TEP logo
What we do
Who we serve
CEOs & executive teams
Headteachers & senior leaders
Middle leaders
PricingResearch
Learning
Webinars & events
Case studies
About us
News & blogs
Who we are
Login
Contact us

Privacy Policy

Effective date: December 2025

1. Introduction

TEP Services (“we”, “us”, “our”) operates the website www.tep.uk (the “Service”).

This Privacy Policy explains how we collect, use, store, share and protect personal information, and your rights in relation to that information, in accordance with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”).

This Privacy Policy applies only to

  • The TEP Services website (www.tep.uk)

It does not apply to:

  • The ImpactEd monitoring and evaluation platform; or
  • The Engagement Platform user platform.

Privacy information relating to those platforms and to partner organisations is provided separately via relevant Data Sharing Agreements.

2. Data Controller

For the purposes of UK data protection law, TEP Services is the Data Controller for personal data collected via the Service.

For platform users (e.g. school staff), the relevant school or multi-academy trust is the Data Controller, and TEP Services acts as a data processor, unless otherwise stated in a Data Sharing Agreement.

3. Personal Information We Collect and Hold

We collect and hold the following categories of personal information:

3.1 Personal Data

This may include:

  • First name
  • Surname
  • Email address
  • IP address
  • Device and browser information

3.2 Usage Data

Automatically collected data such as:

  • IP address
  • Browser type and version
  • Pages visited
  • Date, time and duration of visits
  • Unique device identifiers
  • Diagnostic and performance data

3.3 Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about how users interact with the Service. Details are provided in Section 7.

3.4 Platform Users – Mandatory Account Data

For school staff users accessing the TEP platform, the following mandatory data is required:

  • First name
  • Surname
  • Email     address

3.5 Special Category Data

In limited circumstances, schools may provide access to special category data (as defined under Article 9 UK GDPR), such as data relating to protected characteristics.

This data is:

  • Processed only where strictly necessary;
  • Used solely to support analysis of engagement across different groups;
  • Processed under the legal basis of public task (Article 9(2)(g) UK GDPR and     Schedule 1, Part 2 of the Data Protection Act 2018), or explicit     consent where required;
  • Subject to strict safeguards, including data minimisation and access controls.

Further details are set out in the applicable Data Sharing Agreement.

4. How We Collect and Hold Personal Information

We collect personal information:

  • Directly from you when you contact us or use the Service;
  • Automatically through cookies and usage tracking technologies;
  • From schools or partner organisations where they are the Data Controller and have lawful authority to share data with us.

Personal information is stored securely using appropriate technical and organisational safeguards.

5. Purposes for Which We Use Personal Information

We collect, hold, use and disclose personal information for the following purposes:

  • To provide and maintain the Service
  • To manage user accounts and access
  • To communicate with users, including service   updates
  • To provide customer support
  • To analyse and improve the Service
  • To monitor usage and performance
  • To detect, prevent and address technical or   security issues
  • To comply with legal and regulatory obligations

Personal data is not used for purposes that are incompatible with those listed above.

 

6. Lawful Bases for Processing

Depending on the context, we process personal data under one or more of the following lawful bases:

  • Performance of a contract
  • Compliance with a legal obligation
  • Performance of a task carried out in the public     interest
  • Legitimate interests
  • Consent (where required)

 

7. Cookies

We use the following types of cookies:

  • Session cookies – to operate the Service
  • Preference cookies – to remember user     settings
  • Security cookies – to protect the Service

You can control or disable cookies via your browser settings.
Please note that disabling cookies may affect the functionality of the Service.

 

8. Disclosure of Personal Information

We may disclose personal information:

  • To  trusted third-party service providers acting on our instructions;
  • Where required to comply with legal obligations;
  • To  protect the rights, property or safety of TEP Services, users or others;
  • In  connection with the prevention or investigation of wrongdoing.

All service providers are required to process personal data securely and in accordance with UK GDPR.

9. Overseas Transfers

Personal information is primarily processed within the United Kingdom and the European Economic Area (EEA).

Where personal information is transferred outside the UK orEEA, this will occur only:

  • To countries recognised as providing an adequate level of protection by the     UK Government or European Commission; or
  • Where appropriate safeguards are in place (such as International Data Transfer     Agreements).

At present, routine overseas processing may include service providers located in:

  • The  United Kingdom
  • European Economic Area countries

Further details can be requested by contacting us.

10. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including measures referred to in Article 32 UK GDPR.

While we take reasonable steps to protect personal information, no method of transmission or storage is completely secure.

 

11. Your Rights

Under UK GDPR, individuals have the right to:

  • Access their personal information
  • Request correction of inaccurate or incomplete data
  • Request erasure of personal data (where applicable)
  • Restrict or object to processing
  • Data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

Access and Correction

If you are a platform user, please contact your school or organisation (the Data Controller) in the first instance.
Alternatively, you may contact us at hello@tep.uk.

12. Complaints

If you have a concern or complaint about how we handle your personal information, you may contact us using the details below. We will investigate and respond promptly.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website:     www.ico.org.uk
  • Telephone:     0303 123 1113

13. Third-Party Links

Our Service may contain links to external websites.
We are not responsible for the privacy practices or content of those sites, and we encourage users to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page and, where appropriate, notified by email or a prominent notice.

15. Contact Us

For questions, data requests, or complaints, please contact:

Email: hello@tep.uk

‍

The Engagement Platform Fair Usage Policy

Purpose This policy ensures optimal platform performance and equitable access for all subscribers while preventing misuse of TEP's services.

Reasonable Usage Guidelines

User Accounts:

  • User accounts are intended for individual use only and may not be shared.
  • Account creation should reasonably reflect actual staff at your organisation.
  • Inactive accounts may be archived after 12 months of non-use.

Survey Distribution:

  • Surveys should be distributed to legitimate stakeholder groups (staff, pupils, families, governors or defined stakeholder group).
  • Bulk or automated survey distribution outside your organisation (e.g. general public) is prohibited unless explicitly agreed in writing with TEP.
  • Survey frequency should align with standard census windows (typically termly).

Data Processing:

  • Platform usage should correspond to your organisation's size and subscription level.
  • Excessive data uploads, exports, or API calls that impact system performance may be restricted.

Platform Access:

  • Platform access is for your organisation's internal use only.
  • Providing access to external consultants or third parties requires prior written approval.
  • Commercial redistribution of platform access is prohibited.

Support Resources:

  • Support requests should relate directly to platform use, data collection, understanding and utilising data, and engaging with community content.
  • TEP provides technical platform and data guidance but is not a consultancy or advisory service.
  • We may signpost you to appropriate external support where your needs fall outside our scope.
  • Data review calls are provided on a reasonable-use basis following census collection points.
  • Requests for multiple concurrent calls or repeated training sessions with different teams may be subject to additional charges.
  • Excessive or repetitive support requests may be subject to additional charges.

Enforcement TEP reserves the right to monitor usage patterns and may contact subscribers whose usage significantly exceeds normal parameters. Continued excessive usage may result in service restrictions or additional charges.

Questions? Contact support@tep.uk for clarification on appropriate usage.


Subprocessors

Last amended: 11/07/2025

The following page contains an up-to-date list of authorised Subprocessors used by TEP Serviced Limited to process Data. This list may be updated from time to time following the procedures as outlined in our Data Sharing Agreement.

‍

Entity Name Entity Type Purpose Web Address
Amazon Web Services Cloud Service Provider Cloud hosting service for the operation of the Platform. https://aws.amazon.com
Appsignal B.V. Analytics Provider Service provider used to monitor Platform uptime and error tracking. https://appsignal.com
Google Inc. Cloud Service Provider Integration used to input Data in an encrypted format. https://cloud.google.com
Mailchimp Email Service Provider Cloud Service Provider used for customer newsletters. https://mailchimp.com/
Mailgun Email Service Provider Cloud Service Provider used to automate Platform emails. https://www.mailgun.com
New Relic, Inc Cloud Service Provider Service provider used to monitor Platform responsiveness and pinpoint memory and performance issues. http://www.newrelic.com/
Papertrail Analytics Provider Logs application actions: used for maintenance and bug fixing. https://papertrailapp.com
Pusher Notifications Provider To provide real-time notifications when enabled/requested. https://pusher.com/
Salesforce.com, Inc (Heroku) Cloud Service Provider Cloud management service for the operation of the Platform. TEP Services Ltd uses Heroku, a Salesforce platform. https://www.heroku.com
Wonde Ltd Integration Provider Integration provider used for REST API access to school MIS. https://www.wonde.com/
Zimuth, Inc (as Scout APM) Cloud Service Provider Service provider used to monitor Platform responsiveness and pinpoint memory and performance issues. https://scoutapm.com/
TEP logo
About us
News & blogs
Who we are
learning
Webinars & events
Case studies
Resources
Research
Who we serve
CEOs & executive teams
Headteachers & senior leaders
Middle leaders
Join our newsletter to stay up to date on features and releases.
By subscribing you agree with our Privacy Policy and provide consent to receive updates from our company.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
LinkedIn
2025 TEP. All right reserved.
Privacy Policy

Contact Us

    Select a role
        Thank you! Your submission has been received!
        Oops! Something went wrong while submitting the form.