Skip to main content
Get in touch
en de

Solutions Overview

Platforms Overview

Sponge Analytics

A data platform that pairs with our solutions to reveal deep insights into impact & learner behaviour.

Learn more

About Overview

We’re hiring!

We have exciting new roles available. Join our growing team and begin an unforgettable journey.

Learn more

Looking for something?

Home / Privacy Policy

Sponge UK Limited 
privacy policy.

Sponge External Privacy Notice

Sponge Group Limited is committed to protecting the privacy and security of the personal data of our employees, contractors and the other third parties we deal with in the course of our business operations, recruitment activities and the provision of our services. This Privacy Notice explains who we are, how we collect, share, and use your personal data, and how you can exercise your data protection rights.

We ensure that your personal data:

  • Is processed lawfully, fairly and in a transparent manner
  • Is collected only for specified, explicit and legitimate purposes
  • Is adequate, relevant, and limited to what is necessary in relation to the services that we are providing you
  • Is accurate and where necessary, kept up to date
  • Is not kept in a form which allows for you to be identified for longer than is necessary
  • Is only processed in a manner that ensures its security using appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Our name and contact details

Sponge Group Limited, Units 2.1-2.3 Paintworks, Arnos Vale, Bristol, BS4 3EH.

Any queries relating to data protection should be directed to our Data Protection Team. dataprotection@spongelearning.com.

Our ICO registration is ZB362295.

What we do

Sponge Group Limited is an award-winning provider of digital learning solutions including bespoke learning, Learning Management Systems, and ready-to-go content.

Processing your personal data

We process and manage your personal data according to the relationship we have with you. This relationship helps us to identify the appropriate data subject category you belong to (or group of individuals whose data we process in an identical manner) and allows us to provide you the details of how we process your personal data. We interact with you and process your personal data in one of more of the following ways:

1. As a Customer

1.1. For Customer Relationship Management

We collect, store, and use your personal data to manage our relationship with you on the basis of our business contract with you.

We collect

Business contact, call data record, contact information, email address, email content, first name, last name, mobile, occupation, password, postcode, salutation

From

Yourself

Share with

Sponge teams

Store in

United Kingdom

Retain for

Length of contract

1.2. For Learning Content

We collect, store, and use your personal data to provide you access to content on our learning platforms on the basis of the contract we have agreed with you.

We need to process your personal information to manage the contract for our learning platforms/ portal services we are about to or have entered into with you. If you fail to provide certain information when requested, we may not be able to perform or enter into the contract for learning services access.

We collect

Business contact, call data record, contact information, email address, email content, first name, last name, mobile, occupation, password, postcode, salutation

From

Yourself

Share with

Sponge teams

Store in

United Kingdom

Retain for

Length of Contract

1.3. For Customer Support

We need to process your personal information to ensure that we can provide the necessary support you may require when using our services and learning management platforms and for processing invoices and taking payment. This is done on the basis of the contract we have with you. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you.

We collect

Company name, country, email address, first name, last name, mobile, postcode

From

Yourself

Share with

Sponge teams

Store in

United Kingdom

Retain for

Length of contract

1.4. For Learning Analytics

We collect, store, and use your personal data to understand how our learning management platforms and services are being used. This is done on the basis of the contract we have with you.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you.

We collect

Behaviour, browser details, business contact, duration, employer details, first name, last name, mobile, occupation, postcode, salutation

From

Customer

Share with

Customer, Sponge teams

Store in

United Kingdom

Retain for

Length of contract

1.5. Fulfilment of Customer Satisfaction Survey

We collect, store, and use your personal data to get feedback on the service we provide for you.

We do this based on our legitimate interests in ensuring we provide you with the best customer experience when accessing our services.

We collect

Company name, email address, first name, last name, Views

From

Yourself

Share with

Suppliers, Sponge teams

Store in

United Kingdom and United States of America

Retain for

Three years

1.6. To Provide System Development

We collect, store, and use your personal data to enhance our internal production systems, Enterprise Resource Planning systems and make enhancements to our platforms.

We do this on the basis of our legitimate interests in improving the efficiency and user experience of the services we provide to you.

We collect

Contact Information, first name, last name

From

Yourself

Share with

Suppliers, Sponge teams

Store in

India

Retain for

Three years

2. As a Learner

2.1. To Resolve Login / Technical Issues

We collect, store, and use your personal data to provide support for access to our learning management platform and services on the basis of our contract we have with your Learning Provider.

It is necessary for us to do so to support your access to our learning management platforms and to ensure the security of these systems.

We collect

contact information, email address, email content, first name, last name, mobile, occupation, password, postcode, salutation

From

Yourself

Share with

Sponge teams

Store in

United Kingdom

Retain for

Length of contract plus 6 years

2.2. For Facial Recognition to Access Training

Where enabled, we collect, store, and use your personal data, specifically your photograph, to provide you access to our learning management platform. This is done on the basis of the contract we have with your Learning Provider who is the data controller.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with your Learning Provider.

We collect

Photograph

From

Yourself, Learner

Share with

Sponge teams, yourself, Learning Provider

Store in

United Kingdom and Ireland

Retain for

Indefinitely

3. As a Potential Customer

3.1. For email marketing

We need to process your personal information to share newsletters, promote our services and invite you to business events we believe will be of value to you.

We do this on the basis of our legitimate interests in facilitating engagement with potential new client organisations, increasing external knowledge of the Sponge brand, understanding external corporate issues, and developing appropriate solutions.

We collect

Company name, country, email address, first name, last name, mobile, postcode

From

Prospective Company, Research, Website Visitors, Conference / Webinar Attendees Lists

Share with

Sponge teams

Store in

United Kingdom

Retain for

Three Years

3.2. To Data Cleanse for Marketing

We need to process your personal information to ensure that we have accurate, up-to-date, and appropriate information about you to support our marketing. This is done on the basis of our legitimate interest in establishing and maintaining a business relationship with you.

We collect

Company name, country, email address, first name, last name, mobile, postcode

From

Prospective Company, Research, Website Visitors, Conference Attendees

Share with

Suppliers

Store in

United Kingdom

Retain for

Three Years

4. As a Website Visitor

4.1. To manage your cookie preference

We collect, store, and use your personal data to make our website more intuitive and easier to use and protect the security and effective functioning of our websites on the basis of your consent.

It is necessary for us do so to monitor how our website is used to help us (a) improve the layout and information available on our website and provide a better service to our website users and (b) monitor how our website is used to detect and prevent fraud, other crimes, and the misuse of our website

We collect

Cookies, country, email address, ip address, name, occupation

From

Yourself

Share with

Suppliers

Store in

United Kingdom

Retain for

The duration of your browsing session.

5. As a Potential Employee

5.1. To select candidates for employment

We collect, store, and use your personal data to assess your skills, qualifications, and suitability for the work or role, during this process on the basis of our legitimate interest.

It is in our legitimate interest to carry out background checks, communicate with you about the recruitment process and keep records related to our hiring process.

If you fail to provide information when requested, which is necessary for us to consider your job application, we will not be able to process your application.

We collect

Behaviour, CV, date of birth, education, email address, employment, ethnicity, first name, gender, health, home address, image, interview notes, last name, location, marital status, medical, name, nationality, other data subjects, passport, race, religion, signature

From

Yourself and recruitment agencies

Share with

Recruitment agencies

Store in

United Kingdom and United States of America

Retain for

Six Months

6. As an Actor / Model

6.1. For use in learning content

We collect, store, and use your personal data for use in our training material on the basis of the contract you have, or are about to enter into with us.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you

We collect

Photograph, video footage including individuals

From

Supplier

Share with

Consultant and customer

Store in

United Kingdom and EEA

Retain for

3 years

7. As a Visitor

7.1. To comply with Health and Safety and Fire Regulations

We need to process your personal information to ensure that while you’re visiting one of our offices, we can keep you safe in case there is a fire evacuation or other health and safety incident.

We collect

Name, Company, Vehicle registration

From

Yourself

Share with

Sponge teams

Store in

United Kingdom

Retain for

Three years

Your data

May, in certain circumstances be provided to other third parties such as HMRC or Companies House, or other regulatory or law enforcement bodies, but only in compliance with the law and where strictly necessary.

Automated decision-making and profiling

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, including profiling, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.

Your rights

  • Access – you have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the personal data we process.
  • Rectification - you have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete. This right always applies.
  • Erasure - you have the right to ask us to erase your personal data where it is no longer required for purpose for which it was collected, or you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or it is being processed unlawfully, or when it must be erased to comply with a legal obligation, or it is being used for direct marketing purposes where we have no legitimate grounds for us doing so.
  • Restriction - you have the right to ask us to restrict the processing of your personal data where it is inaccurate (allowing us to verify the accuracy), or it is being processed unlawfully (and you want us to stop processing rather than erasing it), or where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or it is no longer required for purpose for which it was collected and you want us to keep it for the establishment, exercise or defence of legal claims.
  • Portability - this only applies to personal data you have given us. You have the right to ask us to transfer the information you provided us from one organisation to another or give it to you. This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering into a contract and the processing is automated.
  • Objection - you have the right to object to processing your personal data if we are using legitimate interests as our lawful basis for processing, or it is being used for direct marketing.
  • Withdrawing consent – you can withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
  • You have the right to complain to a Supervisory Authority, in the UK that is the Information Commissioner’s Office.

Breaches

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Dealing with your requests

We will deal with your requests as soon as possible but may take up to 1 month (possibly extended to 3 months where the law permits). Normally there is no charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Note

This notice does not form part of any contract to provide services.

Changes to this privacy notice

We may update this notice from time to time and any changes we make to our policy in the future will be posted on our <intranet/website> and, where appropriate, notified to you by email. Please check our website frequently to see any updates or changes to our policy.

Supplementary information

Direct marketing

Our direct marketing activities comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) which means that you may receive direct marketing communications from us if you have requested these, or you have purchased any of our services and have not opted-out from receiving these, or the communications are necessary for performing a contract between us.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, destroyed or accessed without authorisation. While no data transmission or storage can be guaranteed to be secure, we implement a range of commercially reasonable physical, technical and procedural measures to help protect personal data. These measures include confidentiality agreements with third parties, secure development practices, security due diligence of service providers, products, services that may be used and ISO27001-based organisational security policies.

We have also put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies

Cookies are small files we store on the device (computer, mobile phone, tablet or any other mobile device) that you use to access our website or portal - this is so we can recognize repeat users improve your experience while you navigate through the website.

We use the term ‘cookies’ to include not only cookies, but also other technologies such as pixels, web beacons and page tags. Our website uses ‘first-party’ cookies (which are set by our own website) and ‘third-party’ cookies (which are set by websites other than our own).

Telling you about and managing how we use cookies is required by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426).

What cookies do we use?

We use the following types of cookie:

Necessary

These are essential for our website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

These may not be necessary for the website to function and are used to collect user personal data via analytics, ads, other embedded content and help us analyse and understand how you use our website. We always ask for your consent before using this type of cookie.

Blocking cookies

You can also disable cookies by changing settings on your browser that allows you to refuse the setting of all or some cookies. The settings and steps for managing cookies vary by browser, so we suggest referring to your browser’s documentation.

If you use your browser settings to block all cookies (including ‘Necessary’ cookies) you may not be able to access all or parts of our website.

Requesting more details about the cookies we use

For a detailed list of cookies we use including information about type of cookie, expiry periods and links to third party sites please contact dataprotection@spongelearning.com or click on this link https://www.spongelearning.com...