Learning reimagined
with care, for care

Website and Product Privacy Notice

Last updated: 19th March 2026 

We are committed to provide learning with care, for care. 

 

This privacy notice is designed to inform you about how we collect, use, process, and safeguard the personal data of our website users and Learning Portal users—individuals who use the Learning Portal to upskill themselves and individuals who manage the learning path of learners.  

This notice outlines the types of data we collect, the reasons for processing your data, your rights regarding your personal information, and how we protect your privacy.  

We encourage you to read this notice carefully. Should you have any questions or concerns about your personal data, please do not hesitate to contact us at support@futuru.ai. 

 

Legal information and GDPR role 

FuturU’s registered business details is FUTURU LIMITED, 5th Floor 48 Chancery Lane, London, United Kingdom, WC2A 1FJ and Company House Identifier is 14586441. 

We act as controller for website users and for learners who enrol in courses directly with FuturU. We act as processor for personal data of learners when we operate the Learning Portal for an organisation.

 

Why do we need to process your data? 

We process personal data of learners and organisation staff for the following primary purposes: 

  • Service Provisioning of Users 
  • Assign Learning Path to learners 
  • Maintain learning records of learners 
  • Facilitate and manage End-Point Assessments through the platform 
  • Associated support activities to troubleshoot issues and provide resolution 
  • Relationship management, billing and administration of learning services to organisations 

 

What data do we need to process? 

Personal Identifiers: This includes your full name, job title and contact information (such as email address, and phone number) to identify you as our user and to maintain communication with you. 

Learning records and evidence: Your learning records that are created within the platform including the evidence of completing the courses. 

Preferences and Feedback: Information regarding your preferences, feedback on services received, and any special needs or accommodations to ensure your satisfaction with our services. 

Technical Identifiers:  This includes your IP address and device information. 

 

Lawful basis for processing personal data 

We rely on any of the following lawful basis for processing personal data under UK GDPR. 

  • Performance of Contract (Article 6(1)(b)) – providing learning services 
  • Legal obligation (Article 6(1)(c)) – regulatory and audit requirements 
  • Legitimate interests (Article 6(1)(f)) – platform security, analytics 
  • Consent (Article 6(1)(a)) – cookies, optional features 

Where we process special category data (such as accessibility or reasonable adjustment information), this is processed only where necessary and with appropriate safeguards, and in accordance with Article 9 UK GDPR. 

 

How do we collect personal data about you? 

  • Provided by Administrator: The personal data we require for service provisioning is provided by you or Administrator of your organisation in our portal. 
  • Directly from You: This is applicable for the learning records. 
  • Through web tracking: Web tracking technology like cookies and specifically behavioural analytics tools like Posthog are used to capture your online interaction data.  Cookie notice and consent for non-essential cookies are handled using Cookiebot. 

 

With whom do we share your personal data? 

Organisation Staff: Limited necessary information can be accessed by staff who manage your learning records within the organisation. 

FuturU Staff: Limited necessary information can be accessed incidentally by FuturU staff who is responsible for managing the online portal. 

IT Service Providers of FuturU: The External companies that support FuturU’s information technology and data security needs may access personal data to ensure the integrity, security, and availability of the data systems.  The external companies include: 

 

Vendor 

Purpose 

Google 

Email and correspondence, Android signing 

Apple 

iPhone authentication 

Amazon (AWS) 

Authentication and processing data 

Snowflake 

Data analysis 

EPA Pro 

Learner evidence repository 

One File 

Learner evidence repository 

Posthog 

User analytics 

 

Regulatory Authorities: We may be required to share information with health regulatory bodies or government agencies to comply with legal obligations, regulatory requirements, or in response to official requests. 

Whenever we share your data with third parties, we ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws. This includes entering into data processing agreements and or International Data Transfer Agreement approved by ICO with third parties that require them to adhere to the same standards of data protection that we follow. 

 

Transfers outside of the UK and Safeguards for International transfers  

Your data may be transferred to countries outside UK in instances where our or our recipients’ servers used for storing personal data are based outside of the UK. If you use our services whilst you are outside of the UK, your data may be transferred outside the UK in order for us to provide you with those services.  

 Data will only be transferred outside of the United Kingdom (as appropriate) only where a declaration of adequacy and Data Protection Agreement or equivalent agreement is in place. If the country in which the data is to be transferred has no declaration of adequacy in place, then we will request the third party to enter into a legal agreement that reflects those standards through the use of UK International Data Transfer Agreement (IDTA). 

 

Security, compliance and certification assurance 

At FuturU, we have a security and compliance team actively working to keep your information protected, auditing the security posture and improving safeguards from unauthorized access, accidental loss, disclosure or destruction. Toward this, we employ physical, technical, and administrative safeguards to protect the personal information we collect and process. Administrative and organisational policies and procedures are documented in the FuturU Information Security Management System (ISMS) where appropriate controls are designed to maintain an adequate level of data confidentiality, integrity and availability. 

FuturU has ISO/IEC 27001:2022 certification. Independent technical vulnerability scanning and penetration testing are performed periodically as required by ISO/IEC 27001:2022.

 

Data retention  

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

You can ask us to delete your data and we shall address it in a timely manner, subject to legal and regulatory obligations and keep you informed of it. We may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

 

Your Data Protection Rights 

Under the GDPR, you have the ability to exercise the following rights with respect to your personal data that we process as a controller: 

  • Request access to your personal data (commonly known as a “data subject access request, SAR, or DSAR”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. 
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. 
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no lawful reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), if it is shown we have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. 
  • Request restriction of processing of your personal data. You have the right to request that we restrict the processing of your personal data in certain circumstances, limiting the way we use your data. This may be because you have issues with the content of information we hold, its accuracy, or how it is processed.  
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. 
  • Object to automated decision-making including profiling. You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you.   FuturU does not make decisions based solely on automated processing that produce legal or similarly significant effects. 
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

 

If you or your representative wish to exercise any of the above rights, please contact us at support@futuru.ai.

You will not have to pay a fee to access your personal data or to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. 

In exercising these rights, we may need to request specific information from you to help us confirm your identity and ensure the right to access your personal data or to exercise any of your rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to clarify or speed up our response. We aim to respond to all legitimate requests within the timeframes set by applicable laws and regulations. 

If we wish to use your personal data for a new purpose that is not covered by this privacy notice and which is incompatible with the purposes described in this notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where necessary, we will seek your prior consent to the new processing. 

Important Note: For personal data that we process as a processor, please route the request through your organisation for whom we are operating the Learning Portal. 

 

Links to Third party websites  

Our Website may also contain links to websites of third-parties. We have no control over the content or operation of these websites, nor do we control the confidentiality or privacy practices of the website operators. Consequently, any personal information you submit through such website is governed by the privacy policies of the website in question. It is therefore your responsibility to find out about the third-party policies in order to protect your personal information when visiting these third-party websites. 

 

Contact 

To ensure the protection of your data and to comply with the data protection laws, we have appointed a Data Protection Team. Should you have any questions about this document, or how we handle your personal data, or should you wish to make a complaint in relation to this, then please contact our DP Team using the following details: 

  • Email Address: support@futuru.ai 

 

Our Data Protection Team is available to address any concerns or queries you may have regarding your personal data, including your rights under data protection legislation, and is committed to ensuring the confidentiality and security of your information.  

 

Right to lodge a complaint with ICO  

To exercise all relevant rights, or for queries, please in the first instance contact us on the contact details provided above. 

Should you have a concern about our information rights practices, you have the right to complain directly to our supervisory authority, the ICO.  

Their address and contact details are as follows: 

Information Commissioners Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. 

Alternatively, you can email them via the following link: Contact us | ICO 

Contact details for data protection authorities in the European Economic Area, are available at https://edpb.europa.eu/about-edpb/board/members_en