Privacy Policy Ascentis
What is a privacy notice?
This privacy notice is a document that explains how Ascentis collects, uses, stores, and protects personal information. It informs individuals about the types of data collected, the purposes for collecting it, and how it is used.
This notice outlines data storage and security measures, individual rights, the use of cookies or tracking technologies, and the legal basis for processing data.
Why should you read this notice?
Reading this privacy notice is important because it allows individuals to understand how their personal information is collected, used and protected by Ascentis.
It also helps individuals to make informed choices, ensure compliance with regulations and stay aware of security measures implemented by Ascentis.
Our contact details:
Get in touch using our website, or alternatively, use the below information:
| General Company Information: | |
| Organisation Name: | Ascentis |
| Mailing Address: | Ascentis House, Lancaster Business Park, 3 Mannin Way, Lancaster, LA1 3SW |
| Data Email Address: | |
| Legal Email Address: | |
| Phone Number: | 01524 845046 |
| Website: | Cutting Edge Qualifications Agency | Awarding Organisation Body | Ascentis |
| ICO Registration Number: | Z1927556 |
| Data Protection Officer Information: | |
| Organisation Name: | The DPO Centre Ltd |
| Mailing Address: | 50 Liverpool St, London EC2M 7PY |
| Contract Email Address: | |
| Phone Number: | |
| Website: |
What types of personal information we collect and why do we collect it?
We collect, use, store and/or transfer various categories of personal data about you depending on our relationship with you:
We will collect and process personal information about you to enable us to administer products and services, provide you with other related services and manage our relationship with you. Under data protection law, we can only use your personal information if we have a proper reason for doing so and for the purposes for which we collect it.
The information we require/gather about you will differ depending on our relationship with you:
Learner information:
| Types of Data: | Data collection point: | Category of data: | Purpose: | Lawful basis: |
| Ethnicity, gender | Learner registration and enrolment | Special category | Learner registration and performance of services to you | Explicit consent |
| Full name, contact number, DOB, personal email, postcode, learner achievement, address, IP address | Learner registration, course certification | Personal data | Learner registration and performance of services | Contractual obligation |
| Disabilities and areas of disadvantage | Learner registration | Special category | Exam adjustments, special consideration, and qualification adaptability | Explicit consent |
| Market preferences, advertisement of suggested services, cookies | Use of Ascentis website (completing surveys etc) | Personal | Suggestion of relevant services we can offer to you | Legitimate interests |
| Captured facial photograph, recorded video stream | ProctorExam (Outsourced remote invigilation service) | Personal | Provides remote invigilation services | Legitimate interests |
Supplier information:
| Types of data: | Data collection point: | Category of data: | Purpose: | Lawful basis: |
| Contact name, email | SAP Business One (Accountancy software) | Personal | Execute contract/business needs | Contractual obligation |
Centre/Centre Staff information:
| Types of data: | Data collection point: | Category of data: | Purpose: | Lawful basis: |
| Coordinator; name, job title Contact number, centre address, contact email | Completion of centre recognition form | Personal | Performance of services | Contractual obligation |
Job applicants:
| Types of data: | Data collection point: | Category of data: | Purpose: | Lawful basis: |
| Full name, DOB, various contents of your curriculum vitae (Contact number, address, contact email, work experience, qualifications) | Upon receival of CV/job application | Personal | Recruitment:
Information required for identification of applicant and accessed as to the suitability to the relevant job position. | Contractual obligation |
Ascentis premises visitor information:
| Types of data: | Data collection point: | Category of data: | Purpose: | Lawful basis: |
| CCTV recording | Arrival on Ascentis company premises | Personal | Security – Maintains log of entrances and exits of the Ascentis building | Legitimate interests |
| Full name, face photograph workplace, contact number | Upon registering arrival on tablet in reception | Personal | Security – Maintains log of entrances and exits of the Ascentis building – Logged on software ‘Inventory’ | Legitimate interests |
Customer Surveys
We value your feedback and want to improve our products and services based on your opinions and preferences. To do this, we may send you a survey through Microsoft Dynamics 365 (Customer Voice) to optionally complete after any interaction with our customer service team. The survey will be sent directly to the email address that you provided to us when you contacted our customer service team. The email address will be stored in our customer relationship management software.
The survey may ask you for any personal information, such as your name or address. The survey will ask you about your experience with our customer service team, your satisfaction with our products and services, and any suggestions or comments you may have.
The responses you provide to the survey will be saved indefinitely in our database to aid with improving our customer journey. We will use the responses to analyse and improve our customer service quality, product development, and marketing strategies. We will not share your responses with any third parties.
You can choose not to complete the survey or opt out of receiving future surveys at any time by clicking on the unsubscribe link in the email.
Information we collect about you from other sources
We collect information about you from other sources, and may include:
- Information from the learning centre that you have enrolled with provide us with all the personal information we may require to process and complete your enrolment and/or certification.
- Publicly available information, from sources such as Companies House, County Court Judgements, this may include details about your financial situation and debts; and
- Information from third party databases or data suppliers, such as credit reference agencies, including details about your creditworthiness.
Information we receive about you from other sources
When you engage to enter into a course at a learning centre for which we are the relevant qualification awarding body they will share your personal data with us so that we can award your qualification and certify that you have met the relevant criteria. We may also process your data to assess the learning centre that you are enrolled in and benchmark them against other learning centres.
Sometimes you will have given your consent for other websites, services or third parties to provide information to us. This could include information we receive about you if you use any of the other websites we operate or the other services we provide, in which case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.
It could also include information from third parties that we work with to provide our products and services, such as payment processors, delivery companies, technical support companies and advertising companies. Whenever we receive information about you from these third parties, we will let you know what information we have received and how and why we intend to use it.
The Ascentis website uses "cookies" to help you personalise your online experience
A cookie is a piece of information that is held on the hard drive of your computer which records how you have used a website. Cookies allow website operators to accumulate useful information, such as whether the computer (and sometimes its user) has visited the site before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit. For more information, see our Cookies Policy here.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to award your qualification or provide you with copies of any certificates you request). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
How do we store and protect your personal information?
Storing your information
All information you provide to us is stored on secure servers in the UK. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Protecting your information
Ascentis has a range of other technical and organisational measures in place to protect your personal data including being Cyber Essentials Plus certified, two-factor authentication, access controls to restrict access on a need-to-know basis, uniquely identifying users to monitor and review access attempts, and physical security. Personal data is never disclosed or shared with unauthorised people. Ascentis has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse, or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
We also have procedures in place to deal with any suspected data security breach. This applies to a security breach leading to the accidental loss, damage, destruction or unlawful access or disclosure to your personal data. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so and report any substantial risk to the rights and freedoms of individuals within any period applicable by law.
However, it would not be considered a breach if the personal data were received unknowingly or unintentionally and then erased in line with data minimisation policies. For example, if you sent us personal information that we did not require or request, we shall delete this as soon as possible and ask you to refrain from sending any unnecessary personal or special data again.
In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Ascentis will disclose the requested data. However, we will ensure the request is legitimate, following any relevant policies and protocols.
How long do we keep your data for?
Where we are relying on your consent or our legitimate interests to process your data then we will keep your personal data until you withdraw your consent for us to use it, or object to the processing in our legitimate interests and we agree with your objection.
A school can request that we delete the personal data of school users at any time, and in the absence of any specific request from the school we will retain user’s personal data for as long as is reasonably needed to perform our contractual obligations to you.
We will also retain your personal data according to other applicable UK laws and regulations, depending upon the nature of the services we have provided to you.
How we adopt Data Protection by Design
Ascentis have adopted the principle of Data Protection by Design and Default.
This means that at the beginning and continuing through any new project or system, we keep the safety and security of everyone’s personal data at the forefront and implement whatever measures are necessary to comply with data protection laws.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice. We try to ensure that all information you provide to us is transferred securely via the website. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
What data protection rights do you have?
What are your rights?
The GDPR grants individuals several data protection rights, including the right to access their personal data, request its correction or deletion, restrict its processing, and obtain a copy of it in a portable format.
Individuals also have the right to object to the processing of their data, withdraw consent, and lodge complaints with data protection authorities.
These rights promote transparency, control, and privacy in the handling of personal data, giving individuals the ability to manage their information and ensuring organisations adhere to responsible data practices.
More information can be found on the ICO website:
| Data Subject Right: | Explanation: |
| The right to be informed | This right ensures that individuals have access to clear and transparent information about the processing of their personal data.
It requires organisations to provide concise and easily accessible details about the purposes of processing, the data recipients, the retention period, and other relevant information.
This right empowers individuals to make informed decisions, exercise their data subject rights, and fosters trust and transparency in data processing practices. |
| The right of access | This right grants individuals the right to request and obtain confirmation of whether their personal data is being processed by an organisation.
If the data is being processed, individuals have the right to access and obtain a copy of their personal data. Organisations are required to provide relevant information, respond to requests in a timely manner, and generally do so free of charge.
This right empowers individuals to be aware of and verify the processing of their data, ensuring transparency, accuracy, and the ability to exercise other data subject rights. |
| The right to rectification | This right gives individuals the right to request the correction or updating of their inaccurate or incomplete personal data held by organisations.
Individuals can submit requests to organisations, which are then responsible for verifying the accuracy of the data and making necessary corrections promptly. If the incorrect data has been shared with third parties, the organisation must inform them about the rectification. |
|
| This right allows individuals to ensure the accuracy and completeness of their personal data, promoting transparency and control over their information. |
| The right to erasure/be forgotten | This right grants individuals the right to request the deletion or removal of their personal data held by organisations.
This right can be exercised when the data is no longer necessary, consent is withdrawn, processing is unlawful, or there is a legal obligation to erase the data.
Organisations must comply with erasure requests and inform third parties about the request, if applicable.
However, certain exceptions may apply, such as when the right to freedom of expression or legal obligations are involved. The right to erasure empowers individuals to have control over their personal data and promotes privacy and data autonomy. |
| The right to restrict processing | This right allows individuals to request limitations on the processing of their personal data by organisations.
This right can be exercised in situations where the accuracy of the data is disputed, processing is unlawful, data is no longer needed but required for legal claims, or an objection to processing is pending verification.
When processing is restricted, organisations can only store the data and must refrain from further processing unless with the individual's consent or for specific legal purposes. The right to restrict processing gives individuals control over their data and promotes privacy, accuracy, and individual autonomy in data processing. |
| The right to data portability | This right gives individuals the ability to request and receive their personal data from an organisation in a machine-readable format.
This data can then be transferred to another organisation of the individual's choice. The right applies to personal data provided by the individual and processed based on consent or contract. Organisations must facilitate the direct transfer of the data or transmit it to the requested organisation.
While technical feasibility and data security are considerations, the right to data portability aims to empower individuals by promoting data control, facilitating data transfers, and encouraging competition and interoperability among service providers. |
| The right to object | This right gives individuals the power to object to the processing of their personal data by organisations. This right applies to processing based on legitimate interests or for direct marketing purposes.
Individuals must be provided with clear notice of this right and have the ability to object before or at the time of processing. |
|
| Organisations must respect the objection unless they can demonstrate compelling legitimate grounds for continued processing that outweigh the individual's interests.
The right to object empowers individuals to have control over their personal data, protect their privacy, and influence how their data is used. |
| Rights relating to automated decision making and profiling | This right provides individuals with safeguards against potentially negative effects of automated decisions and profiling processes.
Individuals have the right to receive an explanation when automated decisions significantly affect them. They also have the right not to be subject to solely automated decisions with legal or similarly significant consequences unless there is human intervention or explicit consent.
Profiling, which involves automated processing to evaluate aspects of individuals, is subject to transparency, fairness, and the individual's explicit consent |
How do I utilise my data protection rights?
If you wish to utilise any of the above rights, please contact our Legal, Risk, and Data Protection Department using the below email:
| Data Queries: |
Do we share your Personal Data?
Sharing your information within our company and group
We share the information that you provide to us with our staff so that we can provide our products and services to you. We sometimes share your personal information with other specified organisations, including those who provide us with assistance in delivering our products or services or, where applicable, regulate our provision of such products or services.
We share the information that you provide to us with International Dyslexia Learning Solutions Limited (IDLS) or any other companies within the Ascentis group and other websites that we operate.
Personal Learner data will be shared between the recognised exam centre that registers the learner(s) onto any qualification(s) and Ascentis, according to the Centre Agreement. Centres are required under this agreement to keep all Learner Records and details of achievement in an accurate, timely, confidential, and secure manner, and keep full and accurate records of their performance in the event of an audit from Ascentis. This is to maintain that your personal data is kept secure, and we remain compliant.
Sharing your information with third parties
We will not sell or rent your data to third parties.
We will not share your data with third parties for marketing purposes.
From time to time, we may need to share your information with selected third-party business partners, suppliers, and sub-contractors for the performance of a contract we have with them. In such circumstances, we only share the data necessary for them to deliver the service and have in place a contract or data sharing and usage agreement that requires them to keep your data secure and not to use it for their own marketing purposes.
Third-party organisations that provide services to us (including providing IT services and assisting us with carrying out marketing activities):
| Third Party | Description: | Privacy Policy: |
| Parnassus | Parnassus supports the core business functions of an awarding organisation: qualification management, approved centres, learner registration, entry of achievement through to certification. A portal-style solution which can be used by internal staff, and, with our sophisticated security structure, any function can be made available to centres, EQA's, assessors and other external users. Parnassus is the only fully web-based awarding organisation management system with such an extensive range of functions. | |
| QuartzWeb | A system designed to support managing learner registrations and awards. | |
| Hilton Baird | A financial services firm offering a range of services including commercial finance, invoice finance, and credit management solutions. | Privacy Policy and Cookies | Hilton-Baird Collection Services. (hiltonbairdcollections.co.uk) |
| Royal Bank of Scotland (RBS) | A major retail and commercial bank offering a wide range of financial services including banking, loans, mortgages, and investment banking. | |
| Microsoft | A multinational technology company renowned for its software products including the Windows operating system, Office suite, and cloud services such as Azure. | |
| Inventry |
| |
| QuestionMark | Provider of assessment and testing software solutions for educational institutions. | |
| Surpass/BTL | A company specialising in assessment technology, likely offering software solutions for secure exam delivery and assessment management. | |
| ProctorExam | A company providing remote proctoring solutions for online exams, ensuring the integrity and security of the examination process. | |
| Amason Web Servies (AWS) | A subsidiary of Amason offering a comprehensive suite of cloud computing services including storage, computing power, and database solutions. | |
| FCS Protect | Cybersecurity solutions or data protection services to businesses, focusing on safeguarding against cyber threats and ensuring compliance with data protection regulations. | |
| Eventbrite | An online platform that enables users to create, promote, and sell tickets for events, ranging from small local gatherings to large-scale conferences and festivals. | |
| SurveyMonkey | An online survey platform that allows users to create and distribute surveys for market research, customer feedback, and other data collection purposes. | |
| PayPal | A digital payments platform allowing individuals and businesses to send and receive money online securely, as well as process online payments. | |
| Stripe | A technology company providing online payment processing for internet businesses, offering APIs and other tools to accept payments, manage subscriptions, and handle other financial transactions. | |
| TNT | A global courier and logistics company providing express delivery services for parcels, documents, and freight shipments. | |
| Click Dimensions | A marketing automation platform integrated with Microsoft Dynamics | |
| Veremark | A provider of employment verification solutions, offering services to verify and authenticate employment histories and credentials of job applicants. | |
| TeamTailor | An applicant tracking system and recruitment software designed to streamline the hiring process for businesses, from sourcing candidates to managing job applications. |
Third-party organisations that collect data relating to examination results:
- Quality Assurance Agency for Higher Education (QAA),
- Ofqual,
- UCAS,
- Bath Data (SERAP),
- Learning Records Service (LRS)
- Third-party organisations that collect data relating to training and CPD
- We provide personal data to the CPD Certification Service for attendees to gain recognised CPD certificates for many of our training events.
For you to attend some of our events, we may use Eventbrite for customers to gain admission. You will be asked for your full name and email address when signing up to these events using Eventbrite in order to attend the Ascentis event.
We may also share your name, email address, unique identifier (such as a username), captured facial photograph, captured identification, recorded video stream and other technical details such as IP address and location when your learners are using the proctored exam service with ProctorExam for the purposes of remote invigilation to satisfy our regulatory obligations. This data is forwarded onto our quality assurance department for them to assess the examination and its candidates for cases of malpractice. Information gathered will be processed in the Frankfurt region of Germany and therefore will NOT be processed by ProctorExam outside of the EEA as per clause 16.5 of our contract for supply of assessment software and services.
Ascentis and ProctorExam have entered into a contract to provide adequate protection of your data such that it will be handled with the same degree of protection as that offered under the GDPR. This agreement is necessary to allow Ascentis to ensure the validity of examination results and the processing of personal data, as described above, is therefore necessary for the performance of our contractual obligations.
There may be certain exceptional circumstances in which we may disclose your information to third parties
This would be where we believe that the disclosure is:
- Required by police, law enforcement agencies and regulatory bodies for the purpose of preventing and detecting fraud, crime, and criminal activity.
- Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings
- Necessary to protect the safety of our employees, our property, or the public
- Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction.
- Proportionate as part of a merger, business or asset purchase or sale, in the event that this happens we will share your information with the prospective seller or buyer involved
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and lawful bases.
Ascentis will not sell, rent, or lease your personal data to any third party.
International Transfers
On the 28 June 2021, the UK was granted ‘adequacy’ by the European Commission in General Data Protection Regulations (GDPR) terms.
International transfers to the UK and Ascentis from the European Economic Area (EEA) and other adequate countries can continue to take place with no additional safeguards.
We do not currently transfer any of your data outside the EEA unless that is where you are located.
Artificial Intelligence Usage:
At Ascentis, we are committed to ensuring transparency and protecting your personal information. As part of our ongoing innovation efforts, we use Artificial Intelligence (AI) technologies to enhance our services and optimise internal processes. AI refers to systems or machines that perform tasks typically requiring human intelligence, such as learning from data, recognising patterns, or making decisions.
In line with relevant data protection laws, including GDPR, we have policies and procedures in place to safeguard the security and privacy of your data. Our Acceptable Use of AI Policy strictly prohibits all staff members from inputting any personal information, regardless of the data subject, into AI models. Any personal data that is entered into our systems will be at the staff member’s discretion and will only involve personal information relating to themselves, not third parties.
We continue to ensure full compliance with applicable data protection regulations and are committed to maintaining the highest standards of privacy in our use of AI technologies.
If you have any questions or need further information about our AI usage and data protection practices, please contact us at [email protected].
Use of Microsoft Copilot
We utilise Microsoft Copilot to assist in documenting communications with our suppliers and customers. This advanced tool helps us streamline and improve our documentation processes by leveraging AI to summarise and organise the information exchanged during interactions.
Why We Use Microsoft Copilot
Our primary goal in using Microsoft Copilot is to enhance the efficiency and accuracy of our communication records. By doing so, we aim to:
- Improve our customer experience by providing prompt and accurate responses.
- Ensure that we can resolve queries and issues effectively and efficiently.
- Maintain high standards of service by having a clear and concise record of communications.
How We Use Microsoft Copilot
When you communicate with us, Microsoft Copilot may be used to:
- Summarise key points and action items from conversations.
- Generate structured and organised documentation of interactions.
- Store essential information within our Customer Relationship Management platform
- Assist in the categorisation and prioritisation of communications for follow-up and resolution.
Data Storage and Usage
The information documented with the help of Microsoft Copilot is stored in our Customer Relationship Management (CRM) system. We only retain information that is essential for:
- Enhancing your customer experience.
- Resolving queries and issues.
- Fulfilling any legal or regulatory requirements.
We are committed to maintaining the confidentiality and security of your data. The information is accessed and used strictly for the purposes outlined above and is handled in accordance with our data protection policies.
Your Control Over Your Data
If you prefer that we refrain from keeping information documented by Microsoft Copilot, please contact us using the details provided in the general company information table earlier in this notice. We respect your privacy and will act accordingly upon your request. For any further questions or concerns about our use of Microsoft Copilot or our data handling practices, please do not hesitate to reach out to us. Your trust is important to us, and we are here to address any of your concerns.
How do I complain?
You have the right to make a complaint at any time to us using the email, website, or address above if you have any concerns about our use of your personal information.
You can also complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues if you are unhappy with how we have used your data or how we have handled your complaint.
The ICO’s complaints page is as follows: https://ico.org.uk/make-a-complaint/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes to this Privacy Notice
We reserve the right to make changes to this Privacy Notice from time to time. If you have any questions or queries about the changes that we make from time to time, please tell us via the contact details provided below in this Privacy Notice.
Ascentis will review and update this Privacy Notice to reflect company and customer feedback and changes to laws and regulations. Ascentis encourages you to periodically review this notice to be informed of how Ascentis is protecting your information.
Cookies
We use a variety cookies to provide data about how our website is being used and to improve the advertising.
If you want to disable cookies, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.
You can find more information about our cookie usage within our Cookie Policy.
