IWEC complies with its obligations under the General Data Protection by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; by ensuring that appropriate technical measures are in place to protect personal data and by guaranteeing total transparency on how we manage your data. This document is intended to clearly set out our personal data policy, but if you have any concerns please get in touch with our data protection officer by emailing firstname.lastname@example.org.
Why we collect your personal data
1. To process your registrations for any courses, assessments or events and to deliver those services to you
2. To send you information regarding the course or event on which you are registered (or have registered interest in)
3. To process sales of products you have purchased from us
4. To manage any account(s) for providing our online services including but not restricted to our online classroom and Global Campus where you have registered with us so that:
~ We can provide you with the relevant products and services
~ You can access relevant course materials
~ We can fulfil our services and communicate with you about them
~ To verify your identity
~ To carry out research to better understand your requirements on the relevant products and services
5. To personalise, report on and improve the services and products we provide to you, and to provide you with a best in class customer service experience
6. To send you marketing communications including information about our qualifications, upcoming events and links to our blogs.
Other legitimate interests
When we send you news regarding our products we will do so on the basis that we have your consent. However, to allow us to provide continual best in class service we believe we have legitimate interest to process your personal data so that we can:
• Improve our existing product range and services
• Provide you with a best in class customer service experience
• Protect you as our customer, our employees and our business
• Understand your likes and dislikes, what services you wish to hear about and how best to contact you to inform you about them.
What personal data we collect
We may collect the following information about you:
• Your name, date of birth and contact details
• this could include your postal address, telephone numbers and email address
• Purchases and orders made by you or on your behalf by your chosen course provider
• Your payment card details (which are encrypted) when you purchase any products or services
• should you pay for one of our products over the telephone, your card details will not be recorded and kept by WSET
• When you set up any account with us, your login credentials
• Your marketing preferences
• Your correspondence with us
How we collect your personal data
1. When you provide it to us directly – for example, when you subscribe to a WSET newsletter, or register on one of our courses or events as we are required to register you with WSET in London.This includes your name; your mailing address; your date of birth; your email address. If you have any queries about how this information is provided and used, please email the email@example.com
2. When our systems collect information or personal data indirectly – for example, whenever you use a website or mobile application. The most common type of information collected is in the form of cookies (cookies are small text files sent by your computer each time you visit our website) but can also include personal data transferred by the device you are using to access our website. The manufacturer of your device or the provider will have the details about what information your device shares.
When do we share your personal data?
1. With core service providers to enable our business to function
We rely on a set of external companies who are governed by contractual agreement to provide us with services that enable our business to run effectively. For example – email marketing services, IT service providers for data storage and business continuity/disaster recovery, banks and clearing houses to process payments, courier services for the delivery of course materials and course providers.
2. With law enforcement agencies and regulators when required to do so by law
We are required to co-operate with regulators and law enforcement agencies (like the police). Although it does not happen often, regulators and law enforcement agencies can require us to share information with them as part of an investigation, this may include your personal data.
What personal data do we share?
We need to process some of your personal data to fulfil your registration on any events or courses. We will share your payment details with our bank or clearing house so that we can process payment for your purchases or orders
Data retention – how long do we hold your personal data
• We will not hold your personal data for longer than is necessary for the purposes described in this policy.
• We will keep your personal data whilst your accounts remain active
• We may keep categories of personal data, e.g. name, date of birth and address, after your accounts are closed to meet any legal or regulatory requirements
You have several rights under data protection law, these are summarised below however for further information you should contact firstname.lastname@example.org.
1. The right to be informed
You have the right to total transparency on how we are using your personal data, we will endeavour to make this clear by ensuring that this document is regularly reviewed and updated, but if you have any concerns or questions please send them to email@example.com
2. Your right of access
You have the right to know what information we hold about you and how it is processed. If you wish to access your personal data, contact firstname.lastname@example.org. To process your request, we will ask you to complete a Subject Access Request (SAR) form and provide proof of identity so that we can be sure we are releasing your personal data to the right person. We will respond to your request within the guidelines set out in the SAR and in line with data protection guidelines.
3. The right to rectification
If you think that the information we hold about you is inaccurate or incomplete, or if your contact details change, please ask us to amend it by contacting email@example.com. We will process your request without delay.
4. The right to erasure
You reserve the right to ask us to delete your personal data, however, this is not an absolute right. We can refuse to erase personal data which we need to keep in order to comply with legal obligations. For example, we are required by SARS to keep personal data for up to 9 years for VAT reporting purposes, and in relation to investigations by law enforcement agencies or the Information Commissioners Office.
When you ask us to delete your personal data, we assume that you no longer wish to hear from us again. To ensure we do not send you any further communications regarding our products or services in future we will retain just enough of your personal data for suppression purposes.
5. The right to transfer your personal data (known as data portability)
You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data, we would be happy to help.
If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (for instance, in a CSV file format). We can provide the personal data to you directly.
When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
We will comply with your request within one month or, if the request is complex or there are several requests from you, within two months.
6. The right to object
If you would like us to stop processing your personal data for marketing purposes simply let us know by contacting firstname.lastname@example.org.
• That you control the personal data you provide to us
• We will always inform you what personal data we are collecting from you, how we collect it, and how we will use it.
• We will always use market leading technology and software to ensure that the personal data we have collected is secure.
• Where we make use of third parties for services and this involves sharing your personal data, we will make sure they have the appropriate security measures
• We will only send you marketing communications if you have given consent that we can do so, and we will always offer you a clear and simple means of amending your preferences whenever you wish
We may update this policy from time to time to take account of any new business activity or to reflect any changes in law or best practice in relation to data protection. We will notify you if we do so.
This policy was last updated on 01 July 2020