LAWS Data Protection and Privacy policy


LAWS needs to use your personal data to operate its wine training business. To do so, we always aim to respect the privacy of your data by keeping it safe.

We will do this by making sure that your personal data is:

  • accurate and kept up to date.
  • stored securely for at least 3 years.
  • only kept on record if it is needed.
  • Protected from loss or misuse and unauthorised access.

The type of data that we need to collect is contained in our enrolment form and may include some sensitive data (e.g health related information) to support requests for reasonable adjustments and special consideration.

As a WSET Approved Programme Provider, LAWS is required to pass on personal data to WSET Awards. Please see below for WSET Awards Privacy policy. LAWS will always follow these guidelines and will ensure that WSET Awards can comply with its privacy policy.

In all other cases LAWS will not pass on personal data to third parties without firstly getting the students permission.

LAWS will always ask for student’s permission before using any personal data for marketing purposes.

For further information about your personal data and its privacy please contact Anna Jarosz, Managing Director on



WSET is committed to protecting your privacy. At all times we aim to respect any personal data you
share with us, or that we receive from others, and keep it safe.

WSET complies with its obligations under data protection legislation by keeping personal data up-to-
date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data;
by protecting personal data from loss, misuse, unauthorised access and disclosure; by ensuring that
appropriate technical measures are in place to protect personal data and by guaranteeing total
transparency on how we manage your data.
This document sets out our data processing practices and your rights and options regarding the ways
in which your personal data is used and collected. If you have any queries, please contact WSET’s
data protection officer by emailing

Why we collect your personal data

1. To process your registration for any WSET-hosted course or event so that we can deliver these
services to you
2. To send you information regarding the course or event for which you are registered (or which
have registered interest in)
3. To process sales of products or services you have purchased from us
4. To register you as a candidate with WSET Awards and enable you to sit examinations for WSET
5. To administer and conduct your examination, including making arrangements for reasonable
adjustments and/or special considerations
6. To communicate with your course provider and issue your examination results and qualification
certificate as appropriate
7. To provide you with post-results services such as enquiries against results and appeals and solicit
feedback from you on WSET qualifications
8. To manage any account(s) for providing our online services including but not restricted to our
online classroom and Global Campus where you have registered with us so that:

  • We can provide you with the relevant products and services
  • You can access relevant course materials
  • We can fulfill our services and communicate with you about them
  • To verify your identity
  • To carry out research to better understand your requirements on the relevant products and

9. To personalise, report on and improve the services and products we provide to you, and to
provide you with a best-in-class customer service experience
10. To send you marketing communications including information about our qualifications,
upcoming events and links to our blogs.
Other legitimate interests
When we send you news regarding our products we will do so on the basis that we have your
consent. However, to allow us to provide continual best-in-class service we believe we have
legitimate interest to process your personal data so that we can:

  • Improve our existing product range and services
  • Provide you with a best-in-class customer service experience
  • Protect you as our customer, our employees and our business
  • Understand your likes and dislikes, what services you wish to hear about and how best to
    contact you to inform you about them

What personal data we collect

We may collect the following information about you:

  • Your name, date of birth, gender and contact details
    this could include your postal address, telephone numbers and email address
  • Purchases and orders made by you or on your behalf by your chosen course provider
  • Your payment card details (which are encrypted) when you purchase any products or
    should you pay for one of our products or services over the telephone or using one of our
    payment forms, your card details will not be retained and will be securely destroyed
  • When you set up any account with us, your login credentials
  • Your marketing preferences
  • Your correspondence with us
  • In certain situations, information relating to health which may be required to support
    applications for reasonable adjustment and/or special consideration in the context of
    examinations for WSET qualifications

How we collect your personal data
1. When you directly provide it to us directly
For example, when you subscribe to a WSET newsletter, respond to a WSET survey, or
register for a WSET-hosted course or event.

2. From your chosen course provider
When you are registered for an examination with WSET, your chosen course provider
(known as your Approved Programme Provider or ‘APP’) is required to provide WSET Awards
with some of your personal data for the purpose of identification and managing your qualifications and results. This includes your name, your date of birth, your gender, your
unique candidate identifier and your email address. If you have any queries about how this
information is provided and used, please email the Data Protection

3. When our systems collect information or personal data indirectly
For example, whenever you use a website or mobile application. The most common type of
information collected is in the form of cookies (cookies are small text files sent by your
computer each time you visit our website) but can also include personal data transferred by
the device you are using to access our website. The manufacturer of your device or the
provider will have the details about what information your device shares.

Sharing your personal data with third parties

For us to provide you with products and services, we on occasion share some of your personal data
with certain approved third parties. These include course providers, examiners, suppliers, sub-
contractors and regulatory bodies. Some of these third parties are based outside of the European
Economic Area, however we always seek to make sure that your personal data is secure at all times.

When do we share your personal data?

1. With core service providers to enable our business to function
We rely on a set of external companies who are governed by contractual agreement to
provide us with services that enable our business to run effectively. For example – email
marketing services, IT service providers for data storage and business continuity/disaster
recovery, banks and clearing houses to process payments, courier services for the delivery of
course materials and course providers.

2. With law enforcement agencies and regulators when required to do so by law
We are required to co-operate with regulators (like the Information Commissioners Office)
and law enforcement agencies (like the police or the Serious Fraud Office). Although it does
not happen often, regulators and law enforcement agencies can require us to share
information with them as part of an investigation, this may include your personal data.

What personal data do we share?

We need to process some of your personal data to fulfil your registration on any WSET-hosted
events or courses. We will share your payment details with our bank or clearing house so that we
can process payment for your purchases or orders. When you sit an examination for a WSET
qualification, WSET Awards will process your script which may contain personal data. It may be
marked, verified or reviewed by third-party examiners.

How do we keep your shared personal data secure?

  • We conduct a data security review of any third party we are required to share your personal
    data with to ensure that they meet our high security standards
  • Every company we work with is required to have a contract with us that clearly describes
    how your personal data is kept secure
  • We will only ever share data specific to its intended use
  • Specific details of what data we have shared is available to you on request

Data retention – how long do we hold your personal data

  • We will not hold your personal data for longer than is necessary for the purposes described
    in this policy.
  • We will keep your personal data whilst your accounts remain active
  • We may keep categories of personal data, e.g. name, date of birth and address, after your
    accounts are closed to meet any legal or regulatory requirements

Your rights

You have several rights under data protection law, these are summarised below however for further
information you should contact or seek further advice from the Information
Commissioners Office

1. The right to be informed
You have the right to total transparency on how we are using your personal data, we will
endeavour to make this clear by ensuring that this document is regularly reviewed and
updated, but if you have any concerns or questions please send them to our data controller

2. Your right of access
You have the right to know what information we hold about you and how it is processed. If
you wish to access your personal data, contact To process your
request, we will ask you to complete a Subject Access Request (SAR) form and provide proof
of identity so that we can be sure we are releasing your personal data to the right person.
We will respond to your request within the guidelines set out in the SAR and in line with
data protection guidelines.

3. The right to rectification
If you think that the information we hold about you is inaccurate or incomplete, or if your
contact details change, please ask us to amend it by contacting We
will process your request without delay and within the guidelines set by the Information
Commissioners Office

4. The right to erasure
You reserve the right to ask us to delete your personal data, however, this is not an absolute
right. We can refuse to erase personal data which we need to keep in order to comply with
legal obligations. For example, we are required by HMRC to keep personal data for up to 6
years for VAT reporting purposes, and in relation to investigations by law enforcement
agencies or the Information Commissioners Office.
When you ask us to delete your personal data, we assume that you no longer wish to hear
from us again. To ensure we do not send you any further communications regarding our

products or services in future we will retain just enough of your personal data for
suppression purposes.

5. The right to transfer your personal data (known as data portability)
You have the right to move, copy or transfer your personal data from one organisation to
another. If you do wish to transfer your personal data, we would be happy to help.

If you ask for a data transfer, we will give you a copy of your personal data in a structured,
commonly used and machine-readable form (for instance, in a CSV file format). We can
provide the personal data to you directly.

When making a transfer request, it would be helpful if you can identify exactly what
personal data you wish us to transfer.

We will comply with your request within one month or, if the request is complex or there
are several requests from you, within two months.

6. The right to object
If you would like us to stop processing your personal data for marketing purposes simply let
us know by contacting

Our Promise:

  • That you control the personal data you provide to us
  • We will always inform you what personal data we are collecting from you, how we collect it,
    and how we will use it.
  • We will always use market leading technology and software to ensure that the personal data
    we have collected is secure.
  • Where we make use of third parties for services and this involves sharing your personal data,
    we will make sure they have the appropriate security measures
  • We will only send you marketing communications if you have given consent that we can do
    so, and we will always offer you a clear and simple means of amending your preferences
    whenever you wish

Policy Update
We may update this policy from time to time to take account of any new business activity or to
reflect any changes in law or best practice in relation to data protection. We will seek to make you
aware of any significant changes to this policy by placing an update notice on our website.

This policy was last updated on 1 August 2018
*For the purpose for this Privacy Policy the “personal data” we collect means any information that
can be used to personally identify you online or offline, Personal information is only collected with
your consent.

Website privacy and cookie policy

What is this policy for?

This privacy policy is for this website and served by Wine & Spirit Education
Trust (WSET) and governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations
& requirements of the users, the website and website owners. Furthermore, the way this website
processes, stores and protects user data and information will also be detailed within this policy.

The Website
This website and its owners take a proactive approach to user privacy and ensure the necessary
steps are taken to protect the privacy of its users throughout their visiting experience. This website
complies to all UK national laws and requirements for user privacy.

Use of Cookies
This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

Cookies are small files saved to the user’s computer’s hard drive that track, save and store
information about the user’s interactions and usage of the website. This allows the website, through
its server to provide the users with a tailored experience within this website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to
their computers hard drive they should take necessary steps within their web browsers security
settings to block all cookies from this website and its external serving vendors.
This website uses tracking software to monitor its visitors to better understand how they use it. This
software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and
usage of the website, but will not store, save or collect personal information. You can read Google’s
privacy policy here for further information [].

Other cookies may be stored to your computer’s hard drive by external vendors when this website
uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact & Communication
WSET complies with its obligations under current data protection legislation, the Data Protection
Act 2018. We will only use your personal information for the purposes we clearly state at the point
at which you provide it to us – for example, when you register for one of our events, submit an
enquiry, subscribe to our newsletter, or order any of our products or services.

We will only share your personal information with our employees, contractors, agents or
professional advisors where it is necessary to fulfill a valid, stated purpose, as above. Each marketing message we send you, whatever medium, will also include an appropriate and easy way for you to opt out of receiving further communications of that type.

For more details on how and why we store your personal data and your rights please see our
full Privacy Policy.

Email Newsletter

This website operates an email newsletter program, used to inform subscribers about products and
services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic
Communications Regulations 2003. All personal details relating to subscriptions are held securely
and in accordance with the Data Protection Act 2018. No personal details are passed on to third
parties nor shared with companies / people outside of the company that operates this website.
Under the Data Protection Act 2018 you may request a copy of personal information held about you
by this website’s email newsletter program by emailing our data protection officer
at Please see our full Privacy Policy for more details.

Email marketing campaigns published by this website or its owners may contain tracking facilities
within the actual email. Subscriber activity is tracked and stored in a database for future analysis and
evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the
clicking of links within the email content, times, dates and frequency of activity [this is by no far a
comprehensive list].

This information is used to refine future email campaigns and supply the user with more relevant
content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system.This process is detailed at the footer of each email campaign. If an automated un-subscription
system is unavailable clear instructions on how to un-subscribe will be detailed instead.

External Links

Although this website only looks to include quality, safe and relevant external links, users are
advised to adopt a policy of caution before clicking any external web links mentioned throughout
this website. (External links are clickable text / banner / image links to other websites.)

The owners of this website cannot guarantee or verify the contents of any externally linked website
despite their best efforts. Users should therefore note they click on external links at their own risk
and this website and its owners cannot be held liable for any damages or implications caused by
visiting any external links mentioned.

Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served through our
advertising partners, who may have detailed privacy policies relating directly to the adverts they
serve.Clicking on any such adverts will send you to the advertisers’ website through a referral program
which may use cookies and will track the number of referrals sent from this website. This may

include the use of cookies which may in turn be saved on your computer’s hard drive. Users should
therefore note that they click on sponsored external links at their own risk and this website and its
owners cannot be held liable for any damages or implications caused by visiting any external links

Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this
website and its owners participate on are governed by the terms and conditions as well as the
privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with
due care and caution regarding their own privacy and personal details. Neither this website nor its
owners will ever ask for personal or sensitive information through social media platforms and
encourage users wishing to discuss sensitive details to contact them through primary
communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages
to the social media platform in question. Users are advised before using such social sharing buttons
that they do so at their own discretion and note that the social media platform may track and save
your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to
relevant web pages. By default, some social media platforms shorten lengthy URLs [web addresses].
Users are advised to take caution and good judgement before clicking any shortened URLs published
on social media platforms by this website and its owners. Despite the best efforts to ensure only
genuine URLs are published many social media platforms are prone to spam and hacking and
therefore this website and its owners cannot be held liable for any damages or implications caused
by visiting any shortened links.

Policy Update

We may update this policy from time to time to take account of any new business activity or to
reflect any changes in law or best practice in relation to data protection. We will seek to make you
aware of any significant changes to this policy by placing an update notice on our website.

This policy was last updated on August 1, 2018