our clients. It is our client’s responsibility to ensure it is lawful for them to process the data in the way our systems allow

•We have implemented the appropriate contractual obligations required by Article 28 of the GDPR (in our terms of service and accompanying documentation)

When a client’s data is placed on our servers, the client is the Data Controller and Siso, the Data Processor. We only use the data our client provides to us for the purposes of delivering the services and only as agreed in any terms and data processing agreements that have been signed.

We do not use our client’s data in any way other than to provide the agreed services. We do not share any client data with third parties unless required to do so by law. Where law enforcement or other authorised parties request access to the data we store on our servers, we follow strict internal policies for dealing with such requests. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.

This will depend on the client’s requirements and the service used, but typically login credentials (name, email address) for users and admin staff. Given the nature of our services it is unlikely we will ever be needed to process special category data.

Data will be inputted into our service via import routines, importing data from the client or manually inputted by the client’s admin member of staff.

Our clients’ data is stored on our own dedicated servers, hosted by Webcore at a Viatel Data Centre in Dublin. No data is stored or transferred outside the EEA.

For our customers based in the UK, storing and processing customer data within the EEA does not require any additional controls, other than those set out in our SAAS Agreements and Data Processing Agreement.

For our EU customers we have implemented the Standard Contract Clauses (SCC) for non-EEA data transfers as part of our Data Processing Agreement. Whilst customer data itself will be hosted within the EEA (in Dublin), as we are a UK business and in some very rare cases may need to access our database, it is important that the SCC are included in our agreements.

Our Managing Director has ultimate responsibility for ensuring appropriate information security standards are applied to the technology we use and the services we provide.

Only limited members of our staff have access to our client’s data and no other third-party will have access. We do not share our client’s data with any third-party unless required to do so by law.

Our services run on privately tenanted hardware with each client’s system using separated databases and code.

Servers are a LAPP stack in a dedicated hardware VM environment utilising vMotion and running Linux / Apache / PostgreSQL / PHP.

We can provide our clients with server diagrams and details of the Webcore infrastructure, if required.

We have three main first line security measures in place across our infrastructure:

All our employees keep up to date with all technical aspects of security and ensure the ongoing security of our systems. This means that any security patches are applied to our systems as a matter of priority (and some automatically).

We continually monitor our servers for suspicious activity. Any issues identified are fixed accordingly with the utmost priority.

Any changes or updates to our own systems are done so, always, with data protection and privacy in mind and where appropriate, in discussion with our clients.

•Ubuntu Unattended security patching (with email notification before rebooting)

•No cPanel or similar admin tools installed so hackers cannot exploit GUI and backend tools

•We carry out vulnerability testing from time to time and can be tested by our clients

Furthermore, only two people (company directors) within our organisation have direct access to the database that stores your data. There are strict security protocols in place to limit access to the database for maintenance purposes plus the databases themselves, can only be accessed from within our offices (no remote access is possible).

Any such access, which takes place outside the EEA is covered by the SSC included as part of the Data Processing Agreement for EU customers.

All access to our services is via https Secure Socket Layer (SSL) connections ensuring access to the systems via a web browser is encrypted.

Accounts on our systems are accessible either via our clients’ central login services or via a local system login. If a local login option is chosen the password must be a minimum of 8 characters with at least one UPPERCASE, one lowercase and one number.

Generally speaking, our services are accessible from anywhere, unless specified otherwise by our clients. This includes being able to limit admin access to their place of work, whilst users are able to access from anywhere.

Backups are carried out on a 21-day rolling backup cycle and are stored in a secure location and encrypted. Only Siso has access to these backups from within our offices.

In terms of disaster recovery, we make use of internal VMWare solutions which we test quarterly, with backups every night and snapshots taken throughout the day. We also take backups of the server settings, code and database outside the VMWare environment. So, if there is a server outage we can easily migrate from the failing server or recover from the backups.

All Siso employees are trained and made aware of their responsibilities under GDPR. This includes their responsibilities with regards to access, security and processing of personal data made available by our clients through the use of our systems.

Security and data governance are covered in our employee handbooks and actively discussed as part of quarterly meetings to ensure all staff are up to date.

Only our employees have access to our working offices. Our clients’ data are stored on servers only accessible from our offices. Our servers are managed by Webcore and only Webcore staff can access the servers physically.

Siso does not use any third-party processors or services for the purposes of processing the data as part of our service.

•Webcore for the maintenance of our servers, but they have no access to any data. We do not have access to the servers ourselves, this is managed by Webcore

•Our servers are hosted in Viatel’s secure Data Centre (see http://www.viatel.com)

Should our approach to any aspect covered by this statement change we will make sure, where a client’s data is impacted, we will notify our clients within a reasonable timeframe.

In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention.

Our approach to our own compliance also helps our clients comply with their own GDPR compliance requirements. This statement should go some way to explain our approach to GDPR compliance. By using our services, clients can be assured their use is GDPR compliant.

Any questions, queries or requests for further information regarding our GDPR compliance should be sent to:

Your name, ID number, University email address, course, course ID and year will be used within Siso’s database for the purpose of creating bookings and sending notifications.

Your Siso account will be deleted after 1 year of inactivity. After this point booking data will be kept but all sensitive data will be obfuscated.

If no booking, training, or risk assessment activity has taken place for 3 years, your account will be deactivated.

For any additional information about Nescot’s Data Protection policy, please contact dataprotection@nescot.ac.uk

YOU ARE NOT PERMITTED TO HIRE EQUIPMENT ON BEHALF OF, LOAN OR SUB HIRE EQUIPMENT TO ANOTHER USER – BY TICKING THE BOX YOU ARE AGREEING THAT YOU ARE FULLY RESPONSIBLE FOR ANY AND ALL DAMAGE OR LOSS TO THE EQUIPMENT LISTED ON YOUR BOOKING, AND ANY COSTS ASSOCIATED.

WHEN YOU MAKE A BOOKING, YOU WILL BE REQUIRED TO CHECK A BOX STATING THAT YOU HAVE READ AND UNDERSTOOD THESE TERMS AND CONDITIONS AND AGREE TO ADHERE TO THEM. WHEN YOU COMPLETE A RISK ASSESSMENT BY CLICKING ‘SAVE’ AT THE END YOU ARE AGAIN AGREEING TO THE TERMS AND CONDITIONS OF BOOKING.

smarthub terms and conditions of use
As a user of this system registered or otherwise you agree that if for any reason you are unable to use smarthub for the intended purpose then you will contact your store via telephone, email or in person to resolve the problem. Siso Software Limited are not responsible or liable in any way for any errors, damages or any other loss caused by your usage of this system. For the avoidance of doubt this includes any loss howsoever suffered including negligence or fraud except where such negligence causes death or personal injury.