0203 861 3460

Access2Learn Privacy Policy

Incorporating NeuroElevate and WorkingBright Services
Last Updated: December 2025

This Privacy Policy explains how Access2Learn (“Access2Learn”, “we”, “us”, “our”), including our NeuroElevate and WorkingBright services, collects, uses, shares and protects personal information. We are committed to processing personal data legally, fairly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

Access2Learn
Unit 23 Basepoint Business Centre
Anderson Road
Southampton
SO14 5FE

Email: mark@access2learn.co.uk

Access2Learn is the data controller, responsible for determining why and how your personal data is processed.

If you have questions or wish to exercise your rights, contact our data protection lead at mark@access2learn.co.uk

2. Who This Policy Applies To

Access2Learn, incorporating NeuroElevate and WorkingBright services, are committed to processing personal data about its customers in ways that comply with its legal and regulatory obligations.

We collect personal information when you use our website(s), mobile apps, and other online and offline products, services and experiences (collectively, the “Services”).

If you have any questions, concerns or complaints regarding this Privacy Policy or how we use your personal information please contact us via e-mail at dsa@access2learn.co.uk.

This Privacy Policy applies to:

  • Students and learners
  • Website users
  • Individuals accessing DSA-related support
  • Individuals engaging with NeuroElevate or WorkingBright services
  • Individuals contacting us or using our online services
  • Mobile app users
  • Users who engage with any Access2Learn, NeuroElevate or WorkingBright service offline or in person.

3. What Personal Data We Collect

We collect personal data when you use our websites, book appointments, access services, request text or email correspondence or communicate with us. This may include:

3.1 Contact & Identification Data

  • Name, email address, phone number, postal address
  • Date of birth
  • University or college
  • Course information
  • Funding body (e.g., SFE, SFW, SAAS, NHS)

3.2 Service Delivery Data

  • Appointment information and booking details
  • Notes relating to your needs, support provision, or service delivery
  • Communications with our advisors or staff

3.3 Special Category Data (Sensitive Data)

We may process:

  • Disability or learning difficulty information
  • Health information relevant to DSA or reasonable adjustments
  • Access needs or assistive technology requirements

3.4 Technical & Website Data

  • IP address
  • Browser type and version
  • Device identifiers
  • Activity logs and usage information
  • Cookie data (section 10)

4. How We Collect Data

We collect data through:

  • Web forms, booking forms, online enquiries
  • Phone or email communication
  • Interaction with our websites or digital systems
  • Referrals from funding bodies, universities, or support professionals (where you consent or where permitted)
  • At in person events

5. Why we Use Your Personal Data (Purposes of Processing)

We use personal data to:

  • Provide assessments, training, mentoring, and support services
  • Deliver DSA-related services and communicate with funding bodies
  • Manage appointments, bookings, and support delivery
  • Respond to enquiries and provide customer support
  • Send service updates and administrative messages
  • Improve our services, website, and user experience
  • Comply with legal, regulatory, safeguarding, and audit obligations
  • Provide optional marketing communications (with consent)

6. Lawful Bases for Processing (UK GDPR)

6.1 Article 6 Lawful Bases

We rely on the following bases:

  • Contract:To deliver services you have requested.
  • Legal Obligation:For statutory, regulatory, safeguarding, and tax requirements.
  • Legitimate Interests:Improving and delivering services, ensuring security, preventing fraud.
  • Consent:For marketing, optional cookies, and any non-essential processing.
  • Vital Interests:Very rarely, for emergencies involving risk to life.

6.2 Article 9 (Special Category Data)

We process disability or health-related information under:

  • Article 9(2)(a) – Explicit Consent, when you provide disability-related information voluntarily.
  • Article 9(2)(g) – Substantial Public Interest (Equality of Opportunity)
  • Article 9(2)(h) – Health or Social Care, where applicable to DSA and support services.

We only collect special category data where necessary to provide support or comply with regulatory requirements.

7. Who We Share Personal Data With

We may share data with trusted third parties, strictly for lawful and necessary purposes:

7.1 Education & Funding Bodies

  • Student Finance England, Wales, SAAS, NHS bursaries, Research Councils
  • Universities, colleges, disability support teams
  • Awarding bodies where required

7.2 Service Providers

  • IT hosting and cloud systems
  • Appointment management platforms
  • Subcontractors and contract holders
  • Analytics and reporting tools
  • Secure communication and marketing tools

7.3 Professional and Legal Services

  • Accountants, auditors
  • Legal representatives
  • Safeguarding authorities where required

7.4 Regulatory Bodies

  • ICO
  • Relevant education regulators
  • Law enforcement where legally required

We never sell your data.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or to meet legal, accounting, or reporting obligations.
Retention periods vary depending on the type of data and regulatory requirements. Upon expiration of applicable retention periods, data is securely deleted or anonymized. Current retention periods include

  • Learner/DSA records – 6 years
  • Communications – 2 years
  • Disability information – 6 years
  • Website analytics – 12–26 months

9. Data Security

We implement robust technical and organisational measures including:

  • Encryption (in transit and at rest)
  • Role-based access controls
  • Secure hosting and monitoring
  • Regular audits and penetration testing
  • Incident response procedures

If a personal data breach occurs, we assess the risk and notify the ICO and affected individuals when legally required.

10. Cookies and Tracking Technologies

Our website uses essential and non-essential cookies.
We comply with PECR and will:

  • Ask for consent before setting non-essential cookies
  • Allow you to withdraw consent at any time
  • Provide a consent banner

11. Your GDPR rights

You have the following rights regarding your personal data:

  • Right of access: Obtain a copy of your data.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data, subject to legal limitations.
  • Right to restrict processing: Limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to certain types of processing (e.g., marketing).
  • Right to withdraw consent: Withdraw previously granted consent at any time.
  • Right to lodge a complaint: Submit a complaint to a supervisory authority.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects.
If this changes, we will update this policy.

13. International Transfers 

In the event we transfer personal data outside the UK/EU, we ensure appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), UK Addendum to the EU SCCs, or adequacy decisions.

14. Updates To This Privacy Policy

The Company reserves the right to amend this Policy at any time, in the event that this becomes necessary after initial release, or in the event that it becomes necessary with respect to additional, deleted, modified or amended services provided by Company.

The Company will not personally notify you of any amendments to this Policy. Users are urged to check this Policy frequently in order to determine whether any changes have been made. Users understand and agree that continued use of the Company website assumes that they have read and accepted this Policy, as it may be amended from time to time.

15. Right To Complain (ICO)

You may complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by phone 0303 123 1113. We would appreciate the chance to resolve your concerns first via mark@access2learn.co.uk.

Pin It on Pinterest

Skip to content