Who are we and what do we do?
This website, www.evidencebased.education and any of its subdomains (e.g., alp.evidencebased.education) are owned and operated by INJ Associates Ltd, trading as Evidence Based Education. We provide professional development programmes and consultancy services in the areas of education research, evaluation and assessment.
Important information about us
If you contact the owners of this website, you do so at your own discretion and any personal details are given at your own risk.
If you visit a website operated by a third-party through a link included on our website, that website may have different privacy and security policies. We do not have control over any websites other than our own and take no responsibility for information given to any other website.
The information we may collect about you
When using this website, you may be asked to enter information about yourself for a specific reason and by doing so you are consenting to our use of that information. The purpose for collecting this information will be made clear.
The type of personal information we may collect about you includes:
- Identity Information – which includes your first and last names or username, or the name of the nominated billing contact where relevant
- Contact Information – which includes your email address, telephone number, your school name and address, your nominated billing address and email address where relevant
- Financial Information – card payments are handled through a third-party processor (see below)
- Transaction Information – includes details about payments from you
- Technical Information includes IP address and login data on the devices you use to access the site
- Profile Information – includes username and purchases or orders made by your school
- Usage Information – includes information about how you use our website and services
How we may use your personal information
The information you provide to us when using this website may be processed for the following purposes:
- To keep you informed of relevant news, products and services
- To assist in answering any queries you may have submitted
- To subscribe you to an email newsletter
- To book a place at an event run by Evidence Based Education
- To register and/or pay for a course (online or in-person) run by Evidence Based Education
- To register for a webinar
- To perform statistical analysis of the use of the website
- To assist us with product development and research
Further information about booking a place at an event, or an online or in-person course
We arrange and run both online and in-person courses and events. As part of this process, contact details will be taken so that we can be in touch regarding the event and if a booking is made for an in-person event, dietary requirements and access provisions may be required.
Our purpose for collecting personal information in this regard is to arrange and facilitate the event and to provide our customers with an acceptable service. The legal basis we rely on for processing this personal data is consent under Article 6(1)(a) of the GDPR. When we collect any information about dietary or access requirements we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.
Should the course be fully booked, we’ll let you know and hold your details on a reserve list in case a place becomes available. If you are allocated a place at an event, we’ll then ask for information about any dietary/access requirements. We don’t share this information in any identifiable way with the venue, and we delete it after the event. We don’t publish delegate lists for events.
We may sometimes charge a fee to attend or to sign up to an event. See below for details for more information on this.
By entering information about yourself, you accept that we may retain your information for a period no longer than is necessary for the given purpose, however the retention period can differ based on the type of information processed. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process it and whether we can achieve those purposes through other means, and any applicable legal requirements.
We will not share your information with any third-parties for the purposes of direct marketing.
All personal information is kept private and is held securely until it is no longer required or has no use, at which point it will be destroyed or deleted by secure means in accordance with Data Protection legislation.
Third-party processors are used for the following purposes:
We use a third-party processor, Mailgun, for the purpose of sending automated emails. Participants on our online courses provide their name, email address and school name if applicable in order to facilitate access to the course and to provide an acceptable service. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.
You can read Mailgun’s ‘GDPR Email Compliance’ information here: https://www.mailgun.com/gdpr/
Email newsletter subscription
We operate an email newsletter program. A visitor to the website can opt in to the newsletter through an online form should they so choose. Our newsletter and other forms are provided by Hubspot.
By completing these forms to opt in to our newsletter or to receive downloadable content access, you will be required to enter your name and email address. Each form will outline the uses of the data collected in compliance with GDPR and you are able to unsubscribe or amend your subscription at any point.
Hubspot is used to store our mailing list subscriptions as well as providing the platform for all our online support. Some subscriptions may be manually processed through prior written agreement with the user.
The legal basis we rely on for processing your personal information in this regard is your consent under article 6(1)(a) of the GDPR.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the General Data Protection Regulation.
Email marketing campaigns may contain tracking facilities within the actual email. Such tracked activity may include, but may not be limited to, the opening of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to refine future email campaigns and supply you with more relevant content based around your activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated unsubscription system is unavailable, clear instructions on how to unsubscribe will be detailed instead. This means that you have the right to withdraw your consent, or to object to the processing of your personal information for this propose at any time. If you do that, we’ll update our records immediately.
To access our online courses
Our online courses are hosted on an online platform called Thinkific. Thinkific is therefore a third-party processor for this purpose. Should you choose to register for a course, you agree to give your name and email address for the purpose of accessing and enrolling on the course. The legal basis we rely on for processing your personal information in this regard is contract under article 6 (1) (b) of the GDPR.
Discussion feature in online courses
We use a discussion feature within our online courses. This feature provides a place for discussion and debate as well as a means of sharing experiences and asking questions of fellow participants. This feature is provided by Disqus and as such Disqus is a third party processor for this purpose. The legal basis we rely on for processing personal information in this regard is consent under Article 6(1) (a) of the GDPR.
Design and innovation
We work with Ignio Ltd, a third-party design and innovation company to help develop our online course experience. Ignio may process your information for the purposes of ongoing course improvements or course interactions e.g. creating and delivering your course completion certificates. The personal information needed for this purpose is the participant name, school and course completion data. The legal basis we rely on for processing personal data for certificate creation and shipping is for legitimate interests under article 6 (1)(f) of the GDPR.
Web-based integration service
We use Zapier, which is a web-based integration service as a third-party processor of data for the purpose of connecting and integrating applications. The personal information needed for this purpose can be participant name, email address, address or invoicing and/or payment details. The legal basis we rely on for processing personal data for this purpose is contract under article 6 (1) (b) of the GDPR.
Credit and debit card payments
All credit and debit card payment services are provided by a third-party processor, Stripe. These services are encrypted using our own, and Stripe’s own, SSL certificates. You can identify this security by the green padlock usually found in the URL bar of your browser. We do not store any of your payment information. The legal basis we rely on for processing personal data for making online payments is consent under Article 6(1)(a) of the GDPR at the point at which payment card details are given for the specific purpose of paying for one of our products online.
Invoicing and billing
For invoicing and billing purposes we use Xero which is a third-party processor. The personal information needed for this purpose is the customer name and address, email address and name and email address of the customer contact. Our purpose for collecting personal information during the fee payment process is so that we can contact you about your fee payment or about any other queries relevant to the payment process. The legal basis we rely on for processing personal data in this regard is consent under Article 6(1)(a) of the GDPR.
To register for a webinar
We arrange webinars that we think may be of interest and of benefit to our customers. For this purpose we may use GoToWebinar or Microsoft Teams as a third party processor. If you choose to register for one of them, you will be asked to provide your contact information. Our purpose for collecting this information is so that we can facilitate the event, provide access to it and provide an acceptable service.
The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.
We do not publish delegate lists for webinars.
You can read Microsoft Teams’ Privacy Information here: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy
Under Data Protection legislation you have the following rights:
- You have a right to access the personal information we hold about you. This is commonly known as a ‘subject access request or SAR’ and should be made in writing and either emailed to us or sent to our postal address. This would normally be dealt with within one month of receiving it however it can take longer if it is a complex request.
- You have a right to challenge the accuracy of the information held about you. This is known as the right to rectification and can be used if the information is either inaccurate or incomplete.
- You have a right to get your information deleted or disposed of and this is sometimes known as the right to erasure or the right to be forgotten.
- You have a right to limit the way an organisation uses your personal information if you are concerned about its accuracy or you have a concern about how it is being used. This is known as the right to restriction.
- You have a right to get a copy of the information held about you from us in an accessible and machine-readable way. This is known as the right to data portability.
- In certain circumstances, you may have the right to object to the use of your personal information for a particular purpose or purposes.
- Where we are relying on your consent as our legal basis for using your personal information, you have a right to withdraw your consent at any time. Should you choose to do this, we will update our records immediately to reflect your wishes.
- You have certain rights relating to automated decision making and profiling.
- You have the right to raise a concern with us should you have any query about how we are handling your personal information.
You can access further information relating to your rights from the Information Commissioner’s Office or your local Citizen’s Advice Bureau.
It is important that the information we hold is kept accurate and up to date. Should there be changes to any information that we hold change please let us know.
Although this website only looks to include quality, safe and relevant external links, you are advised adopt a policy of caution before clicking any external web links and do so at your own risk. We cannot guarantee the contents of any externally linked website and cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social media platforms
Communication and engagement through external social media platforms on which we are active are subject to the terms and conditions and privacy policies of each individual social media platform. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. You are advised before using such social sharing buttons that you do so at your own discretion.
Shortened links in social media
Through our social media platform accounts, we may share links to relevant web pages. By default, some social media platforms shorten lengthy URLs (web addresses). You are advised to take caution and to exercise good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. We cannot be held liable for any damages or implications caused by visiting any shortened links.
- Inclusion of the definition of personal information and detail of the type of personal information we may collect
- Changes to our use of third-party processors – including Typeform no longer used and the use of Mailgun and Microsoft Teams. Links to the relevant Privacy Policies are included
- Inclusion of statement relating to retention periods
- Inclusion of detailed information of website user’s/customer’s rights under Data Protection legislation
Prior to this, the policy was last updated in August 2019.