All data subjects whose personal data is collected, in line with the requirements of the GDPR and the Data Protection Act 2018 by Hashtag Learning Ltd through the use of our products (including ACHIEVE) and our marketing activities.
We are Hashtag Learning Limited and we produce online resources for education. ACHIEVE is our study toolkit for SQA National 5, Higher and Advanced Higher. SUCCEED is our study planning and reflection toolkit, available to students using ACHIEVE.
The ACHIEVE public website address is: https://letsachieve.co.uk
The ACHIEVE private website address is https://achieve.hashtag-learning.co.uk/
The Hashtag Learning website is https://www.hashtag-learning.co.uk
We collect the following personal data on the ACHIEVE private website:
Option 1 - Students sign up with their own email address:
Option 2 - Schools create student accounts:
By using Option 2 schools can create student accounts which do not require student names or email addresses. Students can then use the full range of ACHIEVE tools without supplying any personal information.
SUCCEED uses the same user account and login as ACHIEVE - it extends the platform with additional study planning features rather than operating as a separate system.
For students using SUCCEED, we additionally collect:
Note that it is not a requirement of ACHIEVE that school students or home users register their full names. They may be identified by initials or numbers should they wish to protect their anonymity.
We do not use any third-party analytics. No visitor or user data is shared with external analytics or advertising providers.
Within ACHIEVE, we record student activity (such as questions attempted, self-evaluation ratings, and study time) for the purpose of providing the platform's progress-tracking and reporting features to students and their teachers. This data is held within the ACHIEVE database and is not used for any other purpose.
As part of the ACHIEVE product or associated marketing, we work with the following third party organisations:
The main ACHIEVE database is stored in data centres hosted by Heroku. These data centres are located within the EU and are accredited under ISO27001. Further information can be found in the Heroku security policy.
Any images used by ACHIEVE are stored on servers hosted by Amazon Web Services. No user data is stored on AWS.
We use Brevo to email users with product information. This applies only to Teacher and Home User accounts, not School Student accounts. Teacher data stored by Brevo is limited to: Name, School and email address. For Home Users we use Brevo to store their email address.
Stripe is our online payment provider. No user data is stored.
We use OpenAI to support our Virtual Tutor feature (only for schools who have opted in). For schools using the Virtual Tutor, we send the following data to OpenAI:
No personal data is shared with OpenAI.
All user accounts are password protected using the PBKDF2 algorithm with a SHA256 hash. Raw passwords are not stored anywhere on the system.
Journal entries created in SUCCEED are encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 authentication).
We will retain your data for as long as we regard you as an active user, if you make no use of the site for a period of 36 months we will delete your account and any data associated with it. This would in no way prevent you from creating another account at a future date using, if you wish, the same personal details.
If you have opted out to your data being processed we will delete your data within 28 days of your opt out being received.
Users can choose to delete their account and any associated data directly from the ACHIEVE website.
You can direct requests in relation to this privacy policy to Hashtag Learning by using our contact form.
Hashtag Learning are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Hashtag Learning has clear procedures to identify and respond to data security incidents. In the event of an identified data breach, we will notify affected users in line with legal and regulatory requirements.
Hashtag Learning complies with the requirements of the Cyber Essentials scheme and we hold a Certificate of Assurance for Cyber Essentials Plus.
All ACHIEVE data is stored in Heroku data centres which are located within the EU and are accredited under ISO27001.
