Privacy Policy Ascentis

We encourage you to read this privacy notice so you can:

• Understand how and why your personal information is collected, used, and protected by Ascentis
• Be aware of your rights and choices regarding your data
• Know how to contact us with questions or concerns
• Stay informed about the security measures we have in place
• Ensure you are comfortable with how your information is managed

By reading this notice, you can make informed decisions about your relationship with Ascentis and exercise your rights under data protection law.

Get in touch using our website, or alternatively, use the below information:

We collect, use, store and/or transfer various categories of personal data about you depending on our relationship with you:

We collect and process personal data about you to deliver our products and services, provide related support, and maintain our relationship with you. Under data protection legislation, we are only permitted to use your personal information where we have a valid legal basis and for clearly defined purposes.

The specific types of information we collect may vary depending on the nature of our relationship with you.

Learner information:

Centre Staff Information:

Supplier Information:

Job applicants:

Ascentis Premises Visitor Information:

Customer Surveys

We value your feedback and use it to enhance our products, services, and customer experience. Following interactions with our customer service team, you may receive a survey via Microsoft Dynamics 365 Customer Voice, sent to the email address you provided during your enquiry.

Participation in the survey is entirely optional. The survey may ask for personal information such as your name or address and will focus on your experience with our customer service, your satisfaction with our offerings, and any suggestions you wish to share.

Your responses will be securely stored in our customer relationship management system and retained indefinitely to support ongoing service improvement. We use this data to analyse customer satisfaction, inform product development, and refine our marketing strategies. Your responses will not be shared with third parties.

You can opt out of receiving future surveys at any time by clicking the unsubscribe link included in the survey email.

Information we collect about you from other sources

In addition to the information you provide directly, we may collect personal data about you from other sources, including:

• Learning centres: If you are enrolled through a centre, they may share personal information necessary to process your enrolment and certification.
• Publicly available sources: Such as Companies House or County Court Judgements, which may include financial information relevant to our services.
• Third-party data providers: Including credit reference agencies, which may supply information about your creditworthiness or financial standing.

Information we receive about you from other sources

When you enrol on a course through a learning centre that delivers qualifications on our behalf, the centre will share your personal data with us. This enables us to process your enrolment, assess your eligibility, and issue your qualification and certification. We may also use this data to evaluate the performance of the learning centre and benchmark it against others.

In some cases, you may have given consent for other websites, services, or third parties to share information with us. This could include data collected through other websites we operate or services we provide. Where applicable, we will inform you at the point of collection if we intend to share or combine that data internally, and explain the purpose for doing so.

We may also receive information from third-party organisations that support our operations, such as:

• Payment processors
• Delivery and logistics providers
• Technical support services
• Marketing and advertising partners

Whenever we receive personal data from these sources, we will inform you of the type of data received, the source, and how and why we intend to use it.

Cookies and Website Tracking

Our website uses cookies to personalise your online experience and improve functionality. A cookie is a small data file stored on your device that records how you interact with our site. This allows us to recognise returning users and gather insights into website usage.

For more information, see our Cookies Policy here.

If you fail to provide personal data

In certain circumstances, we are required by law or contract to collect specific personal data. If you do not provide this data when requested, we may be unable to fulfil our obligations—for example, issuing your qualification or providing requested certificates. If this affects your access to services, we will notify you at the time.

Storing your information

All personal data you provide is stored securely on servers located within the UK. If you are issued a password to access specific areas of our website or services, you are responsible for keeping it confidential. We strongly advise against sharing your password with anyone.

Protecting your information

We take the security of your personal data seriously and have implemented a range of technical and organisational measures to safeguard it. These include, but are not limited to:

• Cyber Essentials Plus certification
• Role-based access controls, ensuring access is granted only on a need-to-know basis
• User identification and access monitoring
• Physical security controls

Personal data is never disclosed to or accessed by unauthorised individuals. Internal policies and procedures are in place to protect against loss, accidental destruction, misuse, or unauthorised disclosure. Access to personal data is strictly limited to employees who require it to perform their duties.

Data Breach Procedures

We have established procedures to respond to any suspected data security breaches. This includes incidents involving accidental loss, damage, destruction, or unauthorised access to personal data. Where legally required, we will notify affected individuals and the relevant supervisory authority, and we will do so within the timeframe prescribed by law.

If we receive personal data unintentionally or unnecessarily—for example, if you send us information we did not request—we will delete it promptly in accordance with our data minimisation policies and advise you not to send such data again.

Disclosure to Law Enforcement

In certain circumstances, UK GDPR permits the disclosure of personal data to law enforcement agencies without the data subject’s consent. Where such requests are received, Ascentis will only disclose data after verifying the legitimacy of the request and ensuring compliance with relevant legal protocols and internal policies.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and contractual obligations.

• Where processing is based on your consent or our legitimate interests, we will retain your data until you withdraw consent or object to the processing, and we agree with your objection.
• If you are a school user, your learning centre may request that we delete your personal data at any time. In the absence of such a request, we will retain your data for as long as reasonably required to fulfil our contractual obligations.
• We may also retain personal data in accordance with applicable UK laws and regulations, depending on the nature of the services provided.

Retention periods are reviewed regularly to ensure data is not held longer than necessary.

How we adopt Data Protection by Design

Ascentis adheres to the principle of Data Protection by Design and Default, meaning we embed data protection considerations into the development and operation of all systems, processes, and projects from the outset.

We implement appropriate technical and organisational measures to ensure personal data is processed securely and in compliance with data protection laws. These include:

• Secure data transfer protocols
• Access controls and authentication
• Encryption and monitoring tools
• Staff training and internal policies

While we take all reasonable steps to protect your data, please note that data transmission over the internet is not completely secure. Although we strive to safeguard your personal information, any transmission is at your own risk. Once received, we apply strict procedures and security features to prevent unauthorised access.

What are your rights?

Under the UK General Data Protection Regulation (UK GDPR), you have a range of rights designed to give you greater control over your personal data and how it is used. These include:

• Right of access – You can request a copy of the personal data we hold about you.
• Right to rectification – You can ask us to correct any inaccurate or incomplete data.
• Right to erasure – You can request that we delete your personal data, subject to certain conditions.
• Right to restrict processing – You can ask us to limit how we use your data in specific circumstances.
• Right to data portability – You can request that your data be transferred to another organisation in a structured, commonly used, and machine-readable format.
• Right to object – You can object to the processing of your data where we rely on legitimate interests or direct marketing.
• Right to withdraw consent – Where we rely on your consent to process data, you can withdraw it at any time.
• Right to lodge a complaint – You can raise concerns with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

These rights are designed to promote transparency, accountability, and trust in how your personal data is handled. We are committed to upholding these rights and ensuring your information is processed lawfully and securely.

More information can be found on the ICO Website:

If you wish to utilise any of the above rights, please contact our Legal, Risk, and Data Protection Department using the below email:

Sharing Within Our Organisation and Group

We may share your personal data internally with authorised staff members to deliver our products and services effectively. In some cases, we also share data with other organisations that support our operations, such as regulatory bodies or service providers who assist in delivering or overseeing our qualifications.

Your personal data may also be shared with International Dyslexia Learning Solutions Limited (IDLS) and other companies within the Ascentis Group, as well as across websites we operate, where relevant to the services you access.

For learners, personal data is shared between the recognised exam centre and Ascentis, in accordance with the Centre Agreement. Centres are required to maintain accurate, timely, and secure learner records, including achievement data, and to retain full records for audit purposes. This ensures your data is handled securely and in compliance with our obligations.

Sharing your information with third parties

We do not sell or rent your personal data to third parties, nor do we share it for third-party marketing purposes.

However, we may share your data with selected third-party partners, suppliers, and subcontractors where necessary to fulfil a contract or deliver a service. This includes organisations that provide:

• IT infrastructure and support
• Secure data hosting
• Marketing and communications services
• Payment processing
• Delivery and logistics

In all cases, we only share the minimum data required and ensure that appropriate contracts or data sharing agreements are in place. These agreements require third parties to protect your data, use it only for the intended purpose, and not use it for their own marketing.

Examination Results

We may share learner data with the following third-party organisations that collect and process information related to examination results:

• Quality Assurance Agency for Higher Education (QAA)
• Ofqual
• UCAS
• Bath Data (SERAP)
• Learning Records Service (LRS)

These organisations are involved in the regulation, verification, and reporting of learner outcomes and qualifications.

Training and CPD

For attendees of our training events, we may share personal data with the CPD Certification Service to enable the issuance of recognised CPD certificates.

To facilitate event registration, we may use Eventbrite. When signing up for an Ascentis event via Eventbrite, you will be asked to provide your full name and email address. This information is used solely for event admission and communication purposes.

Remote Invigilation (ProctorExam)

For qualifications requiring remote invigilation, we may share the following learner data with ProctorExam:

• Full name
• Email address
• Unique identifier (e.g. username)
• Captured facial photograph
• Captured identification document
• Recorded video stream
• Technical details such as IP address and location

This data is used to verify identity, monitor exam integrity, and satisfy regulatory requirements. It is securely processed within the Frankfurt region of Germany, ensuring that no data is transferred outside the European Economic Area (EEA), in accordance with Clause 16.5 of our contract with ProctorExam.

Ascentis and ProctorExam have entered into a formal agreement to ensure that all personal data is handled in compliance with the UK GDPR, offering equivalent levels of protection. This processing is necessary to uphold the validity of examination results and fulfil our contractual obligations.

Exceptional Circumstances for Data Disclosure

In limited and exceptional circumstances, we may disclose your personal data to third parties where we believe such disclosure is:

• Required by law enforcement, regulatory bodies, or government authorities for the prevention or detection of crime, fraud, or other unlawful activity.
• Necessary to comply with legal obligations, including court orders, judicial proceedings, or regulatory requirements.
• Essential to protect the safety and wellbeing of our employees, property, or the public.
• Proportionate for the prevention or detection of crime, including sharing information with other organisations for fraud prevention and credit risk reduction.
• Required as part of a corporate transaction, such as a merger, acquisition, or sale of assets. In such cases, we may share your data with the prospective buyer or seller, ensuring appropriate safeguards are in place.

We require all third parties to handle your personal data securely and in accordance with applicable data protection laws. Third-party service providers are not permitted to use your data for their own purposes and may only process it under our instructions and for specified lawful purposes.

Ascentis does not sell, rent, or lease your personal data to any third party.

International Transfers

As of 28 June 2021, the UK has been granted adequacy status by the European Commission under the GDPR. This means that personal data can be transferred from the European Economic Area (EEA) to the UK without the need for additional safeguards.

We do not currently transfer your personal data outside the EEA, unless you are located outside the EEA and such transfer is necessary to provide services to you.

At Ascentis, we are committed to transparency and safeguarding your personal data. As part of our innovation strategy, we use Artificial Intelligence (AI) technologies to enhance our services and streamline internal processes. AI refers to systems capable of performing tasks that typically require human intelligence, such as learning from data, recognising patterns, and making decisions.

We operate in full compliance with applicable data protection laws, including the UK GDPR. To ensure responsible use of AI, we have implemented robust policies and procedures, including our Acceptable Use of AI Policy, which strictly prohibits staff from inputting any personal data—whether their own or others’—into AI models. Any personal data entered into our systems must relate solely to the individual staff member and be done at their discretion.

We remain committed to maintaining the highest standards of privacy and data protection in all AI-related activities. If you have any questions about our use of AI or how your data is protected, please contact us at data@ascentis.co.uk.

Use of Microsoft Copilot

We utilise Microsoft Copilot to support documentation of communications with suppliers and customers. This AI-powered tool helps us summarise, organise, and manage information exchanged during interactions, improving the efficiency and accuracy of our records.

Why We Use Microsoft Copilot

Our use of Microsoft Copilot is aimed at:

• Enhancing customer experience through prompt and accurate responses
• Supporting effective resolution of queries and issues
• Maintaining high standards of service with clear, structured communication records

How Microsoft Copilot Is Used

During communications, Microsoft Copilot may be used to:

• Summarise key points and action items
• Generate structured documentation of interactions
• Store relevant information in our Customer Relationship Management (CRM) system
• Assist in categorising and prioritising communications for follow-up

Data Storage and Usage

Information documented via Microsoft Copilot is securely stored in our CRM system. We retain only the data necessary to:

• Improve customer experience
• Resolve queries and service issues
• Meet legal and regulatory obligations

All data is handled in accordance with our internal data protection policies and is accessed strictly for the purposes outlined above.

Your Control Over Your Data

If you prefer that we do not retain information documented using Microsoft Copilot, you may contact us using the details provided in this notice. We respect your privacy and will act on your request accordingly.

For further questions or concerns about our use of Microsoft Copilot or our data handling practices, please don’t hesitate to reach out. Your trust is important to us, and we are here to support you.

You have the right to make a complaint at any time to us using the email, website, or address below if you have any concerns about our use of your personal information.

You can also complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues if you are unhappy with how we have used your data or how we have handled your complaint.

The ICO’s complaints page is as follows: https://ico.org.uk/make-a-complaint/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

We reserve the right to make changes to this Privacy Notice from time to time. If you have any questions or queries about the changes that we make from time to time, please tell us via the contact details provided below in this Privacy Notice.

Ascentis will review and update this Privacy Notice to reflect company and customer feedback and changes to laws and regulations. Ascentis encourages you to periodically review this notice to be informed of how Ascentis is protecting your information.

We use a variety of cookies to provide data about how our website is being used and to improve the advertising.

If you want to disable cookies, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.

You can find more information about out cookie usage within our Cookie Policy.