Corporate Training

Privacy Policy

Last Updated: 10th December 2025

Introduction

INTRODUCTION 

This Privacy Policy explains how the London School of Emerging Technology (“LSET”, “we”, “us”, “our”) collects, uses and protects your personal data when you interact with us, including when you apply to or enrol in an LSET programme, use our online learning platforms, communicate with us, visit our website, or engage with us in a recruitment or employment context. 

This Privacy Policy applies to all prospective, current and former learners, website users, job applicants, employees, contractors and any other individuals whose personal data we process in connection with our operations. A separate Privacy Policy will be provided for Avidator, our attendance software platform, which is governed by different data processing activities. 

Please read this policy carefully. If you have any questions, you can contact us using the details set out below. 

  1. Important Information and Who We Are 

LSET is the controller of your personal data. This means we are responsible for determining how and why your personal data is used, and for ensuring it is handled in accordance with UK data protection law. 

We also use carefully selected third-party service providers to process certain personal data on our behalf. This includes an overseas teaching, technical, administrative, and HR support partner based in India, who processes personal data strictly under our documented instructions. Details of these transfers and the safeguards used are set out in Section 6 (International Transfers). 

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us using the details in Section 10. 

  1. The Types of Personal Data We Collect 

We only collect personal data necessary for the operation of our educational services, administration, HR functions, and website. The categories include: 

Identity Data 

Full name, previous names, date of birth, nationality (if provided), LSET student ID. 

Contact Data 

Email address, telephone number, postal address. 

Academic and Enrolment Data 

Course selections, enrolment records, attendance, assessments, progress information, learning interactions. 

Financial and Transaction Data 

Payment records, invoices, refunds, transaction history. (Note: we do not collect or store full payment card details). 

Technical Data 

Login information, IP address, device identifiers, browser data, usage analytics, system logs relating to your interactions with our online platforms. 

HR and Recruitment Data 

For employees, contractors and job applicants: CV, qualifications, references, right-to-work documentation, employment records and performance information. 

Special Category Data 

We do not intentionally collect special category data (e.g. health, biometric or ethnicity data). If such data is voluntarily provided or required by law, we will only process it where strictly necessary and in accordance with Article 9 of the UK GDPR. 

Aggregated Data 

We may generate aggregated data or statistical data for analytics and service improvement. Aggregated data is not treated as personal data unless it can be used to identify someone. 

  1. How We Collect Your Personal Data 

We collect personal data through: 

Direct interactions 

When you complete online forms, enrol in a course, apply for a job, communicate with us by email or telephone, or use our services. 

Automated technologies 

When you use our website or online platforms, we collect technical and analytics data to support site functionality, performance and security. 

Third-party providers 

We receive data from service providers who support our website, learning platforms, payment systems, HR processes and IT infrastructure. 

  1. How We Use Your Personal Data 

We only use your personal data where we have a lawful basis to do so. The table below explains each purpose and the lawful basis we rely upon.  

Purpose of Processing 

Description 

Lawful Basis 

Programme enrolment and administration 

Processing applications, registrations, payments and account creation. 

Performance of a contract 

Delivering education and student services 

Managing attendance, assessments, teaching delivery, communications and learner support. 

Performance of a contract 

Operating online platforms and IT systems 

Enabling access to learning systems, managing logins, system security and functionality, and usage analytics. 

Legitimate interests (efficient operation and security of our services) 

Service quality and improvement 

Monitoring usage patterns, enhancing our programmes and user experience. 

Legitimate interests 

Regulatory, legal and financial compliance 

Record-keeping, accounting, audit and responding to lawful requests. 

Legal obligation 

Recruitment and HR management 

Processing applications, maintaining employment records, and administering HR services (including offshore HR support). 

Performance of a legal contract & legal obligation 

Marketing (where permitted) 

Sending communications about courses or events. 

Consent (where required) 

We do not sell your personal data, and we will not use it for unrelated purposes without informing you. 

  1. Disclosures of Your Personal Data 

We may share your personal data with: 

  1. Service providers who support our IT, learning platforms, analytics, HR processes, payment systems and website hosting. 
  1. Professional advisers (lawyers, accountants, auditors) where necessary. 
  1. Regulatory or governmental bodies where legally required. 
  1. Our contracted partner company in India, which provides teaching, administrative, technical and HR support services. This partner acts strictly as a data processor and only accesses personal data when required to deliver contracted services under our instructions. 

All third-party processors are required to implement appropriate security, confidentiality and compliance measures.  

  1. International Transfers 

Where our Indian support partner accesses personal data, this constitutes a transfer outside the UK to a country that does not benefit from an adequacy decision. 

To ensure your personal data remains protected, we implement the following safeguards: 

  1. UK-approved Standard Contractual Clauses (SCCs). 
  1. The UK Addendum to the SCCs, where applicable. 
  1. A Transfer Risk Assessment (TRA) evaluating Indian law, access risks and technical safeguards. 
  1. Contractual obligations requiring confidentiality, restricted access and secure handling of data 

These mechanisms ensure your personal data receives a level of protection essentially equivalent to the standards required under UK GDPR. 

  1. Data Security 

We use a combination of organisational and technical measures to safeguard your personal data, including: 

  1. Restricted access on a need-to-know basis. 
  1. Authentication and access controls. 
  1. Encryption and secure transmission protocols. 
  1. System monitoring, logging and threat detection. 
  1. Staff confidentiality obligations. 
  1. Incident response and breach notification procedures. 

Only authorised personnel, including our overseas processor where necessary, may access personal data and are bound by confidentiality duties. 

  1. Data Retention 

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting and reporting obligations. We apply the following retention periods: 

  1. Learner records: 6 years after completion of studies 
  1. Financial and transaction data: 6 years for accounting and audit purposes 
  1. HR and recruitment records: duration of employment plus 6 years 
  1. System logs and analytics: 12 months 

After these periods expire, we securely delete or anonymise the data. 

  1. Your Legal Rights 

Under UK data protection law, you have a number of rights in relation to your personal data. These rights are not absolute and may, in certain circumstances, be subject to limitations. We will always explain clearly if any limitations apply when responding to your request. 

You have the right to: 

  1. Access your personal data – You can request a copy of the personal data we hold about you and certain information about how we use it (commonly known as a “subject access request”). This enables you to check that we are processing your data lawfully 
  1. Correct your personal data – If any of the personal data we hold about you is inaccurate or incomplete, you may ask us to correct or update it. 
  1. Request erasure – You may ask us to delete your personal data where: 
  • there is no lawful reason for us to continue processing it; 
  • you have withdrawn consent (where consent was the lawful basis); 
  • you have successfully exercised your right to object; or 
  • we are required to erase it to comply with our legal obligations. 

We may not always be able to comply with your request immediately if there are lawful grounds for retaining the data (for example, where retention is required for accounting, regulatory, audit or legal claims). 

  1. Object to processing – You may object to our processing of your personal data where we rely on legitimate interests as the lawful basis.  
    We will stop processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or where processing is required for legal claims. 

You have an absolute right to object to direct marketing, and we will action this promptly. 

  1. Request restriction of processing – You can ask us to suspend the processing of your personal data in the following situations: 
  • you wish to verify its accuracy; 
  • our use of the data is unlawful but you do not want us to erase it; 
  • we no longer require the data, but you need us to retain it for legal claims; or 
  • you have objected to our processing, and we are considering whether our legitimate grounds override yours. 
  1. Data portability – You may request that we provide your personal data to you or to another controller in a structured, commonly used, machine-readable format. 
    This right applies only to data processed by automated means and based on consent or on the performance of a contract. 
  1. Withdraw consent – Where we rely on consent to process your personal data, you may withdraw that consent at any time. 
    Withdrawal will not affect the lawfulness of any processing carried out before consent was withdrawn. We will inform you if withdrawal means we are unable to continue providing certain services. 

How to exercise your rights: 

To exercise any of your rights, please contact us using the details set out in Section 10 (Contact Details). 
We may need to request additional information to verify your identity before responding to your request. This is an important security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it. 

We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may extend this period. We will notify you if an extension is required. 

  1. Contact Details 

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: 

Email: admission@lset.uk

Postal Address: 1 Cornhill, London, EC3V 3ND, United Kingdom

Telephone: +44 (0) 20 3369 9909

  1. Complaints 

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK regulator for data protection (www.ico.org.uk). We ask that you contact us first so we can attempt to resolve your concerns informally 

  1. Changes to This Privacy Policy 

We keep our Privacy Policy under regular review. 

This version was last updated on 10th December 2025. 

Historic versions are available on request. 

Please notify us if your personal data changes during your relationship with us so we can keep our records accurate and up to date. 

  1. Third-Party Links 

Our website and online platforms may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies before providing any personal data.