We know there’s nothing more off-putting than the sight of a lot of boring small print, so we’ve written our Privacy Policy in plain English to make it clear, simple and easy to read. We hope you’ll find it helpful but if you have any concerns or questions please feel free to contact us in writing or by emailing support.dpo@wenso.co.uk.

We also share your information with awarding bodies such as IAPP, BCS and Others for whom we are official training partners, for account creation, training resource allocation, exam booking and certification purposes.

Who we are?

We are Wenso Ltd, our address is Suite 2, Ground Floor, No 5 Universal Square, Devonshire Street, Manchester, M12 6JH. You can contact us by post at the above address, by email at support.dpo@wenso.co.uk or by telephone on +441618832101.

Our Promise

Wenso Ltd is committed to respecting your privacy and ensuring the personal information you have entrusted with us is held securely and takes into account major privacy principles and frameworks around the world, including the Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR), and EU General Data Protection Regulation 2016/679 (GDPR). The enhanced data protection rights stated in this Policy are a reasonable and proportionate way of achieving compliance as required by the EU General Data Protection Regulation and other privacy principles and frameworks.

Purpose of this policy

This Privacy Statement is issued by Wenso Ltd (also referred to as “we”, “us” or “our” in this Privacy Statement) and sets out the ways and the manner in which we collect and use your personal data. It provides information about our privacy practices including details of the personal data we collect, use, disclose and transfer, as well as choices you can make and the rights you can exercise in relation to your personal data.

We occasionally update this Privacy Policy. When we do, we will revise the “last updated” date at the bottom of the Privacy Policy and we will notify you in advance of any changes. Please also ensure that you frequently check this Privacy Policy for any updates.

What is Personal data (information)?

Under the EU’s General Data Protection Regulation:

Personal Data is defined as “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Why we use your personal information

Wenso Ltd collects information about you to provide our services and products. To enable us to deliver our services and products in the best possible way, it is necessary for us to collect, process, and/or use the information as stated in this Policy.

We use the information we hold about you in a range of different ways, which broadly fall into these categories:

  1. Things we need to do in order to provide you with the products or services you've requested
  2. Things we need to do to meet legal or regulatory obligations
  3. Things that enable us to run our business effectively and efficiently
  4. Things we do with your consent for marketing purposes

We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. We only process your personal data on the following legal bases:

Performance of a contract: We may process personal information to enter into a contract and/or fulfil agreements with you or your organisations, including managing and delivering our services and products and allowing our customers to use our products/services and supplementary tools.

Legal obligation: We may process personal data to comply with applicable laws and regulations and establish or exercise our legal rights. For example, to meet the responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities.

Legitimate Interest: We may process personal data as necessary to pursue our legitimate business interests (except where such interests are overridden by the interests, rights or freedoms of the data subject). We use personal data and other data to provide services you request; processing your payment, providing customer-related services; managing, developing and improving our products and services; performing our marketing and sales operations; protecting our employees and assets; and ensuring compliance with laws and regulations. We ensure that the information is processed in a way that values your privacy rights. You have the right to object to processing as explained in data subject’s rights to restriction of, or objection to, processing of personal data.

Consent: We may process your personal information if you have provided your consent to us. In particular, where we cannot rely on an alternative legal basis or we are required by law to ask for your consent in the context of some of our sales and marketing activities, online data collection tools or surveys. At any time, you have a right to withdraw your consent by changing your communication choices, unsubscribing from our communications or contacting us.

Except as described in this Privacy Statement, we will not disclose the personal data with third parties without the consent of the data subject, unless for:

  1. 1. responding to duly-authorised information requests from police and governmental authorities
  2. 2. complying with law, regulation or court order
  3. 3. enforcement and protection of our rights and properties; or
  4. 4.protection of the rights or personal safety of our employees and third parties on or using our property when allowed, and in each case in compliance with applicable laws.

The type of information we collect:

We collect personal data only if required to provide our products or services, fulfil our legitimate business purposes and/or comply with applicable laws and regulations. Depending on your relationship with us, we collect and process personal data and other data to provide the services you request, to personalise the services according to your personal preferences and to communicate about our products and services. By visiting our site and/or using our app, registering to use the services we offer through our website or by contacting us, this Privacy Policy will apply.

The personal data we collect from you may include the following:

  1. Information you provide to us when registering for our services
  2. Information you provide to us in any correspondence and a record of any correspondence we have with you
  3. Details of transactions you carry out with us and information about your bank account and card details
  4. Information about your use of our services
  5. Information you provide to us through surveys you complete or competitions you enter
  6. Information about your preferences
  7. Information about any possible fraudulent, criminal or anti-money laundering activity which our systems detect
  8. Information we obtain from your device
  9. Information we obtain via cookies on your browser
  10. Information about you from external companies/sources
  11. Information about you from public places
  12. Information about you from social media
  13. Information you provide while from our adwords

What we do with your consent: Marketing

We will send you offers and information only if you have given your consent for us to do so, in which case we will contact you via email, post, or online about any of our group products and services. We never share your data with companies outside of our group companies for them to use for their own marketing. From time to time, we may team up with a third party to bring you details of a product or service we think might interest you, but where we do this the contact will come from us - we will never pass your details to the third party without your prior consent.

Online banner adverts: cookies

If you have enabled cookies in your browser you may receive banner adverts on our homepage, as these are cookie-based and are not tailored using other information we hold about you. As they are cookie-based you will receive them even if you have opted out of personalised marketing, but you can control them easily via your browser settings.

Social media advertising

If you have given your consent to marketing, we may work with social media companies such as Facebook, Twitter, Linkedin to provide you with information about our products and services via their platforms. If you do not wish to see these adverts, you can disable preference-based marketing in the privacy and ad settings on each individual social platform.

Even if you have withdrawn your consent to personalised marketing by Wenso Ltd, you may still see general adverts for Wenso Ltd products and services on your social media feeds. These will not be specifically targeted to you, and again, you can control this via the privacy and ad settings on each platform.

Sharing your personal information

We will appoint certain third parties including, but not limited to, analytics companies, advertising agencies, risk and fraud agencies or customer service agencies to process your personal data on our behalf. These third parties will only process your personal data in accordance with our instructions and we will ensure that adequate measures are in place to ensure that your personal data is processed only in accordance with this Privacy Policy and kept secure at all times.

In addition to any sharing listed above, we may disclose anonymised data (such as aggregated statistics) about the users of our services in order to describe our sales, customers, traffic patterns and other information to prospective partners, advertisers, investors and other reputable third parties and for other lawful purposes, but these statistics will not contain your personal data.

We may occasionally be required by law, court order or governmental authority to disclose certain types of personal data.

We may also share your information with third parties in the following situations, to the extent permitted by law:

  1. If we think doing so is necessary to protect the rights, property, security, or safety of us, our service, our users, or the public
  2. To enforce our General Terms or any other agreements we have in place with you
  3. To investigate and defend ourselves or others against any third-party claims or allegations
  4. While negotiating or in relation to a business transaction, such as a merger, change of control, sale of assets, or bankruptcy.

Sending Personal Information outside Europe

Some of the third-party suppliers/partners we use are based in, or carry out their activities in, countries outside the European Economic Area (EEA), which is made up of the EU Member states and certain countries considered to offer a standard of data protection equivalent to that of the EU. Where this means personal information is transferred outside the EEA, we have to put in place additional legal protections on top of our standard checks and measures, to ensure it receives the same level of protection as it would within Europe. We do this by using standardised contractual clauses (sometimes called ‘the EU Model Clauses’) approved by the European Commission and European privacy regulators, although there are alternative approved legal mechanisms which we can choose to use instead. Where necessary, we also put in place any additional contractual measures required by local law in any of the countries in which we operate, except where they conflict with the General European Data Protection Regulation.

How long do we keep your information?

We hold your personal information only as long as we have a valid legal reason to do so, which includes providing you with the services you have requested, meeting our legal and regulatory obligations, resolving disputes and enforcing our agreements.

The length of time for which we keep different types of personal information can vary, depending on why we originally obtained them, the reason we process them and the legal requirements that apply to them.

When setting our data retention and deletion timescales we take into account a range of factors including applicable regulations and standards relating to taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuse of our services, and audit requirements. To fulfil our requirements, some of your personal data will need to be retained for a period of time after you cease to be a customer. When we no longer need it to fulfil the above requirements, we will delete it securely. Where we wish to retain any information for analysis purposes, we will first anonymise it to the standards approved by the UK Information Commissioner’s Office, (which, as we are based in the UK, is our lead regulator on matters relating to data protection) so that it can no longer be linked back to an individual. Please note that if you opt out of receiving marketing from us, we will still need to keep your contact details in order to suppress them from future marketing activity.

Our Information Security promise

We strive to protect your personal data and our services from unauthorised access to or alteration of your personal data. This includes using various security measures to protect your personal data held by or on behalf of us, and conducting ongoing reviews of our information collection, storage and processing practices.

Subject to the uses described in this Privacy Policy, we will endeavour to treat all of your personal data in strict confidence and take all reasonable steps to keep your personal data secure once it has been transferred to our systems. However, the internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us responsible for any breach of security unless this is due to our failure to ensure we have appropriate technical and organisational measures in place as required by GDPR.

If you link to other websites from our website, then your personal data will be governed by its privacy policy. We recommend that you always read any such privacy policy before interacting with a new website to ensure you understand how your personal data will be used.

Your Information Rights and Choices

The General Data Protection Regulation (GDPR) gives you:

  1. The right to opt out of having your information used for contacting you about our activities
  2. You can opt out of receiving information from WENSO LTD at any time by simply letting us know in writing.
  3. The right to have any inaccuracies in your personal information corrected We’ll update inaccuracies promptly, and within a month if you are requesting a simple and straightforward change.
  4. Your ‘right of objection’ to certain activities Data protection law gives you the right to express an objection to how we process your personal information.
  5. Your Right to Erasure People sometimes refer to this as the ‘right to be forgotten’. Under data protection law, you have the right to ask us to delete any personal information about you that we hold.
  6. If you would like a copy of the personal information we hold about you, you can request it. Please refer to our Subject Access Procedure for more information about how you can do this.
  7. Your Right to ‘Data Portability’ The right to ‘data portability’ aims to enable consumers to re-use some of their personal information online by making it available in a commonly-used, machine-readable format that can be passed to and used by other organisations. However, if you wish to exercise this right, you should let us know in writing and we will provide you with the information as a CSV file.
  8. Your Right to Complain to the Regulator If you believe your privacy rights have been infringed, or you disagree with a decision we have made about your privacy rights, you have the right to complain to the privacy regulator on the address below. As we are based in the UK, our principal data protection regulator is the UK’s ICO.
Information Commissioner's Office
Wycliffe House
Water Lane
Help Line: 0303 123 1113
  1. How do I exercise this right? By writing to us via post, email, telephone,We will respond to your request within 30 days for all reasonable requests.

Note: How you can exercise your rights will depend on the lawful basis on which we process your information.

Reporting Concerns or Compliments

Please contact us if you wish to raise a concern about WensoLtd’s handling of your personal information, or compliment something you think we have done well.

You also have the right to lodge a complaint with the Information Commissioner’s Office about how we manage your personal data.

IP address

Your browser also generates other information, including which language the website is displayed in, and your Internet Protocol address (IP address). An IP address is a set of numbers assigned to your computer during a browsing session whenever you access the internet via your internet service provider or your network (if you access the internet from, for example, a computer at work). Your IP address is automatically logged by our servers and used to collect traffic data about visitors to our website. We also use your IP address to help diagnose problems with our server, and to administer our website.


A cookie is a small text file that is downloaded onto your Access Device when you visit a website which enables the website to obtain certain information from your browser, such as your preferences. Cookies allow us to maximise your experience using the website by increasing its functionality and allowing the website to remember information and selections as you move from page to page and from visit to visit, depending on the cookie. A cookie does not harm your Access Device, nor does it contain any viruses or other malware.

Different cookies carry out different tasks. For example, some cookies might be strictly necessary and/or functional, remembering your bet selection as you build up your bet slip or your language preferences. These are important as they keep you logged into the website and prevent the need to log in each time you click through to different parts of the website. Removing these cookies would affect your ability to use our services. Other cookies are for analytics and advertising purposes. They tell us how you move through the website, allowing us to monitor performance and ensure you have the best possible experience on our website. Disabling these cookies could prevent you from accessing certain features. We also use cookies that obtain information about your Access Device (such as IP address, device type, geo-location data, browser information) to help us identify you for fraud prevention, comply with our anti-money laundering requirements and to detect prohibited practices that could impact your customer experience. We only receive data from your Access Device when you are logged in to your account. Where we use third party cookies these are subject to stringent checks to ensure that personal data is protected in accordance with legal requirements. Without these cookies, we may not be able to provide you with certain services.

Cookies we use:

Cookie Name Purpose Further Information
_cfduid by twak.to To identify trusted traffic Data accessed form USA.
Lang – ads.linkedin.com Lang - linkedin.com To remember use of selected language version of website. Hosted in Ireland
@History/ @scroll _ga, _gat, _gid To understand how visitors interact with the website by collecting and reporting information anonymously. Also generates statistical data on how visitors use the website.
_atvuc, _atuvs, _ads/ga_audiences, Marketing, and also used by google adwords to re- engage with users. Cookie also used by social sharing platform – AddThis.
Bcookie, BizoID, bscookie, bt2, di2 The cookies are used by third parties like LinkedIn for tracking embedded services and also social sharing platform – AddThis. Also, refer to the privacy policies Linkedin and Add This.

Changes to this Privacy Notice

Wenso Ltd will review our privacy notice regularly. The terms of this notice may be updated at any time - for example, in the event of legal changes or how we operate. Please do check our website from time to time. If there are any significant changes in the way we process your personal information, we will provide prominent notice on our website or send a notification. This notice was last updated in July 2018.

About Us

Wenso Training is part of Wenso, an innovative organisation focused on delivering IT, Governance, Risk and Compliance (GRC), Security and Emerging Technologies products and services. With its headquarters in Manchester, UK, Wenso has a proven track record of successfully delivering innovative technology solutions and training programmes.