General Queries
      Back to home
      1. Support Center
      2. General Queries

      How Do We Protect Your Personal Data?

      Schools and colleges frequently ask us questions related to our data protection procedures. Here's what data we store, where we store it and how we protect it.

      At Creative Education we take the safety of your personal data seriously. 

      What Data Do You Store?

      For each individual we store the following information:

      • Name
      • Email
      • Website login credentials (username and password)
      • Place of work
      • Job role and title
      • Courses completed on our website and current progress
      • Purchase and subscription history
      • Telephone calls, emails, chats and other communications

      We do not retain any data related to protected characteristics, nor do we retain credit card or payment data. All credit card transactions are handled securely by our payment partner Stripe.

      Where Do You Store It?

      We have three online services that we use to store and process personal data:

      • Our productivity software Microsoft. This is hosted in the UK.
      • Our website. This is hosted in the EEA by Wordpress specialist WPEngine. WPEngine provide a range of additional protections to guard against unauthorised access to website data, which are listed here.
      • Our customer relationship management system Hubspot. This is hosted in the US and our DPA is available here

      How Long Do You Store It For?

      After 3 years of inactivity customers' account details will be marked for deletion. Prior to this point they will receive a series of emails to ensure they are aware of this and are happy to proceed. After this point customer accounts, including course progress, will be deleted from our website.

      How Do You Keep It Safe?

      We use managed wordpress hosting for our website with WPEngine to guard against common attack vectors. The protections in place are listed here. Our website is regularly patched with the latest security updates and we have a process in place to identify high priority updates that are actioned immediately.

      For our customer relationship management and productivity software we use two factor authentication to provide access to our staff to prevent unauthorised access.

      What Data Do You Share?

      Within Organisational Memberships (where a school or college sign up on behalf of their staff) we share course completion data of the individuals within that membership with the administrators of the subscription. This is usually a senior manager within the school or college. This is stated in our Privacy Policy.

      What Do You Do In The Event of a Data Breach?

      Staff are trained to recognise the signs of a potential data breach, and in what to do when one occurs. In the event of a data breach colleagues notify the Data Protection Officer, or if they are unavailable a member of the senior management team who will establish the key facts.

      This will then be reported, no later than 72 hours after the initial breach was identified, to

      • The ICO
      • The individuals affected
      • The school or college (in the event that the breach relates to an Organisational or Community membership)

      Something Else?

      If you have another question on how we safeguard your personal data, do let us know at happytohelp@creativeeducation.co.uk