Peerscroller Setup: Data Processing FAQs

We class the vast majority of data processed for Peerscroller as Usage Data.

For staff, learner, and parent Usage Data, the organisation providing Peerscroller remains the Data Controller,

In order to offer continuity of support to learners and parents leaving the school or college providing their access to Peerscroller, we also keep Continuity Data.

For Continuity Data only, Yipiyap acts as the Data Controller.

Continuity Data is only processed if:

1. is a user of the Peerscroller app with their own account,
2. consents to this data processing by accepting the Peerscroller Acceptable Use Policy during the account creation process,
3. is over the age of 13, which we take to be the age at which a person can reasonably give consent about use of their own data, and
4. is losing access to Peerscroller through their organisation, either by leaving that organisation or because the organisation itself is no longer providing access to Peerscroller.
   

For Usage Data, Yipiyap acts as Data Processor, with the school or college providing Peerscroller remaining Data Controller.

To make sure we can offer continued Peerscroller access to learners falling outside of their school or college’s provision of Peerscroller, we act as Data Controller for a small subset of users’ data. We call this Continuity Data..

Once a user leaves the school or college providing Peerscroller, Yipiyap can no longer provide access to Peerscroller or contact them to make alternative arrangements in our capacity as Data Processor.

So, to achieve that continuity of support, we need to act as Data Controller for this specific purpose.

We judged this to be a more responsible and proportionate approach to data than either of the alternatives of:

1. making Yipiyap the Data Controller of all data, including Usage Data, which would give us more autonomy over users’ data than is needed to deliver the service, or
2. making no attempt to continue provision of support, as we believe that if a learner has come to use Peerscroller as a go-to source of pastoral support, it’s not in their best interest to lose access during a transitional phase where they will likely be most in need.

For these reasons, we felt this was most appropriate that as much data as possible remain the control of school or college, and to only act as Data Controller where absolutely necessary.

See: Why is there a distinction between Usage Data and Continuity Data?

See: Why is there a distinction between Usage Data and Continuity Data?

The law says that when you’re looking at a new technology that’s “likely to result in a high risk”, it’s your responsibility to carry out a Data Protection Impact Assessment (DPIA).

That DPIA will establish whether those risks are proportionate to the benefits and how you can mitigate them.

Because children are a vulnerable group, the law considers any large-scale processing of their data to be “high risk”, so you should consider whether a DPIA is needed before you start using Peerscroller.

The responsibility to decide when a DPIA is needed will fall on schools or colleges as the Data Controller, so you should judge for yourself whether it’s a sensible step and follow any internal procedures set out by your organisation.

Whether using Peerscroller is “high risk” will depend on your school or college’s particular context.

For example, at primary schools where learners aren’t given direct access to the Peerscroller app (and therefore only a small group of adults’ data is processed), it’s less likely that you’d judge Peerscroller to be “high risk”, so a DPIA may not be necessary.

On a larger scale and when processing lots of young peoples’ data, a DPIA is more likely to be required.

Internally, Yipiyap conducted a DPIA covering the whole Peerscroller service, because it involves processing the data of children, who are a vulnerable group.

No – a DPIA is specific to your context, so if you judge one to be an appropriate step, you’ll need to carry it out yourself.

However, we’re more than happy to assist by providing any information necessary, and a copy of our own DPIA is available by request via gdpr@yipiyap.co.uk.

Yes – the Data Processing Agreement (DPA) for Peerscroller is incorporated into the Terms of Service signed by schools and colleges.

Yes – Yipiyap’s Privacy Policy is available via the Peerscroller website.

We process the personal data of anybody in your organisation with their own Peerscroller account.

This usually means staff, learners, and parents (unless you have decided not to give learners or parents direct access to the Peerscroller app).

For staff, learners, and parents, we process the following data:

• Name
• Sex/Gender
• Email
• Username
• Password
• Institution
• Feedback
• Platform usage data

For learners only, we also process the following data:

• School year and key stage (or in the case of parents, child’s school year and key stage)
• Sex/Gender
• Interests

Learners can create their account using either their personal or their school email address.

By default, we advise that learners use their personal email address, as it makes sure learners can access Peerscroller at home, even if they don’t have access to their school email.

However, some schools and colleges judge that use of school email addresses is more appropriate or have a policy in place requiring them to do so. In this case, they can advise or enforce learners’ use of their school email address when creating a Peerscroller account.

Learners and Parents

As standard, all data about learners and parents will be provided by the Data Subjects themselves upon account creation.

Schools and colleges also have the option to onboard learners in bulk by uploading a spreadsheet to the Peerscroller Teacher Portal.

In this case, the school or college will provide the following data about learners;

• Name
• Year Group
• Email Address.

School and College Staff

School and college staff accounts are created centrally by the organisation’s Super Administrator.

The school or college will provide staff details in bulk via spreadsheet upload. This will include:

• Name
• Department
• Email Address

No special category data or criminal offence data is routinely collected when using Peerscroller.

Because the platform’s search bar allows user input, there is a possibility that data may be entered allowing for inference of certain details regarding:

• Health
• Sex Life
• Sexual Orientation

In most cases, we do not expect these inferences to be reliable enough to pose any real risk. However, we still treat this data to be somewhat more sensitive than usual.

Yipiyap, the Data Processor for Usage Data and the Data Controller for Continuity Data) is based in the UK.

Core Provision of Peerscroller

To deliver the Peerscroller platform, we use Data Processors based in the EEA.

The following Data Processors are used:

• AWS, headquartered in the US with datacentres in the UK.
• MongoDB, headquartered in the US with datacentres in Ireland.
• Brevo, headquartered in France with datacentres in Belgium.
  

Optional Contact with Yipiyap

Only the above processors are required to use the Peerscroller platform.

However, outside of the core scope of Peerscroller, users may choose to contact Yipiyap via our website, through forms, by email, or through other channels.

In this case, data may be handled by the following Sub-Processors:

• Microsoft 365, headquartered in the US with datacentres in the UK.
• Squarespace, headquartered in the US with datacentres in Ireland.
• Google Analytics, with datacentres in the US.
• Fillout, with datacentres in the US
• Airtable, with datacentres in the US.
• GoDaddy, with datacentres in the US.

Where data processing involves transfers outside of the UK or EEA, data security is assured through the use of the EU’s Standard Contractual Clauses.

Usage Data

Usage Data is retained for as long as the Data Subject uses the Peerscroller service. After this, their data is held for a period of six months, before deletion upon the next biannual deletion cycle.

Continuity Data

Continuity Data is processed only when a consenting user over the age of 13 loses access to Peerscroller through their providing organisation, and is retained until one of the following conditions is true:

Yes. Yipiyap follows a plain English interpretation of the data deletion terms set out in the Data Protection Act 2018, alongside the advice of the Information Commissioner’s Office.

On request, end of data retention period, end of contract, or other cause for deletion, Yipiyap uses the deletion functions of its database provider MongoDB to delete personal data.

School and college staff members with Peerscroller accounts will receive occasional updates about the platform and new teaching resources via email.

No direct marketing will be delivered to learners or parents.

Because a primary audience of this service will be children, there is an inherent risk to all data processing involved.

Besides the nature of the Data Subjects, no processing will take place that is inherently high -risk, including:

• Use of innovative technology
• Automated decision making
• Use of artificial intelligence (AI)
• Intrusion into an individual’s private life
• Large-scale processing
• Data matching
• Invisible processing
• Processing of biometric or genetic data
• Use of geolocation

See: Is any of the data processing high risk?

See: Is any of the data processing high risk?

See: Is any of the data processing high risk?

Yes, Peerscroller has been designed from its inception to comply with the Information Commissioner's Age-Appropriate Design Code (sometimes called the Children's Code) and its fifteen standards of age-appropriate design.

Further detail on how we comply with the code’s standards can be provided if required. (Otherwise, this would be a very long answer!)

Peerscroller uses personal data for the following purposes:

Delivery of the Peerscroller service

The benefits of quality PSHE education have been well explored, but in brief, a method of PSHE education that is effective, widespread, and engaging to young people would likely be of material benefit to its learner’s lives, in terms of health, wellbeing, and educational/career outcomes.

We believe this service will provide PSHE and PD knowledge in a format that is more engaging to young learners than existing teaching resources, supplementing and complementing teachers’ work in schools and colleges.

Schools’ and colleges’ PSHE budgets are often small. A digital product allows Yipiyap to provide a product to schools and colleges at low cost, enhancing learning in this key area.

Administrating access

Collecting identifying information about students, teachers, and parents allows schools, college, and other providing organisations to:

• ensure all required students and teachers have registered an account, and
• ensure only authorised users have access to Peerscroller.

Enabling teaching and learning

The primary purpose of Peerscroller is education.

By authenticating teacher access via identifying information, teachers have access to Peerscroller’s library of content for use in-class.

By authenticating and identifying students, teachers can sort them into classes and share relevant content to set homework viewing or encourage learning outside of the classroom.

Engaging learners in-app with appropriate materials

We use the learner’s content preferences and app usage history to tailor content to their interests.

We use the learner’s school year group to ensure all content provided is age appropriate.

Providing transparency

Parents have a right to review their child’s RSE teaching and any materials used. By authenticating parent access via identifying information, parents are able to personally audit their child’s RSE learning.

Providing engagement data to schools, colleges, and other providing organisations

Student and teacher usage data is shared with schools, colleges, and other providing organisations to allow them to:

• ensure Peerscroller is being used to the desired effect by staff and students, and
• identify anonymous, cohort-wide trends in student curiosity, to identifying potential safeguarding issues or areas of weakness.

Improving the Peerscroller app

Usage data and any provided feedback or suggestions will be used by Yipiyap to continuously improve the apps efficacy for all other purposes.

Providing support to users

Users’ contact details (name and email address) allow Yipiyap to provide support for any technical (or other) issues with their use of the app.

Offering continued access to Peerscroller

The collection of Continuity Data in Yipiyap’s capacity as Data Controller (as opposed to Usage Data, is are collected in Yipiyap’s capacity as Data Processor) allows us to offer continued access to Peerscroller should a user lose access via their school, college, or providing organisation.

No – there is no reason to suspect any data processing involved in the delivery of Peerscroller should cause damage or distress to learners, parents, or school and college staff.

For Usage Data, Yipiyap act only as the Data Processor, with schools, colleges, and other providing organisations acting as the Data Controller.

We expect schools and colleges to use Public Task as their basis for processing. Other organisations will likely use Consent.

For Continuity Data, we, the Data Controller, are using Consent as our lawful basis for processing, based on terms contained within the Acceptable Use Policy or End User Licence agreement signed on account creation.

Usage Data:

As Data Controller for Usage Data, the providing school or college has ultimate responsibility for deciding the lawful basis for processing and obtaining any necessary consents.

Your school or college’s lawful basis of using Peerscroller may not require direct consent, if it relies on a basis such as Public Task or Contract.

In case consent is needed for the chosen basis for processing, this is collected directly from parents & pupils in-app when they sign the End User Licence Agreement upon account creation.

Contact Data:

Yipiyap is Data Controller for Continuity Data, so consent for this is gathered directly from parents & pupils over the age of 13 in-app on account creation.

Because Yipiyap gather consent to process Continuity Data directly from the individual upon account creation, schools and colleges aren’t obliged to do so themselves.

However, to help learners and parents make a fully informed decision, you might still judge that it’s appropriate to inform them of this distinction, through your privacy notice or other usual channels of communication.

On account creation, learners and parents will sign Peerscroller’s End User Licence Agreement.

In this, they will agree to the processing of their Usage Data.

For users over the age of 13, they will also agree to the processing of their Continuity Data, although the actual processing of this data will only begin if and when they lose access to Peerscroller through their providing organisation.

No. Although we treat users under the age of 13 differently in terms of consenting to the processing of their Continuity Data, this distinction is taken into account automatically on account creation and signing of the End User Licence Agreement.

Yes – Peerscroller was designed with data minimisation in mind, especially given the age of learners comes with an inherent vulnerability.

The primary benefit of all of Peerscroller’s data processing is the provision of PSHE and PD education.

The benefits of quality PSHE education are well documented, but, in brief, a method of delivering that education which is effective, widespread, and engaging to young people stands to be of significant material benefit to its learner’s lives, in terms of health, wellbeing, and educational/career outcomes.

Its unique format affords Peerscroller the opportunity to offer those benefits. Additionally, as a digital product, delivery costs are low, enabling us to provide a low-budget way for schools to enhance learning in this vital area.

All data compiled ultimately serves that goal, but specifically, will serve one of following purposes:

Administering Access

Collecting identifying information about students, teachers, and parents allows schools, college, and other providing organisations to:

• ensure all required students and teachers have registered an account, and
• ensure only authorised users have access to Peerscroller.
  

Engaging learners in-app with appropriate materials

We use the learner’s content preferences, app usage history, and (optionally) gender to tailor content to their interests.

We use the learner’s school year group to ensure all content provided is age appropriate.

Providing transparency

Parents have a right to review their child’s RSE teaching and any materials used. By authenticating parent access via identifying information, parents are able to personally audit their child’s RSE learning.

Providing engagement data to schools, colleges, and other providing organisations

Staff Usage Data is shared with schools, colleges, and other providing organisations to allow them to:

• ensure Peerscroller is being used to the desired effect by staff, and
• provide appropriate safeguarding oversight of staff usage.

Anonymous learner and parent Usage Data is shared with schools, colleges, and other providing organisations to allow them to: identify anonymous, cohort-wide trends in student curiosity, to identifying potential safeguarding issues or areas of weakness.

Improving the Peerscroller app

Usage data and any provided feedback or suggestions will be used by Yipiyap to continuously improve the apps efficacy for all other purposes.

Providing support to users

Users’ contact details (name and email address) allow Yipiyap to provide support for any technical (or other) issues with their use of the app.

Offering continued access to Peerscroller

The collection of Continuity Data in Yipiyap’s capacity as Data Controller allows us to offer continued access to Peerscroller should a user leave their school, college, or providing organisation.

See: Why is there a distinction between Usage Data and Continuity Data?

In designing Peerscroller, we considered anonymising the following data, but judged that the resultant inability to deliver the service’s benefits would outweigh the slight reduction of data processing risk:

Learner’s Full Names

While anonymity would reduce data risk, we don’t believe administration of the service would be possible without some form of identification.

Complete anonymity would remove organisations’ ability to monitor usage, recommend videos, assign homework, verify all accounts are valid, or access cohort-wide statistics.

Pseudonymisation (such as the use of email addresses for identification) would be impractical for teachers, and we believe the most likely outcomes would be that schools:

• find a workaround to identify learners, removing the security benefits while still inconveniencing staff; or
• avoid using the service entirely, negating all benefits of processing.
  

Learners’ Viewing and Search History

Entirely excluding learner search data would greatly reduce the utility of the app, by removing our ability to tailor content recommendations to the user.

This has the dual effect of missing an opportunity to provide learners with the PSHE/PD teaching that is most relevant and beneficial to their lives, while also making the platform less engaging, reducing the likelihood of continued use.

(However, access to this data outside of anonymous cohort-wide statistics is limited. Please refer to our Policy on Activity Monitoring & Harm Prevention for more information on this decision.)

Parent Accounts

We considered whether it was necessary for parents to create accounts in order to access Peerscroller’s content.

However, this is an essential step to ensure “parent” usage comes only from authorised individuals.

Additionally, following the initial design of Peerscroller, user feedback demonstrated the value of parental engagement with learning materials, meaning the existence of parental accounts carries similar teaching benefits to other account types.

Yes, we believe Peerscroller collects the minimum of personal data necessary to be effective.

Please see the preceding answers for our rationale on why the data collected is necessary (Is all the personal data processed by Peerscroller necessary?) and why it could not be further minimised (Could the personal data be anonymised or pseudonymised?).

All data is provided either by the Data Controller or the Data Subject, so we expect it to be accurate.

Users and organisation admins will be able to update user data whenever necessary.

The Terms and Conditions for organisations make the Data Controller responsible for ensuring data is accurate at least one per year (in line with the academic year, when most users are likely to leave their providing organisation.

We also do not believe there are any privacy risks associated with out-of-date information (e.g. sending letters to an old address, contacting an old phone number), as the only contact information we are gathering is the user’s email address, which will not change hands.

Users are prompted to review both an AUP/EULA and Yipiyap’s Privacy Policy (which is accessibly worded) on account creation.

The Privacy Policy can be revisited at any time, either via the Yipiyap website, the Peerscroller website, or the Peerscroller app.

Individuals will retain full control over their data and view, update, and delete their information directly from the app.

The only restrictions on this will come from their relationship with the Data Controller (the school, college, or other providing organisation).

Users are able to contact Yipiyap about enforcing their data rights by email, phone, or via the app.

They are also able to view, update, and delete their information directly from the app.

We expect, given the indirect relationship of the majority of end users with Yipiyap, that they may well also make a request regarding their rights via the Data Controller (their school, college, or other providing organisation.)

The Terms and Conditions for Peerscroller ensure Yipiyap’s assistance of the Data Controller in supporting such requests.

Yes, Peerscroller’s data architecture is structured such that fulfilling an SAR is entirely possible.

See: Where is personal data held?

All Sub-Processors are under contract with Yipiyap. These contracts comply with the requirements for Controller-to-Processor (or Processor-to-Sub-Processor) contracts under GDPR, and contain clauses addressing (but not limited to) the following:

1. the subject matter and duration of the processing;
2. the nature and purpose of the processing;
3. the type of personal data and categories of Data Subject; and
4. the controller’s obligations and rights.
5. processing only on the controller’s documented instructions;
6. the duty of confidence;
7. appropriate security measures;
8. using Sub-Processors;
9. Data Subjects’ rights;
10. assisting the controller;
11. end-of-contract provisions; and
12. audits and inspections.
    

While the current Sub-Processors hosting the app server and database are companies based in the United States, the relevant datacentres are housed in Europe.

We also have contracts in place with these third-parties ensuring an equivalent level of protection to EU-based companies through the use of standard contractual clauses.

This is an important question, as learner and parent Usage Data may well include research into personal topics.

We’ve addressed this in full detail in our Policy on Activity Monitoring & Harm Prevention, but in brief:

We never share:

• information about what an individual learner or parent has been watching, searching, liking, and saving.
  

We do share anonymous statistics about:

• how many of a school or college’s learners and parents have created Peerscroller accounts and how much they’re using the platform.
• the most popular videos, tags, and categories among that school or college’s learners and parents.

(We think this is really useful and doesn’t compromise anyone’s privacy.)

School/college staff can see the following about individual learners:

• who’s making use of Peerscroller (and who might need some more support getting started). This is limited to basic identifiers, like names and email addresses, and how much time a user has spent on the app recently.
• which videos or collections staff have shared with learners – but not videos or collections saved by learners themselves.
  

Finally, in the very unlikely case that it is requested for an investigation and has the potential to be helpful, we would share information about an individual’s usage with relevant authorities, like the police.

Use of Peerscroller by staff at schools, colleges, and other providing organisations is visible to Administrators and Super Administrators of that organisation. This includes usage time, searches, collections created, videos saved, classes created, and collections and videos shared with learners.

This transparency is an important safeguarding feature and does not carry the same risks as transparency around learner or parent data, which is more likely to relate to sensitive personal issues.

Peerscroller does not currently offer a full audit trail, although data on staff’s usage time, searches, collections created, videos saved, classes created, and collections and videos shared with learners is available to the organisation’s Administrators and Super Administrators.

Where Yipiyap acts as the Data Processor, the Data Controller (the school, college, or other providing organisation) has limited access to Usage Data, as described above.

Besides this, data is only accessible to certain Yipiyap staff and Yipiyap’s Data Processors/Sub-Processors.

Yipiyap follows the principle of least privilege in providing staff access to personal data, meaning data is only accessible where absolutely essential for the completion of staff’s roles.

All staff are given regular data protection training and are bound to contracts of employment containing suitable privacy and confidentiality terms.

Similarly, all Data Processors and Sub-Processors operate under contracts with Yipiyap containing appropriate provisions to maintain instructional control rights.

(See the section titled How is Sub-Processor compliance ensured?  for more detail.)

Yes, all account types have the option to log into Peerscroller using Single Sign-On (SSO). Peerscroller is compatible with Microsoft and Google ecosystems.

Organisation Super Administrators have the option to disable login via password for all users if they wish to enforce login via SSO.

Two-factor authentication (2FA)/multi-factor authentication (MFA) is in place for the creation of Peerscroller accounts, although not enforced for every login.

This follows the NSCS’s advice on deciding whether to implement MFA, in order to balance the cybersecurity risk with the benefits to learners of increased ease of access to educational content with significant potential for harm reduction, as well as the minimisation of collected personal data.

If 2FA/MFA is required for all logins, we advise organisations to enforce login via SSO by disabling password-login for your organisation.

We take our duty to protect personal data seriously, and we do that by putting in place appropriate technical and organisational measures to safeguard the confidentiality, integrity, and availability of users’ data.

Full details of these security measures can be found in Yipiyap’s Privacy Notice.

Yes, Yipiyap is Cyber Essentials certified.

You can verify our Cyber Essentials certification here.