Menu

Privacy Notice

1. About us

isowise Limited (“isowise”, “we”, “us” or “our”) takes data protection seriously and is committed to safeguarding all personal data in our possession. We only use information provided to us for specified and lawful purposes under the UK GDPR and handle this information with care and responsibility. Our ICO registration reference is ZC025115.

This privacy notice explains how we collect, use, share, retain and protect personal data.

If you have questions about this notice or our practices, please contact privacy@isowise.co.uk.

2. GDPR

We have written our Privacy Notice to comply with the UK GDPR (now referred to as ‘GDPR’) and Data Protection Act 2018 ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.

Our services are based in the United Kingdom and are subject to UK data protection law. We do not actively market to individuals in the European Union. Where individuals in the EU sign up voluntarily, we process their personal data in accordance with UK GDPR.

3. Information covered by this Privacy Notice

This privacy notice covers personal information, including any information we collect, use and share from you, as described further below. This privacy notice applies to all isowise websites, our products, and services (collectively, the “Services”). It also explains how we may retain and use anonymised data for statistical and service improvement purposes once personal data is removed.

When you purchase a Service from us, your personal information will be collected, used, and shared consistent with the provisions of this privacy notice.

4. Definitions

The Privacy Notice of isowise is based on the terms used by the UK legislator for the adoption of the GDPR. We use the following terms:

4.1 Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2 Data subject

Data subject is any identified or identifiable natural person, whose personal data are processed by the controller responsible for the processing.  Within this data protection policy, the terms; “you” and “data subject” are used freely and interchangeably.

4.3 Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4 Controller

Controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

4.5 Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4.6 Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

4.7 Sub Processor

Sub Processor is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the processor, are authorised to process personal data.

4.8 Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4.9 Anomyisation

The process of removing personal identifiers so that data can no longer be used to identify an individual, either directly or indirectly. Anonymised data is not personal data and is outside the scope of the GDPR.

5. Information we collect from you

The information that is processed by isowise falls into two distinct categories:

  • Client, supplier and prospect contact information, including enquiries submitted via the isowise.co.uk website. isowise are a data controller in this situation.
  • Details relating to users of our training portal, as provided by our clients. isowise are a data processor in this situation

We collect this data for the purposes described under “How We Use Your Information”.

5.1 Data collected via our website

For each visitor to our web page, our web server may use a tracking code or collect information that your browser sends whenever you visit our Web page. This information is aggregated to provide us with usage statistics and reports on Website visits. Data relating to your online activity on our websites including the following:

  • IP address
  • browser type and version
  • geographic location
  • pages you view
  • how you got to our Services and any links you click on to leave our Services
  • your interactions with any videos we offer
  • issues you encounter requiring our support or assistance
  • any device or other method of communication you use to interact with the Services

We store this data we collect in a variety of places within our infrastructure, including system log files, back-end databases and analytics systems. Further information is available on our Cookies Policy.

On the “Contact” and “Support” sections of our Website, we collect Personal Information that includes name, email address, and phone number.  We use this information to contact you for employment, sales and support reasons.  When you provide us with your contact information, you consent to allow us to contact you for those purposes.  This information is not shared with other organisations.   

5.2 Training data processed on behalf of our clients

isowise provides access to a training portal for clients and their employees. In the course of providing these services, isowise processes personal data on behalf of its clients.

Our purpose in processing this data is solely to enable users to access and complete training made available by the client. isowise acts as a data processor and does not control the data provided by clients. We process personal data strictly under the client’s documented instructions.

Individuals wishing to access, correct or delete their data should contact their organisation (the data controller). If the controller instructs us to remove personal data, isowise will act within 30 business days.

The personal data processed typically includes:

  • Name

  • Email address

  • User account identifiers such as usernames

  • Training activity information (e.g. enrolment, completion, quiz scores, access logs)

When the client relationship ends, isowise will remove personal identifiers such as name, email address and any unique account IDs. If no instructions are received from the controller, this will take place within one year from the end of the client relationship.

Following this process, any remaining data is fully anonymised and can no longer be used to identify individuals. Anonymised data may be retained for reporting, service improvement and statistical analysis. 

Where an individual signs up directly for a solo plan or free trial (for example, using a personal email address or as a self employed individual), isowise acts as the data controller for their personal data. Where access is provided through an organisation, isowise acts as a data processor on behalf of that organisation. In cases where the context is unclear, we will treat the account as a controller relationship by default.

6. How we use your information

We use the information we collect, both on its own and combined with any other information we collect about you, for the following purposes:

  • Service delivery (data processor) – To provide access to the training portal, manage user accounts and enable learners to complete courses on behalf of our clients.

  • Platform operation and security (data controller) – To operate, maintain and secure our website and platform, including diagnosing problems and ensuring proper functionality.

  • Support and communication (data controller) – To respond to enquiries, provide technical support and communicate with clients or users as needed.

  • Service improvement (anonymised data) – To analyse anonymised usage information to improve our platform and services.

  • Marketing and business development (data controller) – To promote our services to prospective clients where legally permitted.

7. Sharing of information

We use carefully selected third-party service providers (sub-processors) to help us deliver and support our services. These include providers of:

  • Hosting and infrastructure services

  • Email delivery and communications services

  • Customer support and ticketing tools

  • Customer relationship management systems

  • Backup, storage and security solutions

  • Analytics and supporting services used to operate and improve our platform and website.

On rare occasions, a technology provider may be given temporary, limited access to the platform solely to provide technical support. This access is strictly controlled and only granted when necessary.

All sub-processors are bound by written agreements requiring them to act only on our instructions and maintain appropriate safeguards to protect personal data.

Where any sub-processor is located outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with data protection law.

A list of current sub-processors is available on request via privacy@isowise.co.uk.

8. Tracking technologies and online advertising

We use cookies, web beacons, pixels, tags, scripts and other similar technologies in the course of our business. Information about the technologies we use, why we use them (for example, in connection with online advertising), and how you can control them can be found in our Cookies Policy.

9. Choice/opt-out

9.1 Email

You always have the opportunity to opt out of our marketing communications with you or change your preferences by following a link in the footer of all non-transactional email messages from us or by emailing us at privacy@isowise.co.uk.

9.2 Phone

We may contact you by telephone, with your consent where applicable, for marketing purposes. In the UK, we will check the Telephone Preference Service (TPS), Corporate Telephone Preference Service (CTPS) and our internal CRM system before making calls. If your number appears as blocked on either list, we will not call you. If you do not want to receive marketing calls, please contact us and we will update our records.

9.3 Cookies

Our websites use cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. Alternatively, the cookies preferences can be amended on our site at any time.

10. Retention of personal information

We retain personal data for as long as necessary to deliver services, comply with legal obligations, and support our clients’ contractual requirements.

Where we act as a data processor, we retain personal data in accordance with the instructions of the data controller (our client).

If no instructions are received, we will delete personal identifiers and anonymise the data one year after the end of the contractual relationship. Anonymised data may be retained for reporting, statistical and service improvement purposes and can no longer be used to identify any individual.

All other personal data will be securely destroyed in line with UK GDPR.

11. Legal basis for processing your information

We rely on different legal bases for processing depending on the context:

  • Processor activities: When we process personal data on behalf of our clients, we rely on the legal basis determined by the data controller (for example, performance of a contract or legitimate interests).

  • Controller activities: When we act as a controller (for example, managing our website, communications or marketing activities), our legal bases may include:

    • Contract – where processing is necessary to provide services you have requested.

    • Legitimate interests – for example, maintaining the security of our platform, responding to support requests, and promoting our services.

    • Legal obligation – where processing is required to meet legal or regulatory requirements.

    • Consent – where you have provided consent, for example, for marketing communications.

    • Vital interests or public interest – in limited circumstances where required by law.

We ensure that the appropriate legal basis is identified and documented for each processing activity.

12. Your rights

Under the General Data Protection Regulation (GDPR) you have a number of rights with regards to your personal data. Where we act as a Data Controller, you have the right to request from isowise access to and rectification of the data as well as for it to be erased and to restrict processing of the data in certain circumstances. Where we act as a processor, individuals should contact the client (data controller) to exercise their rights. We will support the controller in responding to requests as required by law.

If you have provided consent for the processing of your data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before consent has been withdrawn.

You also have the right to lodge a complaint with your local supervisory authority if you feel that isowise has not complied with GDPR requirements regarding your personal data.

We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please email privacy@isowise.co.uk. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

12.1 Informed

You have the right to be informed about the collection and use of your personal information.

12.2 Access

You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.

12.3 Portability

You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or its processing once received by the third party.

12.4 Rectification

You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

12.5 Erasure

You may request that we erase the personal information we hold about you in the following circumstances:

  • where you believe it is no longer necessary for us to hold the personal information;
  • we are processing it on the basis of your consent, and you wish to withdraw your consent;
  • we are processing your data on the basis of our legitimate interest and you object to such processing;
  • you no longer wish us to use your data to send you marketing; or
  • you believe we are unlawfully processing your data.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.

12.6 Restriction of processing to storage only

You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:

  • You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
  • We wish to erase the personal information as the processing we are doing is unlawful, but you want us to simply restrict the use of that data;
  • We no longer need the personal information for the purposes of the processing, but you require us to retain the data for the establishment, exercise, or defense of legal claims; or
  • You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.

12.7 Objection

You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.

Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by emailing privacy@isowise.co.uk.

12.8 Not to be subject to automated processing

You have the right not to be subject to decisions based solely on automated processing, including profiling.

13. Children

Our website and services are not directed to persons under 16. We do not knowingly collect personal information from children under 16. If a parent or guardian becomes aware that his or her child has provided us with personal information without such parent or guardian’s consent, he or she should contact us. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files.

14. Contact

individuals with inquiries or complaints regarding our Privacy Notice should first contact isowise at:

15. Complaints

isowise has committed to cooperate with UK data protection authority (DPA), concerning both human resources data and non-human resources data transferred from the UK.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the Information Commissioners Officer (ICO) for more information or to file a complaint. 

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

ICO website: www.ico.org.uk

16. Notification of changes

We reserve the right to modify this privacy notice at any time, so please review it frequently. If we decide to change this privacy notice in any material way, we will notify you here. Your continued use of any Services constitutes acceptance to any such changes.

Last modified October, 2025