Privacy and data protection
At ImpactEd we work with both schools and education organisations to help them evaluate the impact of their initiatives, interventions and programmes. To do so, we process different types of data. This page covers some common FAQs about privacy and data protection at ImpactEd.

The guidance here is general and specific details may vary from partner to partner - please get in touch with us at support@impacted.org.uk if you have questions relating to how your data is processed.

Jump right to:

1. Security and compliance overview
2. Details on the ImpactEd platform
3. Frequently asked questions
Security and compliance at ImpactEd: overview

To deliver our work helping schools and education organisations better evaluate their impact, we often need to process personal data. We take protecting data very seriously and have in place a number of safeguards to ensure that we are adhering to security and data protection best practices. These include:

  1. All personal data transfer and storage takes place through encrypted services (at least 256-bit SSL/TLS encryption in motion and 128-bit AES at rest).
  2. We process personal data only within the UK or European Economic Area or under equivalent adequacy arrangements approved by the European Commission, unless you have consented otherwise.
  3. We process pupil data only in an anonymised format (i.e. with identifying information such as names removed) unless you have instructed us otherwise.
  4. Once the reason for processing your data has ended, it will be anonymised or deleted.
  5. All team members are in possession of a valid DBS certificate.

ImpactEd is Cyber Essentials Plus certified and registered with the ICO (number: ZA271317).

How exactly we process your data depends on how you partner with us. There are three main ways this might happen:

  1. You are a school that is subscribing to us directly as a school partner.
  2. You are a school that we are working with as part of a wider research project (for example, a tutoring charity that you work with has commissioned us to look at its impact in its partner schools).
  3. You are an education organisation that we are working with directly.

If you have received a data request from ImpactEd and you are unsure of the reason, please get in touch with us at support@impacted.org.uk and a team member will respond within 48 hours.
The ImpactEd platform: security and data protection

Many of our projects take place using the ImpactEd platform. This is a digital platform that makes it easier to monitor and evaluate the impact of any intervention or initiative you might be running in your educational setting.

The ImpactEd platform connects with school information systems such as SIMs through a tool called Wonde. Wonde allows schools to directly share data from their management information systems (MIS) through a secure and encrypted connection. This means that your information is always up to date, you can control the data which is accessed, and you can revoke our access to your data at any time. You can find out more about Wonde's security here.

As well as accessing data from your MIS, the ImpactEd platform can be used to administer questionnaires. Responses to these questionnaires are held directly in the ImpactEd platform. We run these through a tool called Typeform. No personally identifiable information is shared from the ImpactEd platform to Typeform.

The ImpactEd platform is fully secure, compliant with the UK GDPR and Data Protection Act 2018, and can only be accessed through secure usernames and passwords. Our example Data Sharing Agreement outlines the protections we take through the ImpactEd platform, which include:

1. All pupil data on the ImpactEd platform is fully anonymised by default for ImpactEd staff unless you explicitly grant us access to view personal data (for example, to provide technical support).
2. All data is protected by encryption, including 256-bit SSL/TLS encryption in motion and 128-bit AES at rest.
3. All personal data is processed only within the UK or European Economic Area or under equivalent adequacy arrangements approved by the European Commission, unless you have consented otherwise.
4. The data we access through the ImpactEd platform can be controlled via the Wonde portal. If you wish to revoke our access to data, this can be done instantly.
Frequently asked questions

For any further queries, we've documented answers to our frequently asked questions. For more details on how data is used in the ImpactEd platform specifically, please refer to our example platform Data Sharing Agreement.

If you have questions which haven't been answered by this page or our FAQs document, don't hesitate to get in touch at support@impacted.org.uk