Privacy Policy

This Privacy Policy explains how Diverse Futures collects, uses, stores, and protects personal information. It applies to all apprentices, learners, employers, staff, contractors, website users, and any individuals who interact with our services.

We are committed to protecting personal data, being transparent about how it is used, and complying with all applicable legislation, including:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Data Use and Access Act 2025 (DUAA)
• Other relevant education, safeguarding, and funding body requirements

Diverse Futures acts as a Data Controller for the personal information we collect and process.

Who We Are

Diverse Futures

Jericho, Mells, Frome, BA11 2RL

Email: info@diversefutures.com

For any data protection queries, please contact the Data Protection Lead:

Email: info@diversefutures.com

What Personal Data We Collect

We collect personal data relevant to the delivery of education, training, funding requirements, safeguarding, and operational management.

Identification and Contact Details

• Name
• Address
• Email and phone number
• Date of birth
• National Insurance number
• Employer details

Education and Training Information

• Prior learning details
• Qualifications and certificates
• Assessment records
• Progress reviews
• Learning support information
• Evidence submitted for apprenticeship programmes

Employment-Related Information

• Job role and employment history
• Line manager details
• Workplace evidence

Special Category Data

Processed only where necessary and lawful:

• Health information (e.g., learning support needs, mental health, safeguarding concerns)
• Disability status
• EDI monitoring (e.g., ethnicity)
• Safeguarding records and risk assessments

Website and Technical Data

• IP address
• Browser type
• Device information
• Pages visited and interaction data

Financial and Administrative Information

• Payment information
• Funding documentation
• Direct debit or invoicing details

How We Collect Personal Data

We collect personal data in several ways depending on how you interact with Diverse Futures:

Information you provide directly

This includes information you give us when you:

• enquire about a course
• complete an enrolment form
• communicate by email, phone, video call or post
• attend training sessions, reviews, or assessments
• submit learning evidence or complete online activities
• engage with safeguarding or support processes

Information provided by employers or third parties

We may receive information from:

• your employer (e.g., job role, line manager, workplace evidence)
• the Department for Education (DfE)
• awarding organisations and End-Point Assessment Organisations
• apprenticeship management systems (e.g., Aptem, VQManager)
• learning platforms and diagnostic tools
• previous training providers (if you transfer)

 Information collected automatically

When you visit our website, we may automatically collect technical information such as:

• IP address
• browser and device type
• pages visited
• interaction and usage data
• cookie and analytics information

This helps us understand website performance, security, and user behaviour.

Information created as part of our services

We generate information during your time with us, such as:

• progress review notes
• assessment outcomes
• support records and reasonable adjustment plans
• safeguarding reports (where relevant)

These records help us deliver and quality-assure our training programmes.

Purposes and Lawful Bases for Processing

We always process personal data lawfully, fairly, and transparently.
The table below explains why we process your information and the lawful basis relied on for each purpose.

Purposes and lawful bases

Recognised legitimate interests under DUAA

In line with the Data Use and Access Act 2025, we rely on several recognised legitimate interests, which do not require a full Legitimate Interest Assessment. These include:

• security and fraud prevention
• handling complaints
• ensuring the correct delivery of our services
• internal business analysis

Where we rely on legitimate interests, we only process what is necessary and proportionate.

How we Use Personal Information

We use personal information to deliver programmes, support learners, manage safeguarding, communicate with partners, meet regulatory obligations, improve services, and maintain accurate records.

 Who We Share Data With

We may share personal data with employers, awarding bodies, EPAOs, the DfE, Ofsted, HMRC, safeguarding agencies, system providers, auditors, subcontractors and IT providers.

International Transfers

Some of the systems we use to deliver our training and administrative services may store data outside the UK. Where this occurs, we ensure that appropriate safeguards are applied.

How we protect international transfers

We use one or more of the following mechanisms:

• UK adequacy regulations (where the destination country is approved)
• International Data Transfer Agreements (IDTA)
• Standard Contractual Clauses (SCCs) with UK addenda
• Additional security measures, such as encryption and access restrictions

Retention of Personal Data

Data is retained according to our Record Retention Schedule and securely deleted or anonymised when no longer needed.

Your Data Protection Rights

You have rights of access, rectification, erasure, restriction, objection, portability, consent withdrawal, and protection from automated decision-making. Subject Access Requests follow DUAA rules including pause periods and proportionate searches.

Cookies and Website Tracking

Our website uses cookies and similar technologies to ensure the site works correctly, to improve performance, and to understand how visitors use it.

Types of cookies we use

• Strictly necessary cookiesRequired for website security, accessibility and core functionality. These do not require consent.
• Analytics and performance cookiesUsed to understand website usage and improve our services.Consent may be required depending on the tool used.
• Preference cookiesStore user preferences such as language or cookie settings.

How we obtain consent

Visitors will see a cookie banner when visiting the site.
You can:

• accept all cookies
• reject non-essential cookies
• adjust settings at any time

Some low-risk cookies may operate without consent in accordance with the DUAA.

Managing cookies

You can change cookie settings through:

• our cookie banner
• your browser settings (Chrome, Safari, Firefox, Edge)

Under-18 and Vulnerable Learners

We provide services to young people aged 16–17 and may work with vulnerable adults. We therefore apply enhanced privacy and safety protections.

Additional protections for children

When working with under-18 learners we ensure:

• information is written in clear, age-appropriate language
• only essential data is collected and shared
• parental or guardian involvement where required
• strengthened safeguarding procedures
• restricted access to personal data on internal systems
• compliance with the ICO’s Children’s Code (Age Appropriate Design Code)

Communication and consent

Where learners are under 18:

• we may contact parents/guardians if necessary to deliver support or meet safeguarding obligations
• we will be clear when consent is needed and who must provide it

Safeguarding obligations

If we believe a child or vulnerable adult is at risk of harm, we may share relevant information with safeguarding authorities under lawful bases including:

• vital interests
• legal obligation
• substantial public interest

Security of Personal Data

We use strong organisational and technical measures including encryption, access controls, staff training and audits.

Complaints

Contact info@diversefutures.com or the ICO at https://ico.org.uk/make-a-complaint/