Enterprise-Grade Compliance
for Purpose-Driven Partnerships

The Educational Equality Institute maintains comprehensive safeguarding policies to protect all beneficiaries, particularly children and vulnerable adults. Our framework is aligned with international NGO standards, UK Charity Commission guidance, and Norwegian regulatory requirements.

Policy Scope

• Universal application — applies to all staff, volunteers, partners, contractors, and board members without exception
• All interaction contexts — covers online platforms (Kintell, itslearning), in-person events, recovery camps, and any TEEI-facilitated contact
• Mandatory reporting procedures — all personnel are legally and ethically obligated to report concerns immediately
• Annual review cycle — policy reviewed and updated annually with formal board approval and version control
• Partner alignment requirements — implementing partners must demonstrate equivalent safeguarding standards before engagement

Key Commitments

• Zero tolerance — no tolerance for abuse, exploitation, harassment, discrimination, or any form of misconduct toward beneficiaries
• Survivor-centered approach — incident response prioritises the safety, dignity, and wellbeing of the affected individual
• Confidential reporting channels — multiple reporting pathways including anonymous options, available in English and Ukrainian
• No retaliation guarantee — whistleblowers and reporters are protected from any form of retaliation
• Regular training — mandatory safeguarding training for all personnel with documented completion records

Child & Vulnerable Adult Protection

• Under-18 supervision requirement — minors may only participate in sessions with parent or guardian present; no exceptions
• Parental consent protocols — written consent required for all youth programme participation
• Vulnerable adult considerations — trauma-informed approach recognising displacement, war exposure, and economic vulnerability
• Private-by-default profiles — beneficiary information is never publicly searchable; mentors cannot browse mentee details
• Platform-only communication — all interactions occur within monitored platforms; personal contact exchange prohibited

Designated Safeguarding Lead

Our DSL oversees all safeguarding matters including policy implementation, training delivery, concern management, and external liaison with authorities. The DSL reports directly to the Board and has authority to immediately suspend any individual pending investigation.

Contact: safeguarding@theeducationalequalityinstitute.org — monitored daily with 24-hour response commitment for urgent matters.

All volunteers working with beneficiaries undergo rigorous vetting and training before engagement. For corporate partners, this provides assurance that your employees are joining a secure, professionally managed volunteering environment.

Vetting Process

• Identity verification — email and mobile phone verification required for all accounts; government-issued ID for certain programmes
• Corporate email validation — Mentors for Ukraine requires verification via corporate email domain to confirm professional status
• LinkedIn profile review — professional background validated through LinkedIn; employment history and credentials assessed
• Background checks — DBS checks (UK), equivalent criminal background checks elsewhere where legally permitted and role-appropriate
• Reference checks — two professional references required for high-contact volunteer roles
• Programme coordinator interview — video interview with TEEI staff before approval for mentoring roles
• Application review — every application manually reviewed by TEEI team; no automated approvals

Required Training

• Safeguarding fundamentals (2 hours) — recognising abuse, reporting procedures, professional boundaries
• Data protection & privacy (1 hour) — GDPR basics, handling personal information, confidentiality obligations
• Cultural sensitivity (1 hour) — trauma-informed approach, working with displaced populations, cross-cultural communication
• Programme-specific onboarding (varies) — platform training, session guidelines, mentee matching process
• Code of conduct acknowledgment — signed agreement to TEEI's behavioural standards before platform access granted

Ongoing Requirements

• Annual safeguarding refresher — mandatory annual re-certification with updated content
• Background check renewal — every 3 years for roles requiring enhanced checks
• Code of conduct reaffirmation — annual acknowledgment of current policies
• Activity monitoring — platform analytics track session patterns; anomalies flagged for review
• Feedback integration — post-session ratings and comments reviewed; patterns investigated

Platform Safety Controls

• In-platform communication only — all video sessions and messaging occur within Kintell; no requirement to exchange personal contact details
• Session booking records — complete audit trail of all scheduled and completed sessions
• Rating and review system — post-session feedback from both parties helps identify concerns early
• Clear reporting mechanisms — one-click reporting for any concerns; multiple escalation pathways
• Immediate suspension capability — volunteers who breach guidelines removed from platform within 24 hours pending investigation

Code of Conduct Highlights

All volunteers agree to maintain professional boundaries, respect confidentiality, treat participants with dignity regardless of background, report any concerns immediately, and refrain from any form of discrimination, harassment, or inappropriate behaviour. Violations result in immediate removal and potential referral to authorities.

We process personal data in compliance with GDPR, UK Data Protection Act 2018, and applicable international regulations. As a Norway-headquartered organisation, GDPR serves as our primary data protection framework and is applied to all users regardless of location.

Data Processing Principles

• Lawful basis established — every processing activity has documented legal basis (consent, contract, legitimate interest, or legal obligation)
• Data minimisation — we collect only what is strictly necessary for programme delivery; no excessive data gathering
• Purpose limitation — data is used only for the specific purposes stated at collection; no secondary use without consent
• Storage limitation — defined retention schedules for all data categories; automatic deletion upon expiry
• Accuracy — processes in place to keep personal data accurate and up-to-date; users can update their information anytime
• Privacy by design — data protection built into systems architecture from the ground up, not bolted on afterward

Technical Security Measures

• Encryption in transit — TLS 1.3 for all data transmission; no unencrypted connections permitted
• Encryption at rest — AES-256 encryption for stored personal data across all systems
• Access controls — principle of least privilege; role-based access ensuring staff see only what they need
• Authentication — multi-factor authentication required for administrative access; secure password policies enforced
• Security audits — regular internal reviews and periodic third-party penetration testing
• Incident response plan — documented procedures with 72-hour breach notification to authorities as required by GDPR
• Vendor security — platform partners (Kintell, itslearning, Stripe) maintain their own security certifications and DPAs

Data Subject Rights

Beneficiaries, volunteers, and partners can exercise their full GDPR rights including:

• Right of access — request a copy of all personal data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restriction — limit how we process your data in certain circumstances
• Right to portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Rights related to automated decisions — we do not make automated decisions with legal effects

Exercise your rights via privacy@theeducationalequalityinstitute.org or our online portal — requests processed within 30 days as required by GDPR.

International Data Transfers

• EU/EEA adequacy — Norway is part of EEA; data flows within Europe unrestricted
• Standard Contractual Clauses — SCCs in place for any transfers to non-adequate countries
• US transfers — covered by appropriate safeguards including SCCs with US-based processors
• Sub-processor oversight — all third-party processors vetted for GDPR compliance before engagement

For Corporate Partners

We provide Data Processing Agreements (DPAs) with Standard Contractual Clauses for corporate partners requiring formal documentation. Our legal team can participate in due diligence calls and provide additional documentation for your data protection officers.

Corporate partners receive comprehensive reporting on programme outcomes and volunteer engagement. Our reporting is designed to support your CSR, ESG, and internal communications requirements.

Standard Reporting Package

• Quarterly impact reports — volunteer hours, sessions delivered, beneficiaries supported (aggregated)
• Programme participation breakdown — which programmes your volunteers supported and engagement levels
• Annual summary report — year-end comprehensive review with trend analysis
• Beneficiary stories (with consent) — anonymised success stories for internal communications
• Photo/video assets — branded content for CSR communications (where appropriate and consented)
• Certificate of partnership — formal acknowledgment for display and recognition

Custom Reporting (Tier 2+ Partners)

• Bespoke KPIs — metrics aligned to your specific CSR framework and reporting requirements
• Real-time dashboards — online portal access with live volunteer engagement data
• Integration support — data feeds compatible with corporate reporting systems
• Executive briefings — quarterly calls with TEEI leadership on partnership progress
• Board presentations — materials suitable for board-level CSR reporting
• SROI calculations — Social Return on Investment analysis using recognised methodology
• SDG alignment mapping — contribution mapping to UN Sustainable Development Goals 4, 5, 8, 10

Financial Transparency

• 501(c)(3) tax-exempt status — EIN: 33-2331817 (US donations tax-deductible)
• Norwegian registered organisation — Org: 928 776 719
• Annual Form 990 — available on request and via Candid/GuideStar
• Audited financials — annual audited financial statements available on request
• Restricted fund tracking — designated gifts tracked and reported separately
• Candid Platinum Transparency — highest level of nonprofit financial disclosure

Incident Reporting

• Immediate notification — partners informed within 24 hours of any safeguarding concerns involving their employees
• Investigation updates — regular communication throughout any investigation process
• Resolution summary — formal report on outcomes and any systemic improvements made
• Quarterly incident summary — aggregated report on any concerns across all programmes (anonymised)