Data Protection Policy

1. Introduction and Statement of Commitment

Learnera UK (“the Company”) is committed to protecting the privacy, security, and confidentiality of all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The Company recognises its responsibilities as a data controller and processor and is dedicated to maintaining robust data protection practices throughout its online learning, training, and business activities.

2. Purpose

The objectives of this Policy are to:

• Ensure compliance with all applicable data protection laws and regulations.

• Safeguard the personal data of learners, employees, partners, and other stakeholders.

• Promote a culture of accountability, transparency, and data privacy across all operations.

3. Scope and Applicability

This Policy applies to:

• All employees, contractors, freelancers, and volunteers of Learnera UK.

• Directors, officers, and managers.

• Third parties and service providers processing personal data on behalf of the Company.

• All personal data processed through the Company’s learning management systems, websites, and related digital services.

4. Legal Framework

The Policy aligns with:

• UK General Data Protection Regulation (UK GDPR)

• Data Protection Act 2018

• Privacy and Electronic Communications Regulations (PECR)

• Other relevant UK and EU legislation

5. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.

• Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

• Data Subject: An individual whose personal data is processed by the Company.

• Data Controller: Learnera UK, which determines the purposes and means of processing personal data.

• Data Processor: Any third party processing personal data on behalf of the Company.

6. Data Protection Principles

Learnera UK commits to processing personal data lawfully, fairly, and transparently, in accordance with the following principles:

1. Lawfulness, fairness, and transparency

2. Purpose limitation

3. Data minimisation

4. Accuracy

5. Storage limitation

6. Integrity and confidentiality (security)

7. Accountability

7. Lawful Bases for Processing

Personal data shall only be processed where a lawful basis applies, including:

• Consent of the data subject

• Performance of a contract

• Compliance with a legal obligation

• Protection of vital interests

• Legitimate interests pursued by the Company

8. Data Subject Rights

Learners, employees, and other data subjects have the following rights under this Policy and UK GDPR:

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object

• Rights in relation to automated decision-making and profiling

9. Data Security

Learnera UK implements appropriate technical and organisational measures to secure personal data, including:

• Encryption and secure storage

• Access controls and authentication

• Staff training and awareness

• Regular data security audits and assessments

10. Data Breach Response

The Company maintains a Data Breach Response Plan to:

• Identify and contain data breaches

• Assess the risk to data subjects

• Notify the Information Commissioner’s Office (ICO) within 72 hours where required

• Notify affected data subjects if there is a high risk to their rights and freedoms

11. Data Sharing and Third-Party Processors

Learnera UK will only share personal data with trusted third parties under written contracts that:

• Specify data protection obligations

• Ensure adequate safeguards are in place

• Permit the Company to audit or monitor compliance

Data will not be transferred outside the UK/EEA without appropriate safeguards in accordance with Chapter V of the UK GDPR.

12. Roles and Responsibilities

• Board of Directors: Oversee data protection compliance and approve this Policy.

• Data Protection Officer (DPO): Oversee implementation, monitor compliance, advise on data protection obligations, and act as a point of contact with the ICO.

• Employees and Contractors: Adhere to this Policy and complete mandatory data protection training.

13. Training and Awareness

• All staff will receive induction and refresher data protection training annually.

• Additional role-based training will be provided where appropriate.

• The Company will issue updates in response to changes in laws, regulations, or best practices.

14. Monitoring and Review

This Policy will be reviewed annually by the DPO and the Board of Directors, or sooner if required by legal or operational changes. Audits will be carried out regularly to monitor compliance and effectiveness.

15. Sanctions and Disciplinary Measures

Any breach of this Policy may result in:

• Disciplinary action up to and including dismissal

• Termination of relationships with third-party suppliers or contractors

• Potential civil or criminal liability under UK data protection laws

16. Contact and Reporting

Data subjects or employees with questions, concerns, or requests relating to personal data should contact:

Data Protection Officer
David Jennings
info@learnera.co.uk