Spriing Limited Privacy Notice
This Privacy Notice explains how Spriing collects, uses, stores, and protects your personal information when you interact with our services, website, and products. Our commitment is to transparency, security, and your rights under data protection law.
What you’ll find in this notice:
- What personal data we collect and why
- How we keep your data safe and secure
- Your rights and choices regarding your information
- How to contact us with questions or concerns
We encourage you to read this notice in full to understand how your information is managed and to make informed decisions about your relationship with Spriing.
For details about how we use cookies and similar technologies, please see our Cookie Policy.
We encourage you to read this privacy notice so you can:
- Understand how and why your personal information is collected, used, and protected by Spriing
- Be aware of your rights and choices regarding your data
- Know how to contact us with questions or concerns
- Stay informed about the security measures we have in place
- Ensure you are comfortable with how your information is managed
By reading this notice, you can make informed decisions about your relationship with Spriing and exercise your rights under data protection law.
Get in touch using our website, or alternatively, use the below information:
- Organisation Name:
- Spriing Limited
- Mailing Address:
- 44 Rochdale Road, Darwin House, Todmorden, West Yorkshire, OL14 7LD
- Email Address:
- Info Email
- Phone Number:
- 01524 845046
- Website:
- The Spriing Zone
- ICO Reg Number:
- ZC035159
Data Protection Lead
Spriing has designated a Data Protection Lead who is responsible for overseeing data protection matters and acts as the contact point for data subjects on all matters relating to the processing of personal data and the exercise of rights under data protection law.
- Email:
- Data Protection Lead
- Mailing Address:
- Data Protection Lead, Spriing Limited, 44 Rochdale Road, Darwin House, Todmorden, West Yorkshire, OL14 7LD
Support queries
If you have a general support query about your use of the Spriing platform (for example, technical issues, account access, or course-related questions), your Centre is usually the best first point of contact. Centres can assist with day-to-day operational matters. For any query relating to your data protection rights, you should contact Spriing directly using the details above.
We collect, use, store and/or transfer various categories of personal data about you depending on our relationship with you:
We collect and process personal data about you to deliver our products and services, provide related support, and maintain our relationship with you. Under data protection legislation, we are only permitted to use your personal information where we have a valid legal basis and for clearly defined purposes.
The specific types of information we collect may vary depending on the nature of our relationship with you.
Our role in processing your data
Under UK data protection law, different organisations may act as either a data controller (deciding why and how personal data is processed) or a data processor (processing data on behalf of a controller). The roles within the Spriing platform are as follows:
Centres act as data controllers for learner personal data collected in the context of delivery and support of qualifications. Ascentis acts as data controller for awarding, regulatory, moderation, and quality assurance functions. Spriing acts as a data processor when providing platform services to Centres and Ascentis under contractual Data Processing Agreements. Spriing acts as a data controller only in respect of its own operational data, including Spriing staff information and direct business enquiries.
Where Spriing processes personal data on behalf of Centres or Ascentis, it does so strictly in accordance with their documented instructions and applicable Data Processing Agreements.
| Learner Information | ||||
|---|---|---|---|---|
| Type of Data | Collection Point | Data Category | Purpose | Lawful Basis |
| Full name, login email address, telephone, qualification being studied | Setting up Spriing account (by Centre or Awarding Body) | Personal data | To register learner and permit use of the Spriing platform | Contractual obligation |
| Messages within Spriing platform (correspondence) | When messages are created by: the Spriing platform, learners, Centre staff, Awarding Body staff | Personal data | To allow communication concerning academic activity and use of the Spriing platform. To allow learners to ask questions and for Centre staff to provide support | Contractual obligation |
| Engagement within Spriing platform (login records, session id, IP address, utilisation of learning resources) | Learner use of the Spriing platform | Personal data | To report on learner utilisation of the Spriing platform. To facilitate investigation of any suspected unauthorised use of the Spriing platform | Contractual obligation |
| Files uploaded to the Spriing platform (e.g. SAQ Answers and Assignment documents) | Learner file uploads | Personal data | To allow support and assessment by Centre tutors and for use by Awarding Body moderators | Contractual obligation |
| Academic achievement and tutor feedback | Data input and file uploads by Centre tutors | Personal data | To track, evidence and record learner academic achievement | Contractual obligation |
| Direct Email correspondence | Sending or receiving email directly to/from Spriing Staff | Personal data | To permit communication about the Spriing platform or to request/receive technical support | Contractual obligation |
| Centre Staff Information | ||||
|---|---|---|---|---|
| Type of Data | Collection Point | Data Category | Purpose | Lawful Basis |
| Full name, login email address, telephone, role/permissions within Spriing platform | Setting up Spriing account (by Centre or Awarding Body) | Personal data | To register Centre staff and permit use of the Spriing platform | Contractual obligation |
| Messages within Spriing platform (correspondence) | When messages are created by: the Spriing platform, learners, Centre staff, Awarding Body staff | Personal data | To allow communication concerning academic activity and use of the Spriing platform. To allow learners to ask questions and for Centre staff to provide support | Contractual obligation |
| Use of the Spriing platform (login records, session id, IP address) | Centre staff use of the Spriing platform | Personal data | To report on Centre staff utilisation of the Spriing platform. To facilitate investigation of any suspected unauthorised use of the Spriing platform | Contractual obligation |
| Academic achievement and tutor feedback | Data input and file uploads by Centre tutors | Personal data | To track, evidence and record learner academic achievement | Contractual obligation |
| Direct Email correspondence | Sending or receiving email directly to/from Spriing Staff | Personal data | To permit communication about the Spriing platform or to request/receive technical support | Contractual obligation |
| Awarding Body Staff Information | ||||
|---|---|---|---|---|
| Type of Data | Collection Point | Data Category | Purpose | Lawful Basis |
| Full name, login email address, telephone, role/permissions within Spriing platform | Setting up Spriing account (by Awarding Body or Spriing staff) | Personal data | To register Awarding Body staff and permit use of the Spriing platform | Contractual obligation |
| Messages within Spriing platform (correspondence) | When messages are created by: the Spriing platform, Centre staff, Awarding Body staff | Personal data | To allow communication concerning use of the Spriing platform. | Contractual obligation |
| Use of the Spriing platform (login records, session id, IP address) | Awarding Body staff use of the Spriing platform | Personal data | To report on Awarding Body staff utilisation of the Spriing platform. To facilitate investigation of any suspected unauthorised use of the Spriing platform | Contractual obligation |
| Direct Email correspondence | Sending or receiving email directly to/from Spriing Staff | Personal data | To permit communication about the Spriing platform | Contractual obligation |
| Spriing Staff Information | ||||
|---|---|---|---|---|
| Type of Data | Collection Point | Data Category | Purpose | Lawful Basis |
| Full name, login email address, telephone, role/permissions within Spriing platform | Setting up Spriing account (by Spriing staff) | Personal data | To register Spriing staff and permit use of the Spriing platform | Contractual obligation |
| Messages within Spriing platform (correspondence) | When messages are created by: the Spriing platform or Awarding Body staff | Personal data | To allow communication concerning use of the Spriing platform. | Contractual obligation |
| Use of the Spriing platform (login records, session id, IP address) | Spriing staff use of the Spriing platform | Personal data | To report on Spriing staff utilisation of the Spriing platform. To facilitate investigation of any suspected unauthorised use of the Spriing platform | Contractual obligation |
| Direct Email correspondence | Sending or receiving email directly to/from Spriing Staff | Personal data | To permit communication about the Spriing platform | Contractual obligation |
Information we collect about you from other sources
In addition to the information you provide directly, we may collect personal data about you from other sources, including:
- Your Centre: They may share personal information necessary for your use of the Spriing platform and reporting.
- The Awarding Body: They may share personal information necessary for your use of the Spriing platform and reporting.
Information we receive about you from other sources
When you enrol on a course through a Centre that delivers qualifications on behalf of the Awarding Body, the Centre may share additional personal data with Spriing or the Awarding Body. This section only includes any personal data which is not covered in the ‘types of information’ tables above and would only ever strictly apply to data required for use of the Spriing platform and creating reports.
Cookies and Website Tracking
Our website uses cookies to personalise your online experience and improve functionality. A cookie is a small data file stored on your device that records how you interact with our site. This allows us to recognise returning users and gather insights into website usage.
For more information, see our Cookie Policy.
If you fail to provide personal data
In certain circumstances, we are required by law or contract to collect specific personal data. If you do not provide this data when requested, you will not be able to register with or use the Spriing platform.
Storing your information
All personal data you provide is stored securely on servers located within the UK. If you are issued a password to access specific areas of our website or services, you are responsible for keeping it confidential. We strongly advise against sharing your password with anyone.
Protecting your information
We take the security of your personal data seriously and have implemented a range of technical and organisational measures to safeguard it. These include, but are not limited to:
- Role-based access controls, ensuring access is granted only on a need-to-know basis
- User identification and access monitoring
- Physical security controls
Personal data is never disclosed to or accessed by unauthorised individuals. Internal policies and procedures are in place to protect against loss, accidental destruction, misuse, or unauthorised disclosure. Access to personal data is strictly limited to employees who require it to perform their duties.
Data Breach Procedures
We have established procedures to respond to any suspected data security breaches. This includes incidents involving accidental loss, damage, destruction, or unauthorised access to personal data. Where legally required, we will notify affected individuals and the relevant supervisory authority, and we will do so within the timeframe prescribed by law.
If we receive personal data unintentionally or unnecessarily—for example, if you send us information we did not request—we will delete it promptly in accordance with our data minimisation policies and advise you not to send such data again.
Disclosure to Law Enforcement
In certain circumstances, UK GDPR permits the disclosure of personal data to law enforcement agencies without the data subject’s consent. Where such requests are received, Spriing will only disclose data after verifying the legitimacy of the request and ensuring compliance with relevant legal protocols and internal policies.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and contractual obligations.
- Where processing is based on your consent or our legitimate interests, we will retain your data until you withdraw consent or object to the processing, and we agree with your objection.
- If you are a learner, your Centre may request that we delete your personal data at any time. In the absence of such a request, we will retain your data for as long as reasonably required to fulfil our contractual obligations.
- We may also retain personal data in accordance with applicable UK laws and regulations, depending on the nature of the services provided.
Retention periods are reviewed regularly to ensure data is not held longer than necessary.
Spriing adheres to the principle of Data Protection by Design and Default, meaning we embed data protection considerations into the development and operation of all systems, processes, and projects from the outset.
We implement appropriate technical and organisational measures to ensure personal data is processed securely and in compliance with data protection laws. These include:
- Secure data transfer protocols
- Access controls and authentication
- Encryption and monitoring tools
- Staff training and internal policies
While we take all reasonable steps to protect your data, please note that data transmission over the internet is not completely secure. Although we strive to safeguard your personal information, any transmission is at your own risk. Once received, we apply strict procedures and security features to prevent unauthorised access.
What are your rights?
Under the UK General Data Protection Regulation (UK GDPR), you have a range of rights designed to give you greater control over your personal data and how it is used. These include:
- Right of access – You can request a copy of the personal data we hold about you.
- Right to rectification – You can ask us to correct any inaccurate or incomplete data.
- Right to erasure – You can request that we delete your personal data, subject to certain conditions.
- Right to restrict processing – You can ask us to limit how we use your data in specific circumstances.
- Right to data portability – You can request that your data be transferred to another organisation in a structured, commonly used, and machine-readable format.
- Right to object – You can object to the processing of your data where we rely on legitimate interests or direct marketing.
- Right to withdraw consent – Where we rely on your consent to process data, you can withdraw it at any time.
- Right to lodge a complaint – You can raise concerns with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.
These rights are designed to promote transparency, accountability, and trust in how your personal data is handled. We are committed to upholding these rights and ensuring your information is processed lawfully and securely.
More information can be found on the ICO Website:
| Data Subject Right | Explanation |
|---|---|
| The right to be informed |
This right ensures that individuals have access to clear and transparent information about the processing of their personal data. It requires organisation to provide concise and easily accessible details about the purposes of processing, the data recipients, the retention period, and other relevant information. This right empowers individuals to make informed decisions, exercise their data subject rights, and fosters trust and transparency in data processing practices. |
| The right of access |
This right grants individuals the right to request and obtain confirmation of whether their personal data is being processed by an organisation. If the data is being processed, individuals have the right to access and obtain a copy of their personal data. Organisations are required to provide relevant information, respond to requests in a timely manner, and generally do so free of charge. This right empowers individuals to be aware of and verify the processing of their data, ensuring transparency, accuracy, and the ability to exercise other data subject rights. |
| The right to rectification |
This right gives individuals the right to request the correction or updating of their inaccurate or incomplete personal data held by organisations. Individuals can submit requests to Organisations, which are then responsible for verifying the accuracy of the data and making necessary corrections promptly. If the incorrect data has been shared with third parties, the organisation must inform them about the rectification. This right allows individuals to ensure the accuracy and completeness of their personal data, promoting transparency and control over their information. |
| The right to erasure / be forgotten |
This right grants individuals the right to request the deletion or removal of their personal data held by Organisations. This right can be exercised when the data is no longer necessary, consent is withdrawn, processing is unlawful, or there is a legal obligation to erase the data. Organisations must comply with erasure requests and inform third parties about the request, if applicable. However, certain exceptions may apply, such as when the right to freedom of expression or legal obligations are involved. The right to erasure empowers individuals to have control over their personal data and promotes privacy and data autonomy. |
| The right to restrict processing |
This right allows individuals to request limitations on the processing of their personal data by Organisations. This right can be exercised in situations where the accuracy of the data is disputed, processing is unlawful, data is no longer needed but required for legal claims, or an objection to processing is pending verification. When processing is restricted, Organisations can only store the data and must refrain from further processing unless with the individual’s consent or for specific legal purposes. The right to restrict processing gives individuals control over their data and promotes privacy, accuracy, and individual autonomy in data processing. |
| The right to data portability |
This right gives individuals the ability to request and receive their personal data from an organisation in a machine-readable format. This data can then be transferred to another organisation of the individual’s choice. The right applies to personal data provided by the individual and processed based on consent or contract. Organisations must facilitate the direct transfer of the data or transmit it to the requested organisation. While technical feasibility and data security are considerations, the right to data portability aims to empower individuals by promoting data control, facilitating data transfers, and encouraging competition and interoperability among service providers. |
| The right to object |
This right gives individuals the power to object to the processing of their personal data by Organisations. This right applies to processing based on legitimate interests or for direct marketing purposes. Individuals must be provided with clear notice of this right and have the ability to object before or at the time of processing. Organisations must respect the objection unless they can demonstrate compelling legitimate grounds for continued processing that outweigh the individual’s interests. The right to object empowers individuals to have control over their personal data, protect their privacy, and influence how their data is used. |
| Rights relating to automated decision making and profiling |
This right provides individuals with safeguards against potentially negative effects of automated decisions and profiling processes. Individuals have the right to receive an explanation when automated decisions significantly affect them. They also have the right not to be subject to solely automated decisions with legal or similarly significant consequences unless there is human intervention or explicit consent. Profiling, which involves automated processing to evaluate aspects of individuals, is subject to transparency, fairness, and the individual’s explicit consent. |
How do I utilise my data protection rights?
You may contact Spriing directly at any time to exercise any of your data protection rights, including subject access requests, rectification, erasure, restriction, data portability, or objections. You do not need to go through your Centre or any other intermediary to do so.
To exercise your rights, please contact our Data Protection Lead by email.
Once a data protection request is received by any party — whether Spriing, your Centre, or Ascentis — statutory response timeframes begin from that point of first receipt.
Sharing within our organisation
We may share your personal data internally with authorised staff members to deliver our products and services effectively. We also share data with the Awarding Body.
Sharing your information with third parties
We do not sell or rent your personal data to third parties, nor do we share it for third-party marketing purposes.
| Third Party | Description | Privacy Policy |
|---|---|---|
| Ascentis Awarding Organisation | The Spriing Platform is designed for use by learning Centres which deliver Access to Higher Education Diplomas validated by the Ascentis Awarding Organisation. In this capacity, Ascentis are able to login to the platform and access personal information about all Spriing platform registered users. | Privacy Policy |
Exceptional circumstances for data disclosure
In limited and exceptional circumstances, we may disclose your personal data to third parties where we believe such disclosure is:
- Required by law enforcement, regulatory bodies, or government authorities for the prevention or detection of crime, fraud, or other unlawful activity.
- Necessary to comply with legal obligations, including court orders, judicial proceedings, or regulatory requirements.
- Essential to protect the safety and wellbeing of our employees, property, or the public.
- Proportionate for the prevention or detection of crime, including sharing information with other organisations for fraud prevention and credit risk reduction.
We require all third parties to handle your personal data securely and in accordance with applicable data protection laws. Third-party service providers are not permitted to use your data for their own purposes and may only process it under our instructions and for specified lawful purposes.
Spriing does not sell, rent, or lease your personal data to any third party.
International transfers
As of 28 June 2021, the UK has been granted adequacy status by the European Commission under the GDPR. This means that personal data can be transferred from the European Economic Area (EEA) to the UK without the need for additional safeguards.
We do not currently transfer your personal data outside the UK, unless you are located outside the UK and such transfer is necessary to provide services to you.
You have the right to make a complaint at any time to our Data Protection Lead if you have any concerns about our use of your personal information.
Email our Data Protection Lead.
You can also complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues if you are unhappy with how we have used your data or how we have handled your complaint.
The ICO’s complaints page is as follows: https://ico.org.uk/make-a-complaint/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
We reserve the right to make changes to this Privacy Notice from time to time. If you have any questions or queries about the changes that we make from time to time, please tell us via the contact details provided below in this Privacy Notice.
Spriing will review and update this Privacy Notice to reflect company and customer feedback and changes to laws and regulations. Spriing encourages you to periodically review this notice to be informed of how Spriing is protecting your information.
Last Updated: 23/04/2026