Privacy policy



This website and any of its subdomains, as well as and any of its subdomains are owned and operated by WhatWorked Education Ltd (Company number 12789441). We provide professional development programmes for running interventions and consultancy services in the areas of education research and evaluation.


We are registered with the Information Commissioner’s Office as a data controller and, as such, we are committed to protecting your privacy. We take our responsibilities to secure your personal information very seriously. Personal information means any information about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous information). Under the General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 we follow strict security procedures in the storage and disclosure of information which you give to us.

Our Privacy Policy applies only to information that we obtain from you via the website and / or from any of its subdomains. In using the website, you consent to the collection and use of your personal information in the ways set out in the Privacy Policy. The website complies with all UK national laws and requirements for user privacy. Should you have any questions about the privacy policy, please contact us at [email protected], or by post to 28 Tollhouse Road, Durham, DH1 4HU.

If you contact the owners of this website, you do so at your own discretion and any personal details are given at your own risk.
If you visit a website operated by a third-party through a link included on our website, that website may have different privacy and security policies. We do not have control over any websites other than our own and take no responsibility for information given to any other website.


When using this website, you may be asked to enter information about yourself for a specific reason and by doing so you are consenting to our use of that information. The purpose for collecting this information will be made clear. The type of personal information we may collect about you includes:

  • Identity Information – which includes your first and last names or username, or the name of the nominated billing contact where relevant
  • Contact Information – which includes your email address, telephone number, your school name and address, your nominated billing address and email address where relevant
  • Financial Information – card payments are handled through a third-party processor (see below)
  • Transaction Information – includes details about payments from you
  • Technical Information includes IP address and login data on the devices you use to access the site
  • Profile Information – includes username and purchases or orders made by your school
  • Usage Information – includes information about how you use our website and services


The information you provide to us when using this website may be processed for the following purposes:

  • To keep you informed of relevant news, products and services
  • To assist in answering any queries you may have submitted
  • To subscribe you to an email newsletter
  • To book a place at an event run by WhatWorked Education
  • To register and/or pay for a course (online or in-person) run by WhatWorked Education
  • To register for a webinar
  • To perform statistical analysis of the use of the website
  • To assist us with product development and research


We arrange and run both online and in-person courses and events. As part of this process, contact details will be taken so that we can be in touch regarding the event and if a booking is made for an in-person event, dietary requirements and access provisions may be required.
Our purpose for collecting personal information in this regard is to arrange and facilitate the event and to provide our customers with an
acceptable service. The legal basis we rely on for processing this personal data is consent under Article 6(1)(a) of the GDPR. When we collect any information about dietary or access requirements we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.

Should the course be fully booked, we’ll let you know and hold your details on a reserve list in case a place becomes available. If you are
allocated a place at an event, we’ll then ask for information about any dietary/access requirements. We don’t share this information in any
identifiable way with the venue, and we delete it after the event. We don’t publish delegate lists for events.

We may sometimes charge a fee to attend or to sign up to an event. See below for details for more information on this.
By entering information about yourself, you accept that we may retain your information for a period no longer than is necessary for the given
purpose, however the retention period can differ based on the type of information processed. To determine the appropriate retention period for
personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process it and whether we can achieve those purposes through other means, and any applicable legal requirements.

The information may be held with us or any third-party company with whom we have a contract to process information on our behalf. For further information please refer to the Privacy Policy of the individual third-party company via the links attached.
We will not share your information with any third-parties for the purposes of direct marketing.
All personal information is kept private and is held securely until it is no longer required or has no use, at which point it will be destroyed or
deleted by secure means in accordance with Data Protection legislation.


Our online courses are hosted on an online platform called Learnworlds. Learnworlds is therefore a third-party processor for this purpose. Should you choose to register for a course, you agree to give your name and email address for the purpose of accessing and enrolling on the course. The legal basis we rely on for processing your personal information in this regard is contract under
article 6 (1) (b) of the GDPR.

You can read Learnworlds’s Privacy Policy here for further


We use a third-party processor, MailChimp, for the purpose of sending automated emails. Participants on our online courses provide their
name, email address and school name if applicable in order to facilitate access to the course and to provide an acceptable service. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the
UK GDPR. You can read MailChimp’s GDPR addendum here.


We operate an email newsletter program. A visitor to the website can opt in to the newsletter through an online form should they so
choose. Our newsletter and other forms are provided by MailChimp. By completing these forms to opt in to our newsletter or to
receive downloadable content access, you will be required to enter your name and email address. Each form will outline the uses of the data collected in compliance with UK GDPR and you are able to unsubscribe or amend your subscription at any point.
MailChimp is used to store our mailing list subscriptions as well as providing the platform for all our online support. Some
subscriptions may be manually processed through prior written agreement with the user.

The legal basis we rely on for processing your personal information in this regard is your consent under article 6(1)(a) of the UK

You can read MailChimps Data Processing Agreement here for further information. Subscriptions are taken in compliance with UK Spam Laws
detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the General Data Protection Regulation.

Email marketing campaigns may contain tracking facilities within the actual email. Such tracked activity may include, but may not be
limited to, the opening of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to
refine future email campaigns and supply you with more relevant content based around your activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003, subscribers are given the
opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated unsubscription system is unavailable, clear instructions on how to unsubscribe will be detailed instead. This means that you have the right to withdraw your consent, or to object to the processing of your personal information for this propose at any time. If you do that, we’ll update our records immediately.


All credit and debit card payment services are provided by a third-party processor, Stripe. These services are encrypted using our own, and Stripe’s own, SSL certificates. You can identify this security by the green padlock usually found in the URL bar of your browser. We do not store any of your payment information. The legal basis we rely on for processing personal data for making online payments is consent under Article 6(1)(a) of the GDPR at the point at which payment card details are given for the specific purpose of paying for one of our products online.
You can read Stripe’s Privacy Policy here for further information:


For invoicing and billing purposes we use Xero which is a third-party processor. The personal information needed for this purpose is the customer name and address, email address and name and email address of the customer contact. Our purpose for collecting personal information during the fee payment process is so that we can contact you about your fee payment or about any other
queries relevant to the payment process. The legal basis we rely on for processing personal data in this regard is consent under Article 6(1)(a) of the GDPR.

You can read Xero’s Privacy Policy here for further information:


We arrange webinars that we think may be of interest and of benefit to our customers. For this purpose we may use GoToWebinar or Microsoft Teams as a third party processor. If you choose to register for one of them, you will be asked to provide your contact information. Our purpose for collecting this information is so that we can facilitate the event, provide access to it and provide an acceptable service.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR. We do not publish delegate lists for webinars. You can read GoToWebinar’s Privacy Policy here for further information:
You can read Microsoft Teams’ Privacy Information here:


Under Data Protection legislation you have the following rights:

  • You have a right to be informed about the collection and use of your personal information. Everything you need to know should be contained within our Privacy Policy but if there is anything more you need to know then please get in touch.
  • You have a right to access the personal information we hold about you. This is commonly known as a ‘subject access request or SAR’ and should be made in writing and either emailed to us or sent to our postal address. This would normally be dealt with within one month of receiving it however it can take longer if it is a complex request.
  •  You have a right to challenge the accuracy of the information held about you. This is known as the right to rectification and can be used if the information is either inaccurate or incomplete.
  • You have a right to get your information deleted or disposed of and this is sometimes known as the right to erasure or the right to be forgotten.
  • You have a right to limit the way an organisation uses your personal information if you are concerned about its accuracy or you have a concern about how it is being used. This is known as the right to restriction.
  • You have a right to get a copy of the information held about you from us in an accessible and machine-readable way. This is known as the right to data portability.
  • In certain circumstances, you may have the right to object to the use of your personal information for a particular purpose or purposes.
  • Where we are relying on your consent as our legal basis for using your personal information, you have a right to withdraw your consent at any time. Should you choose to do this, we will update our records immediately to reflect your wishes.
  • You have certain rights relating to automated decision making and profiling.
  • You have the right to raise a concern with us should you have any query about how we are handling your personal information.

You can access further information relating to your rights from the Information Commissioner’s Office or your local Citizen’s Advice Bureau.
It is important that the information we hold is kept accurate and up to date. Should there be changes to any information that we hold change please let us know.


This website uses cookies to improve user experience while visiting the website. Cookies are small files saved to visitors’ hard drives that track,
save and store information about user interactions and usage of the website. This allows us to provide you with a tailored experience within this website. Cookies typically expire after 30 days, and no personal information is collected. This website uses a cookie control system, allowing you on your first visit to the website to allow or disallow the use of cookies on each device. This complies with recent legislation requirements for websites to obtain explicit consent. If you wish to deny the use and saving of cookies from this website, you should take necessary steps within your web browser’s security settings to block all cookies from this website.


This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by a third-party service, Google Analytics, which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone.

You can read Google’s Privacy Policy here for further information:


Although this website only looks to include quality, safe and relevant external links, you are advised adopt a policy of caution before clicking any external web links and do so at your own risk. We cannot guarantee the contents of any externally linked website and cannot be held liable for any damages or implications caused by visiting any external links mentioned.


Communication and engagement through external social media platforms on which we are active are subject to the terms and conditions and privacy policies of each individual social media platform. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. You are advised before using such social sharing buttons that you do so at your own discretion.


Through our social media platform accounts, we may share links to relevant web pages. By default, some social media platforms shorten lengthy URLs (web addresses). You are advised to take caution and to exercise good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. We cannot be held liable for any damages or implications caused by visiting any shortened links.

We keep our Privacy Policy under regular review to make sure it is up to date, accurate and clear. Any changes will be listed as below. We suggest that you check this page regularly to keep up to date. Your continued use of the website will be deemed to be acceptance of the revised version of the Privacy Policy.

We have reviewed our Privacy Policy in May 2023 and made the following changes:

• Included the new website domain
• Checked to see that all other information was still complete and up-to-date.

Prior to this, the policy was last updated in February 2022.


If you choose to subscribe to any of our online courses, you promise, acknowledge, and agree that:

  • Access privileges may not be transferred to any third-parties;
  •  You will comply with all applicable laws and regulations with respect to use of the Services;
  •  You will not rent, lease, sublicense, re-sell, distribute, transfer, copy or modify the Services or any component thereof;
  •  You will not translate, decompile, or create or attempt to create, by reverse engineering or otherwise, the source code from the object code made available hereunder;
  •  You will not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store or transmit the Services or any portion thereof;
  •  You will not delete or alter any copyright, trademark or other proprietary rights notices from copies of materials from the Website or contained in the Services.

We reserve the right to remove accounts which we think are in breach of the above terms.

Created with