Privacy Policy

View as a PDF: Privacy Policy

Worksmart Limited is committed to respecting your privacy and to complying with applicable data protection and privacy laws. 

This privacy policy has been implemented to inform you of the types of data we collect and process about you when you visit our website, access our hosted services or contact us by telephone, post or email or visit our office in person. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

You can visit our website without disclosing any personally identifiable information about yourself (although please note that we may use cookies and collect other non-personally identifiable information about your browsing activity). 

If you submit personal information by completing a contact form for example, you can be assured that we will use your personal information only to support your continuing relationship with Worksmart.

Please note that if you are an employee or candidate applying for a job at Worksmart Limited, then additional Privacy Notices will be provided to you specifically dealing with these circumstances. This privacy notice also does not apply to information that we process on behalf of our customers for their benefit eg when we act as a hosting service provider.

Any questions regarding this policy and our privacy practices should be sent by email to or by writing to Worksmart Limited, Beech House, Woodlands Business Park, Breckland, Linford Wood, Milton Keynes MK14 6ES. Alternatively, you can telephone 01908 613 613.

1. Who are we?

We’re Worksmart Limited, the market leader in providing solutions for SMCR (Senior Manager & Certification Regime), Complaints Management, T&C (Training and Competence), Quality Assurance and File Checking with FCA (Financial Conduct Authority) requirements in mind.

In this policy ‘Worksmart Limited’, ‘we’, ‘us’ or ‘our’ means:Worksmart Limited, (Registered No. 6329038) of Beech House, Breckland, Linford Wood, Milton Keynes MK14 6ES.

Our Data Protection Officer is Mark Griffiths. You can contact him at or via our postal address. Please mark the envelope, ‘Data Protection Officer’.

2. How do we collect information from you?

We obtain information about you in the following ways:

Information you give us directly

For example, we may obtain information about you when you enter it via our website, write to us, email us, telephone us, take part in one of our events or use our products and services.

Information you give us indirectly

Your information may be shared with us by third parties, you should check any privacy policy provided to you when you give your data to a third party.

When you visit this website or access our hosted services

We may automatically collect the following information:

technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the services we offer; and
information about your visit to the website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).

We collect and use your personal information by using cookies– more information on cookies can be found under the ‘Use of Cookies’ section below.

When you visit our office

For example, we may capture CCTV (Closed-circuit Television) footage of you and information about you on our visitor’s log when you visit our office.

Public Information

We may supplement information about you from publicly available sources such as the FCA register, corporate websites and Companies House in order to create a fuller profile, so we can tailor and target our communications in a way that is timely and relevant to you. For more information, please see the section on ‘Building Profiles’ below.

3. What type of information is collected from you?

We endeavour to collect and use your personal information only with your knowledge and consent, typically when you use our services, make customer enquiries, register for information or other services, request information, or when you respond to communications from us.

The personal information we collect, store and use might include:

  • your name and contact details, (including postal address, email address, telephone number, job title, company name)
  • information about your activities on our website or hosted services applications and about the device used to access them, for instance your IP address, login name and geographical location
  • information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, (we have a specific Privacy Policy for candidates that will be provided to you if relevant)
  • bank details, financial information and other personal information about our employees, (we have a specific Privacy Policy for employees that will be provided to you if relevant)
  • operational information obtained in the course of carrying out our business including, but not limited to CCTV footage, recording of phone calls, logs of visitors
  • any other personal information shared with us

4. How and why is your information used?

We may use your information for a number of different purposes, which may include:

  • providing you with the services, products or information you asked for
  • carrying out our obligations under any contracts entered into between you or your employers and us
  • keeping a record of your relationship with us
  • conducting analysis and market research so we can understand how we can improve our services, products or information
  • marketing our products and services (see ‘Marketing Communications’ section below for further details)
  • checking for updated contact details against third party sources so we can stay in touch if you move
  • seeking your views or comments on the services we provide
  • notifying you of changes to our services
  • sending you communications which you have requested and that may be of interest to you
  • detecting crime and monitoring the safety of our staff and premises
  • processing job applications
  • carrying out any other processing that you may have given your consent to

If you have consented to receive details of our services, events, training / seminars, etc you can contact us at any time to have your details removed from lists used by us for any or all of those purposes.

To update your marketing preferences please contact us and tell us what you want us to do, even if you have previously objected to receiving information by email, for example, but would now like to change your mind and receive information.

5. How long is your information kept for?

We only keep your data for as long as we need it or for any retention periods prescribed by law. Depending on the purpose for which we hold your personal data, retention periods may vary.

We will retain data provided to us for marketing purposes until you notify us that you wish us to stop contacting you.

For retention periods applicable to job candidates and employees, please see our separate Privacy Notices.

6. Data Protection Principles

Under applicable data protection legislation, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  • processing is fair, lawful and transparent
  • data is collected for specific, explicit, and legitimate purposes
  • data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  • data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  • data is not kept for longer than is necessary for its given purpose
  • data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  • we will not transfer any personal data internationally

7. Lawful Basis for Processing

The law on data protection allows us to process your data for certain reasons only. The nature of your relationship with us, (e.g. as a customer, or employee of that customer or employee) will determine why we collect information and the legal basis on which we process it. We may be required by law to collect certain information, require it in order to perform a contract with your employer or you or to contact you or your employer prior to entering into a contract with you or your employer or use it for our legitimate business interests where these do not override your rights or interests.

8. Marketing Communications

We may use your contact details to provide you with information about our products and services, if we think it may be of interest to you.

Email / Phone

We will only send you marketing by email and telephone if you have explicitly provided your prior consent or unless we are aware of a legitimate business interest. You may opt out of our marketing communications at any time by contacting us.

9. Building Profiles

We may analyse your personal information to create a profile of your interests and preferences so that we can tailor and target our communications in a way that is timely and relevant to you. We may make use of additional information about you when it is available from publicly available sources to help us do this effectively. This allows us to be more focused, efficient and cost effective with our resources and also reduces the risk of someone receiving information they may find inappropriate or irrelevant.

We’re committed to putting you in control of your data so you’re free to opt out of your information being used in this way at any time by contacting us.

10. Automated Decision Making

Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making.

11. Your Rights

You have the following rights in relation to the personal data we hold on you:

  • the right to be informed about the data we hold on you and what we do with it
  • the right of access to the data we hold on you
  • the right for any inaccuracies in the data we hold on you  to be corrected. This is also known as ‘rectification’
  • the right to have data deleted in certain circumstances. This is also known as ‘erasure’
  • the right to restrict the processing of the data
  • the right to transfer the data we hold on you to another party. This is also known as ‘portability’ 
  • the right to object to the processing of your data.

In addition to the above rights, you also have the right to withdraw consent that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate business interest for doing so.

If you wish to exercise any of the rights explained above, please contact the Data Protection Officer, Worksmart Limited, Beech House, Woodlands Business Park, Breckland, Linford Wood, Milton Keynes MK14 6ES. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, (

Making a Complaint

If you think your data rights have been breached, you are able to raise a complaint with the UK’s Information Commissioner’s Office.

12. Keeping your information safe

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse and we have implemented technical and organisational processes to guard against this.

13. Use of 'Cookies'

Our website and hosted services applications use cookies to distinguish you from other users of our website or hosted services applications. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services. By continuing to browse the site and access the hosted services, you are agreeing to our use of cookies. To find out more about how we use cookies on our website and applications  and how to turn off cookies please see our Cookie Policy.

14. Links to other websites

Our web site may contain links to other web sites which are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy policy of that third party site.

15. Changes to this Policy

Any changes we may make to this policy in the future will be posted on this website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes, we’ll make this clear on this website.

16. Review of this Policy

We keep this policy under regular review. This policy was last significantly updated in May 2018 following the introduction of the General Data Protection Regulations with a further minor update in March 2019.

17. Cookie Policy

This Cookie Policy explains how our website and applications use cookies to recognise you when you visit our website or access our hosted services. It explains why we use them, as well as your rights to control our use of them.

A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognise your browser. Cookies may store user preferences and other information.

The only cookies utilised on the Worksmart website and applications are for the following reasons:

to hide the opt-in cookie tracking notification; and
analytics (country of search origin, device used, source of route to website, returners, page views, page timings).

No personally identifiable information is stored directly in cookies.

By using our website and applications and opting in with our Cookie Notification, you agree to us placing the cookies specified above on your device, (phone, android, computer, mac etc.).

We may change this Policy from time to time as a result of changes required for operational or administrative reasons or in order to comply with changes in the law.

What third party cookies does the website use?

Hubspot – Cookie Policy Location;

How do I turn cookies off?

If you want to delete cookies that are already on your device you can do this by deleting your browser history. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website or applications.