PRIVACY POLICY

Who are we and what do we do?

This website, www.evidencebased.education and any of its subdomains, as well as www.greatteaching.com and any of its subdomains (e.g., toolkit.greatteaching.com), are owned and operated by INJ Associates Ltd, trading as Evidence Based Education. We provide professional development programmes and school improvement services in the areas of education research, evaluation and assessment.

 

Important information about us

We are registered with the Information Commissioner’s Office as a data controller and, as such, we are committed to protecting your privacy. We take our responsibilities to secure your personal information very seriously. Personal information means any information about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous information). Under the UK General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018 we follow strict security procedures in the storage and disclosure of information which you give to us. Our Privacy Policy applies only to information that we obtain from you via the website www.evidencebased.education and / or from any of its subdomains, as well as www.greatteaching.com and any of its subdomains (e.g., toolkit.greatteaching.com).

In using the website, you consent to the collection and use of your personal information in the ways set out in the Privacy Policy. The website complies with all UK national laws and requirements for user privacy. Should you have any questions about the privacy policy, please contact us at this page, or by post to 1 Grange Crescent, Sunderland, SR2 7BN.

If you contact the owners of this website, you do so at your own discretion and any personal details are given at your own risk.

If you visit a website operated by a third-party through a link included on our website, that website may have different privacy and security policies. We do not have control over any websites other than our own and take no responsibility for information given to any other website.

 

The information we may collect about you

When using this website, you may be asked to enter information about yourself for a specific reason and by doing so you are consenting to our use of that information. The purpose for collecting this information will be made clear.

The type of personal information we may collect about you includes:

 

How we may use your personal information

The information you provide to us when using this website may be processed for the following purposes:

 

Further information about booking a place at an event, or an online or in-person course

We arrange and run both online and in-person courses and events. As part of this process, contact details will be taken so that we can be in touch regarding the event and if a booking is made for an in-person event, dietary requirements and access provisions may be required.

Our purpose for collecting personal information in this regard is to arrange and facilitate the event and to provide our customers with an acceptable service. The legal basis we rely on for processing this personal data is consent under Article 6(1)(a) of the UK GDPR. When we collect any information about dietary or access requirements we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.

Should the course be fully booked, we’ll let you know and hold your details on a reserve list in case a place becomes available. If you are allocated a place at an event, we’ll then ask for information about any dietary/access requirements. We don’t share this information in any identifiable way with the venue, and we delete it after the event. We don’t publish delegate lists for events.

We may sometimes charge a fee to attend or to sign up to an event. See below for details for more information on this.

By entering information about yourself, you accept that we may retain your information for a period no longer than is necessary for the given purpose, however the retention period can differ based on the type of information processed. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process it and whether we can achieve those purposes through other means, and any applicable legal requirements.

The information may be held with us or any third-party company with whom we have a contract to process information on our behalf. For further information please refer to the Privacy Policy of the individual third-party company via the links attached.

We will not share your information with any third-parties for the purposes of direct marketing.

All personal information is kept private and is held securely until it is no longer required or has no use, at which point it will be destroyed or deleted by secure means in accordance with Data Protection legislation.

 

Third-party processors are used for the following purposes:

Web hosting

We use two third-party processors, DigitalOcean and Amazon Web Services (AWS), to host our websites. User and personal data pertaining to website access and user accounts are stored on these servers, and the legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the UK GDPR.

You can read Digital Ocean's and AWS's data processing agreements using these links.


Automated emails

We use a third-party processor, Mailgun, for the purpose of sending automated emails. Participants on our online courses provide their name, email address and school name if applicable in order to facilitate access to the course and to provide an acceptable service. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the UK GDPR.

You can read Mailgun’s ‘GDPR Email Compliance’ information here.

 

Email newsletter subscription

We operate an email newsletter program. A visitor to the website can opt in to the newsletter through an online form should they so choose. Our newsletter and other forms are provided by Hubspot.

By completing these forms to opt in to our newsletter or to receive downloadable content access, you will be required to enter your name and email address. Each form will outline the uses of the data collected in compliance with UK GDPR and you are able to unsubscribe or amend your subscription at any point.

Hubspot is used to store our mailing list subscriptions as well as providing the platform for all our online support. Some subscriptions may be manually processed through prior written agreement with the user.

The legal basis we rely on for processing your personal information in this regard is your consent under article 6(1)(a) of the UK GDPR.

You can read Hubspot’s Data Processing Agreement here for further information.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the General Data Protection Regulation.

Email marketing campaigns may contain tracking facilities within the actual email. Such tracked activity may include, but may not be limited to, the opening of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to refine future email campaigns and supply you with more relevant content based around your activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated unsubscription system is unavailable, clear instructions on how to unsubscribe will be detailed instead. This means that you have the right to withdraw your consent, or to object to the processing of your personal information for this propose at any time. If you do that, we’ll update our records immediately.

 

Access to our online courses

Our online courses are hosted on an online platform called Thinkific. Thinkific is therefore a third-party processor for this purpose. Should you choose to register for a course, you agree to give your name and email address for the purpose of accessing and enrolling on the course. The legal basis we rely on for processing your personal information in this regard is contract under article 6 (1) (b) of the UK GDPR.

You can read Thinkific’s Data Processing Addendum here for further information.

 

Discussion feature in online courses

We use a discussion feature within our online courses. This feature provides a place for discussion and debate as well as a means of sharing experiences and asking questions of fellow participants. This feature is provided by Disqus and as such Disqus is a third party processor for this purpose. The legal basis we rely on for processing personal information in this regard is consent under Article 6(1) (a) of the UK GDPR.

You can read Disqus’s Data Processing Agreement here for further information.

 

Product management, design and innovation

We work with Ignio Ltd, a third-party company to help develop our online courses and Great Teaching Toolkit experience. Ignio may process your information for the purposes of ongoing course and platform improvements or course interactions, e.g., creating and delivering your course completion certificates. The legal basis we rely on for processing personal data for these reasons is legitimate interests under article 6 (1)(f) of the UK GDPR, and we have a data sharing agreement with Ignio that outlines the process in more detail, including storage, deletion and the types of personal data collected.

You can read Ignio’s Privacy Policy here for further information.


Development of the Great Teaching Toolkit software

We work with Aircury to develop the software and tools for the Great Teaching Toolkit. Aircury may process users’ information for the purposes of platform developments or improvements. The legal basis we rely on for processing personal data for these reasons is legitimate interests under article 6 (1)(f) of the UK GDPR, and we have a data sharing agreement with Aircury that outlines the process in more detail, including storage, deletion and the types of personal data collected.

You can read Aircury’s Privacy Policy here for further information.


Subscription management for the Great Teaching Toolkit

We use ChargeBee to help manage your Great Teaching Toolkit subscription and access. The personal information needed for this purpose may include: the school or college admin’s name and contact information, the school or college address and payment/invoicing details. The legal basis we rely on for processing personal data for these reasons is legitimate interests under article 6 (1)(f) of the UK GDPR.

You can read Chargebee’s Data Processing Addendum here for further information.


Surveys and tools for the Great Teaching Toolkit

We use Typeform to deliver some of the surveys and tools contained in the Great Teaching Toolkit. The personal information used for this purpose may include a pseudonymised user’s unique identifier, and answers to any surveys. The legal basis we rely on for processing personal data for these reasons is legitimate interests under article 6 (1)(f) of the UK GDPR.

You can read Typeform’s Privacy Policy here for further information.

 

Web-based integration service

We use Zapier, which is a web-based integration service as a third-party processor of data for the purpose of connecting and integrating applications. The personal information needed for this purpose can be participant name, email address, address or invoicing and/or payment details. The legal basis we rely on for processing personal data for this purpose is contract under article 6 (1) (b) of the UK GDPR.

You can read Zapier’s Data Processing Addendum here for further information.


Credit and debit card payments

All credit and debit card payment services are provided by a third-party processor, Stripe. These services are encrypted using our own, and Stripe’s own, SSL certificates. You can identify this security by the green padlock usually found in the URL bar of your browser. We do not store any of your payment information. The legal basis we rely on for processing personal data for making online payments is consent under Article 6(1)(a) of the UK GDPR at the point at which payment card details are given for the specific purpose of paying for one of our products online.

You can read Stripe’s Data Processing Addendum here for further information.

 

Invoicing and billing

For invoicing and billing purposes we use Xero which is a third-party processor. The personal information needed for this purpose is the customer name and address, email address and name and email address of the customer contact. Our purpose for collecting personal information during the fee payment process is so that we can contact you about your fee payment or about any other queries relevant to the payment process. The legal basis we rely on for processing personal data in this regard is consent under Article 6(1)(a) of the UK GDPR.

You can read Xero’s Data Processing Addendum here for further information.


Registering for a webinar

We arrange webinars that we think may be of interest and of benefit to our customers. For this purpose we may use Microsoft Teams as a third party processor. If you choose to register for one of them, you will be asked to provide your contact information. Our purpose for collecting this information is so that we can facilitate the event, provide access to it and provide an acceptable service.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the UK GDPR.

We do not publish delegate lists for webinars.

You can read Microsoft Teams’ Data Protection Addendum here.


Your rights

Under Data Protection legislation you have the following rights:

  1. You have a right to be informed about the collection and use of your personal information. Everything you need to know should be contained within our Privacy Policy but if there is anything more you need to know then please get in touch.
  2. You have a right to access the personal information we hold about you. This is commonly known as a ‘subject access request’ or SAR and should be made in writing and either emailed to us or sent to our postal address. This would normally be dealt with within one month of receiving it however it can take longer if it is a complex request.
  3. You have a right to challenge the accuracy of the information held about you. This is known as the right to rectification and can be used if the information is either inaccurate or incomplete.
  4. You have a right to get your information deleted or disposed of and this is sometimes known as the right to erasure or the right to be forgotten.
  5. You have a right to limit the way an organisation uses your personal information if you are concerned about its accuracy or you have a concern about how it is being used. This is known as the right to restriction.
  6. You have a right to get a copy of the information held about you from us in an accessible and machine-readable way. This is known as the right to data portability.
  7. In certain circumstances, you may have the right to object to the use of your personal information for a particular purpose or purposes.
  8. Where we are relying on your consent as our legal basis for using your personal information, you have a right to withdraw your consent at any time. Should you choose to do this, we will update our records immediately to reflect your wishes.
  9. You have certain rights relating to automated decision making and profiling.
  10. You have the right to raise a concern with us should you have any query about how we are handling your personal information. Our contact details can be found under ‘Important information about us’ at the top of this page.

You can access further information relating to your rights from the Information Commissioner’s Office or your local Citizen’s Advice Bureau.

It is important that the information we hold is kept accurate and up to date. Should there be changes to any information that we hold change please let us know.

 

Use of cookies

This website uses cookies to improve user experience while visiting the website. Cookies are small files saved to visitors’ hard drives that track, save and store information about user interactions and usage of the website. This allows us to provide you with a tailored experience within this website. Cookies typically expire after 30 days, and no personal information is collected. This website uses a cookie control system, allowing you on your first visit to the website to allow or disallow the use of cookies on each device. This complies with recent legislation requirements for websites to obtain explicit consent. If you wish to deny the use and saving of cookies from this website, you should take necessary steps within your web browser’s security settings to block all cookies from this website.

 

Google Analytics

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by a third-party service, Google Analytics, which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone.

You can read Google’s Privacy Policy here for further information: http://www.google.com/privacy.html

 

External links

Although this website only looks to include quality, safe and relevant external links, you are advised adopt a policy of caution before clicking any external web links and do so at your own risk. We cannot guarantee the contents of any externally linked website and cannot be held liable for any damages or implications caused by visiting any external links mentioned.

 

Social media platforms

Communication and engagement through external social media platforms on which we are active are subject to the terms and conditions and privacy policies of each individual social media platform. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. You are advised before using such social sharing buttons that you do so at your own discretion.

 

Shortened links in social media

Through our social media platform accounts, we may share links to relevant web pages. By default, some social media platforms shorten lengthy URLs (web addresses). You are advised to take caution and to exercise good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. We cannot be held liable for any damages or implications caused by visiting any shortened links.

 

We keep our Privacy Policy under regular review to make sure it is up to date, accurate and clear. Any changes will be listed as below. We suggest that you check this page regularly to keep up to date. Your continued use of the website will be deemed to be acceptance of the revised version of the Privacy Policy.

We have reviewed our Privacy Policy in June 2021 and made the following changes:

Prior to this, the policy was last updated in September 2020.