All data subjects whose personal data is collected, in line with the requirements of the GDPR and the Data Protection Act 2018 by Hashtag Learning Ltd through the use of our products (including ACHIEVE) and our marketing activities.
We are Hashtag Learning Limited and we produce online resources for education. ACHIEVE is our study toolkit for SQA National 5 and Higher.
The ACHIEVE public website address is: https://letsachieve.co.uk
The ACHIEVE private website address is https://achieve.hashtag-learning.co.uk/
The Hashtag Learning website is https://www.hashtag-learning.co.uk
We collect the following personal data on the ACHIEVE private website:
Option 1 - Students sign up with their own email address:
Option 2 - Schools create student accounts:
By using Option 2 schools can create student accounts which do not require student names or email addresses. Students can then use the full range of ACHIEVE tools without supplying any personal information.
Note that it is not a requirement of ACHIEVE that school students or home users register their full names. They may be identified by initials or numbers should they wish to protect their anonymity.
We use Google Analytics and Facebook ads on our website https://letsachieve.co.uk/. The information gathered includes geographical location, browser type, referral source, length of visit, pages viewed and the device used.
We do not use an analytics once users log in to the ACHIEVE website at https://achieve.hashtag-learning.co.uk/.
As part of the ACHIEVE product or associated marketing, we work with the following third party organisations:
The main ACHIEVE database is stored in data centres hosted by Heroku. These data centres are located within the EU and are accredited under ISO27001. Further information can be found in the Heroku security policy.
Any images used by ACHIEVE are stored on servers hosted by Amazon Web Services. No user data is stored on AWS.
We used Send In Blue to email users with product information. This applies only to Teacher and Home User accounts, not School Student accounts. Teacher data stored by Send In Blue is limited to: Name, School and email address. For Home Users we use Send In Blue to store their email address.
Stripe is our online payment provider. No user data is stored.
All user accounts are password protected using the PBKDF2 algorithm with a SHA256 hash. Raw passwords are not stored anywhere on the system.
We will retain your data for as long as we regard you as an active user, if you make no use of the site for a period of 12 months we will delete your account and any data associated with it. This would in no way prevent you from creating another account at a future date using, if you wish, the same personal details.
If you have opted out to your data being processed we will delete your data within 28 days of your opt out being received.
Users can choose to delete their account and any associated data directly from the ACHIEVE website.
Hashtag Learning are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Hashtag Learning has clear procedures to identify and respond to data security incidents. In the event of an identified data breach we will comply with our contractual and legal obligations accordingly.
Hashtag Learning complies with the requirements of the Cyber Essentials Scheme.