we are hr logo
we are hr logo

Data Protection and Privacy Policy

At We-are-HR, we are committed to protecting and respecting your privacy in line with applicable data protection laws. 

This policy explains: 

  • Who we are 
  • What information we collect 
  • How and why we use it 
  • How we keep it secure 
  • Your rights 

1. Legal Framework 

We process personal data in accordance with: 

  • UK GDPR (UK General Data Protection Regulation) 
  • Data Protection Act 2018 
  • Privacy and Electronic Communications Regulations (PECR) 2003 (as amended) EU GDPR (where applicable to international learners) 
  • ICO (Information Commissioner’s Office) guidance 
  • Emerging AI governance principles (UK AI Regulation Framework 2024+) 

 

2. Who We Are 

We-are-HR is a UK-based training provider delivering CIPD and CMI professional qualifications globally. 

We act as a Data Controller for your personal data. 

Contact details: 

  • Email: info@we-are-hr.com 
  • Phone: 0203 740 0757

 

3. How We Collect Information 

We collect data through: 

  • Website forms and enquiries 
  • Course enrolment 
  • Phone, email, and chat communication 
  • Social media engagement 
  • Surveys and feedback tools 
  • Learning platforms (e.g. Moodle and Teams) 
  • Career tools and assessments 

 

4. What Information We Collect 

We may collect: 

Basic Information 

  • Name, email, phone number 
  • Address and date of birth 

Course & Professional Information 

  • Education and employment history 
  • Learning progress and assessments 

Financial Information 

  • Payment details (processed securely via third-party providers) Identity Verification 
  • Passport or driving licence 

Special Category Data 

  • Health or learning needs (for reasonable adjustments) 

This is processed only with explicit consent and strictly for support purposes. 

 

5. Lawful Basis for Processing 

We rely on the following legal bases:

  • Contract – delivering courses and services 
  • Legal obligation – compliance with awarding bodies and regulator
  • Legitimate interests – improving services, marketing, operations
  • Consent – for marketing and special category data 

 

6. How We Use Your Data 

We use your data to: 

  • Deliver training and qualifications 
  • Support your learning journey 
  • Register you with awarding bodies (e.g. CIPD) 
  • Communicate with you 
  • Improve our services 
  • Ensure compliance with legal and regulatory requirements 

 

7. AI and Automated Processing 

We may use AI-powered tools to support: 

  • Learning recommendations 
  • Marketing personalisation 
  • Operational efficiency 

We ensure: 

  • Human oversight in decision-making 
  • No solely automated decisions with legal impact 
  • Transparency and fairness 

You have the right to: 

  • Request human review 
  • Object to automated processing 

 

8. Marketing Communications 

We may send marketing communications where: 

  • You have given consent, or 
  • We have a legitimate interest (soft opt-in for existing customers)

You can opt out at any time. We do not sell your data.

 

9. Data Retention 

We retain data only as long as necessary: 

  • Prospective learners: up to 3 years 
  • Students: up to 7 years (regulatory requirement) 
  • Financial records: up to 6 years (legal requirement) 

 

10. Data Security 

We use: 

  • Encryption (in transit and at rest) 
  • Secure servers and firewalls 
  • Role-based access controls 
  • Multi-factor authentication (where applicable) 
  • Regular security audits 

We also maintain: 

  • Incident response procedures 
  • Data breach notification protocols (ICO compliance within 72 hours) 

 

11. Data Sharing 

We may share data with: 

  • Awarding bodies (e.g. CIPD and CMI) 
  • Tutors and assessors 
  • Apprenticeship providers 
  • Payment providers 
  • IT and platform providers 
  • Regulators where required 
  • Our partners or collaborators – To allow them sharing their product/resources All third parties are contractually bound to protect your data.

 

12. International Data Transfers 

Where data is transferred outside the UK/EEA, we ensure safeguards such as: 

  • UK International Data Transfer Agreements (IDTA)
  • EU Standard Contractual Clauses (SCCs) 
  • Transfers only to countries with adequacy decisions
     

13. Your Rights 

Under data protection law, you have the right to: 

  • Access your data 
  • Correct inaccurate data 
  • Request deletion (right to erasure) 
  • Restrict processing 
  • Data portability 
  • Object to processing 
  • Withdraw consent 
  • Not be subject to automated decisions 

You can exercise your rights by contacting us. 

 

14. Complaints 

If you are unhappy, you can contact: 

info@we-are-hr.com 

ICO (UK): 

https://www.ico.org.uk 

Tel: 0303 123 1111 

 

15. Cookies 

We use cookies in line with PECR and UK GDPR, including: 

  • Essential cookies 
  • Analytics cookies 
  • Marketing cookies 

Users are given clear consent options via a cookie banner.

You can manage preferences at any time. 

 

16. Policy Updates 

We regularly review this policy. 

Last Updated: March 2026 

Next Review: March 2028