This document sets out our data processing practices and your rights and options regarding the ways in which your personal information is used and collected. If you have any queries, please contact WSET’s data protection contact by emailing email@example.com.
1. Who we are and how to contact us
We are the Wine & Spirit Education Trust, a charity registered in England and Wales. Our Charity number is 313766 and our company number is 964179. Our registered address is 39-45 Bermondsey Street London SE1 3XF. Where we use the words “WSET” “we” “us” and “our(s)”, we are referring to the Wine & Spirit Education Trust.
If you have any questions about how we use your personal information or how we comply with our responsibilities, please contact us as follows:
Call: +44 (0)20 7089 3800
Write: 39-45 Bermondsey Street, London SE1 3XF
2. How we collect your personal information
We collect your personal information in a number of different ways, depending on how you engage with us. We have set out these methods below.
When you directly provide it to us directly
For example, when you subscribe to a WSET newsletter, respond to a WSET survey, or register for a WSET-hosted course or event.
From your chosen course provider
When you register for an exam with WSET, your chosen course provider (known as your Approved Programme Provider or ‘APP’) must provide WSET with some of your personal information for the purpose of identification and managing your qualifications and results.
When our systems collect information or personal information indirectly
For example, whenever you use a website or mobile application. The most common type of information collected is in the form of cookies (cookies are small text files sent by your computer each time you visit our website) but can also include personal information transferred by the device you are using to access our website. The manufacturer of your device or the provider will have the details about what information your device shares. Please see our Cookies Policy for more information.
3. What personal information we collect
The type of information we collect depends upon your engagement with us. We may collect the following information about you:
(a) Your name, date of birth, gender and contact details (this could include your postal address, telephone numbers and email address);
(b) Purchases and orders made by you or on your behalf by your chosen course provider;
(c) Your payment card details (which are encrypted) when you purchase any products or services (should you pay for one of our products or services over the telephone or using one of our payment forms, your card details will not be retained and will be securely destroyed);
(d) When you set up any account with us, your login credentials;
(e) Your marketing preferences;
(f) Your correspondence with us;
(g) In certain situations, information relating to health which may be required to support applications for reasonable adjustment and/or special consideration in the context of exams for WSET qualifications;
(h) Your ethnicity and/or racial origin and such other information as may be required by our regulator in connection with the delivery of WSET qualifications.
4. Why we collect your personal data
We use your personal information for a number of different reasons, which we set out below.
(a) To register you as a candidate with WSET and enable you to sit exams for WSET qualifications.
(b) To administer and conduct your exam, including making arrangements for reasonable adjustments and/or special considerations.
(c) To communicate with your course provider and issue your exam results and qualification certificate as appropriate.
(d) To provide you with post-results services such as enquiries against results and appeals and solicit feedback from you on WSET qualifications.
(e) To process your registration for any WSET-hosted courses or events so that we can deliver these services to you.
(f) To send you information regarding the course or event for which you are registered (or which you have registered interest in).
(g) To process sales of products or services you have purchased from us.
(h) To manage any account(s) for providing our online services including but not restricted to our Online Classroom and Global Campus where you have registered with us so that:
(I) We can provide you with the relevant products and services;
(II) You can access relevant course materials;
(III) We can fulfil our services and communicate with you about them.
(i) To verify your identity.
(j) To carry out research to better understand your requirements on the relevant products and services.
(k) To personalise, report on and improve the services and products we provide to you, and to provide you with a best-in-class customer service experience.
(l) To send you marketing communications including information about our qualifications, upcoming events and links to our blogs.
(m) To investigate any potential maladministration, malpractice, or other non-compliance in connection with the delivery of WSET qualifications.
5. Lawful processing
We are required to rely on one or more lawful grounds to collect and use the personal information we have outlined above. We consider the grounds listed below to be relevant:
Where applicable law allows us to collect and use personal information for our or another person’s legitimate interests, and the use of your personal information is fair, balanced and does not unduly impact your rights.
We rely on this ground to process your personal information when we believe that it is more practical or appropriate than asking for your consent. For example, when we use your personal information to register you for and process your exams, that is a key component of our legitimate business interest in providing you with a WSET qualification. Additionally, where you provide information on the Online Classroom and Global Campus, we will rely on the legitimate interest ground to communicate with you in most instances.
Where we ask for your consent for our use of your personal information for a specific purpose. For example, we will ask for your consent to send you marketing materials via email. You always have the right to withdraw your consent.
Where it is necessary to use your personal information to fulfil a contract with you or to take steps at your request prior to entering into one. For example, when you sign up to the Online Campus and Global Classroom, you are asked to agree to our terms and conditions. This creates a contract between you and WSET. It may be necessary to use your information to update you about access to the Online Campus, or other such administrative matters.
Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject. For example, we may need to report matters from time to time to our regulators, including the Charity Commission and Ofqual.
6. Special Categories of personal information
Data protection law recognises certain categories of personal information as sensitive and therefore requiring more protection. These categories of data include information about health, ethnicity, and political opinions.
We may collect and/or use special categories of data in connection with the provision of our services, for example in order to make adjustments for any disabilities or dietary requirements you may have. We will only process these special categories of data if there is a valid reason for doing so and where the data protection laws allow us to do so.
7. Marketing communications - Opt-in and Opt-out
In general, WSET will not send you any marketing information unless you have requested to receive e-mail/text/social media message updates from us. However, if you have made a purchase from us in the past or contacted us in relation to one of our qualifications, we may contact you in the future about similar items or qualifications. We will always provide you with an opportunity to opt-out of any further communication, as discussed more below.
For legal entities, such as companies, limited liability partnerships and other incorporated organisations, WSET operates, in compliance with the relevant data protection laws, an ‘opt-out’ policy. This means that we will continue to contact such businesses with news and information of our goods and services until we are informed that this communication is no longer required.
If you (whether an individual or a legal entity) wish to be removed from our direct marketing list and do not wish to receive any further information from us (opt-out) you can inform us of this by clicking on the link at the bottom of each email communication you receive from us, or by our Contact Us page. Once this information is received, we will remove you from our direct marketing database.
8. Sharing your personal information with third parties
For us to provide you with products and services, we on occasion share some of your personal information with certain approved third parties. These include course providers, examiners, suppliers (for example, our IT services provider) and regulatory bodies (for example, Ofqual, the Charity Commission or Information Commissioner’s Office).
We reserve the right to disclose your personal information to third parties:
(a) in the event that we buy or sell any business or assets, in which case we may disclose your personal information to the prospective buyer or seller of such business or assets;
(b) if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
(c) with our professional advisors e.g., lawyers, where necessary to protect our interests;
(d) if we are under any legal or regulatory obligation to do so; and
(e) in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.
If we share your information with any other third party, we will let you know in advance.
9. How do we keep your personal information secure?
We are committed to maintaining the security of your personal information. We conduct a data security review of any third party we are required to share your personal information with to ensure that they meet our high security standards.
Every company we work with is required to have a contract with us that clearly describes how your personal information is kept secure.
We will only ever share data specific to its intended use.
Specific details of what data we have shared are available to you on request.
10. International Data Transfers
While WSET is based in the UK, our reach is international with candidates and course providers based around the world. This means that it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the EEA.
Please note that certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections. Where your personal information is transferred, stored, and/ or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards designed to protect your personal information. For instance, we may use cloud providers to store personal information who have servers in the US and are signed up to the Privacy Shield. If you have any questions about the transfer of your personal information, please contact us using the details above.
11. Data retention – how long do we hold your personal information
We will not hold your personal information for longer than is necessary for the purposes described in this policy. If, however, you have completed one of our qualifications we will retain your information for a longer period, in order to comply with our regulatory obligations.
For full details about our retention policy, please contact firstname.lastname@example.org
12. Your rights
You have several rights under data protection law, these are summarised below.
The right to be informed
You have the right to total transparency on how we are using your personal information, we will endeavour to make this clear by ensuring that this document is regularly reviewed and updated, but if you have any concerns or questions please send them to our data protection contact at email@example.com
Your right of access
You have the right to know what information we hold about you and how it is processed. If you wish to access your personal information, contact firstname.lastname@example.org. If we are satisfied that you have a right to see this personal information and we are able to confirm your identity, we will, except in very limited circumstances provide you with this personal information.
The right to rectification
If you think that the information we hold about you is inaccurate or incomplete, or if your contact details change, please ask us to amend it by contacting email@example.com.
The right to erasure
You reserve the right to ask us to delete your personal information; however, this is not an absolute right. We can refuse to erase personal information which we need to keep in order to comply with legal obligations. For example, we are required by HMRC to keep personal information for up to 6 years for VAT reporting purposes, and in relation to investigations by law enforcement agencies or the Information Commissioner’s Office.
When you ask us to delete your personal information, we may clarify with you as to whether instead you no longer wish to hear from us again. If this is the case, we may retain limited information about you to make sure you are removed from all future marketing lists.
The right to transfer your personal information (known as data portability)
You have the right to move, copy or transfer your personal information from one organisation to another. If you wish to transfer your personal information, we would be happy to help. If you ask for a data transfer, we will give you a copy of your personal information in a structured, commonly used and machine-readable form (for instance, in a CSV file format). We can provide the personal information to you directly. When making a transfer request, it would be helpful if you can identify exactly what personal information you wish us to transfer. We will comply with your request within one month or, if the request is complex or there are several requests from you, within two months.
The right to object
If you would like us to stop processing your personal information:
(a) for marketing purposes;
(b) on the basis of legitimate interests; and/or
(c) for research purposes
simply let us know by contacting firstname.lastname@example.org
If you would like to exercise any of the above rights, or if you have any questions or complaints, please contact email@example.com
You also have the right to contact and raise an issue with the Information Commissioner’s Office. You can find the relevant details on their website: https://ico.org.uk/
13. Policy Update
We may update this policy from time to time to take account of any new business activity or to reflect any changes in law or best practice in relation to data protection. We will seek to make you aware of any significant changes to this policy by placing an update notice on our website.