+ + + + ASTUTE LMS Blog Contact us About + Join our mailing list

Privacy Notice

Short summary

Legalese can sometimes be confusing and annoying. We have summarised the key points in this privacy notice into the list below. A full and more detailed explanation of our approach to privacy follows the list. Our layered privacy notice is available here.

  1. VinciWorks takes data protection and data privacy seriously. VinciWorks commits to respecting personal privacy at all times. We understand that your data is yours and we will take steps to ensure your control over your data.
  2. When visiting the VinciWorks website we collect some information about your browsing habits for statistical purposes.
  3. Occasionally we will request contact details from you in order to provide you with product demonstrations or resources. We will never sell your data to third parties.
  4. If you provide us with contact details, we might contact you about our products or services. Contacting you is lawful under GDPR under the lawful basis of legitimate interest. Should you ever request that we cease to contact you, we will comply immediately.
  5. When using our website, you have rights pertaining to your data, including the right to erasure and the right to a copy of your data. To exercise those rights, email [email protected].
  6. When using one of the VinciWorks products, such as e-learning courses or the Learning Management System; the organisation that you work for is the data controller and VinciWorks is the data processor. In this case, VinciWorks is still committed to its strict standards of data protection and data privacy. To exercise those rights in those circumstances, you should contact your organisation’s DPO.


We are aware that you care about your personal data and how it is being used. We understand that you are trusting us with your information and we take that seriously. We are working hard to protect your personal data.

We take a proactive approach to user privacy and ensure necessary steps are taken to protect the privacy of users across our website, products, online and offline services, software, apps, tools and other functionality we provide. The processing of your personal data complies with the European General Data Protection Regulation, the UK Data Protection Act and all other relevant national laws and requirements for user privacy.

This privacy notice explains and is meant to help you understand VinciWorks’ policies and practices regarding the collection and use of your personal data across our website, products, online and offline services, software, apps, tools and other functionality we provide.

It is important that you read this privacy notice together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

In different contexts, VinciWorks acts as both a data processor and a data controller under the GDPR.

  • VinciWorks as a data processor — When a client uses one of the VinciWorks products (including the Learning Management System, Risk Management System, Omnitrack and others) to process personal data; VinciWorks acts as a data processor. As a data processor VinciWorks ensures the security and integrity of the data, whilst providing tools for data controllers to adhere with data protection law.
  • VinciWorks as a data controller — When visiting the VinciWorks website (www.vinciworks.com) or emailing with VinciWorks employees, some personal information will be collected for the purpose of correspondence. In addition, for the purpose of fulfilling our contractual obligation to our clients, VinciWorks retains some information for key contacts at our clients.

About VinciWorks

This Privacy Notice is served by Vinci Legal Limited together with its subsidiaries and affiliates (‘VinciWorks’). Founded in 2004, VinciWorks is a leading provider of online compliance training and risk management software. With over 150,000 users across 70 countries, VinciWorks has established itself as the definitive authority in online compliance.

About GDPR

The General Data Protection Regulation (GDPR) is a European privacy regulation. GDPR harmonises data protection law across the EU and strengths the security and protection of personal data.

GDPR applies to all organisations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.

In addition to GDPR, as a UK company, VinciWorks complies with the Data Protection Act 2018. The Data Protection Act enshrines all of the provisions of GDPR into UK law.

To learn more about GDPR visit www.vinciworks.com/gdpr.

Data Protection Officer

VinciWorks is headquartered in London, in the United Kingdom. VinciWorks has appointed a data protection officer for you to contact if you have any questions about VinciWorks’ personal data policies or practices. The VinciWorks’ data protection officer’s name and contact information is as follows:

Ruth Mittelmann Cohen
20 Grosvenor Place
United Kingdom
[email protected]

VinciWorks as a data controller

This section of the privacy notice is for contexts in which VinciWorks acts as a data controller.

The VinciWorks website

The primary place where VinciWorks acts as a data controller is through its website (www.vinciworks.com).

Security and encryption

When browsing the VinciWorks website, all data is encrypted via SSL/TLS when transmitted between your browser and our servers. This is to ensure that the personal data that you choose to share with us, is only shared with us.

Use of cookies

Cookies are small files saved to the user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server, to provide users with a tailored experience within the website.

We may use cookies to remember personal settings you have chosen at our website. In no other context do we use cookies to collect information that identifies you personally. Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards.

We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website, application and training courses and make the most of their features. If you log into the website, application or a training course as a registered user, your session cookie will also contain your user ID so that we can check which services you are allowed to access.

Our website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google's privacy policy here.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Information collection and use

Except where we specifically ask for information from you, we do not collect personal information. We may collect anonymous information, such as IP addresses and pages viewed, which we use for statistical reporting about the website, applications and courses. We will not disclose any information we collect to any company outside of VinciWorks except to help prevent fraud, or if required to do so by law.

Registration forms

You may be asked for limited personal information when you register to demo a course, participate in a webinar or if you want to take advantage of specific services that we offer from time to time. In addition, our website includes contact forms where you can submit your personal details to receive more information.

VinciWorks will not sell or rent your personally identifiable information gathered as a result of filling out the site registration form to anyone.


VinciWorks, and in appropriate circumstances the VinciWorks Group, would like to contact you, via marketing emails or otherwise, with details of products and services we provide. VinciWorks relies on the condition of ‘legitimate interest’ in processing personal data for our marketing activities. The ‘legitimate interest’ condition for processing requires VinciWorks to balance our legitimate interest in processing personal data with data subjects’ right to privacy. You can view our Legitimate Interest Assessment here.

As part of our legitimate interest assessment, VinciWorks believes that individuals who have filled in an online form, requested a demo or otherwise given us their personal data would reasonably expect us to process their data (e.g. store it and call or email them) in order to offer and market products and servces offered by the VinciWorks Group them. In every marketing communication, the individual is given the opportunity to choose not to be contacted further by VinciWorks.


When acting as a data controller, VinciWorks uses third party sub-processors, such as cloud computing providers and customer support software, to provide our services. We carefully vet each sub-processor to ensure that their GDPR safeguards are as stringent as ours. Where appropriate, we enter into GDPR-compliant data processing agreements with the sub-processor.

Your rights

VinciWorks takes your rights seriously and commits to respecting personal privacy at all times. We understand that your data is yours and we will take steps to ensure your control over your data.

The right to be informed

Data subjects have the right to be informed about the collection and use of their personal data. We have published this privacy notice to keep you informed as to what we do with your personal information. VinciWorks strives to be transparent about how we collect and use your data.

The right to access

You have the right to make a ‘subject access request’ regarding your information. Please contact VinciWorks’ Data Protection Officer at [email protected] if you wish to access the personal information VinciWorks holds about you.

The right to rectification

If the information VinciWorks holds about you is inaccurate or incomplete, you have the right to ask us to rectify it. If that data has been passed to a third party with your consent or for legal reasons, then we shall them notify the third party to rectify the data as well. Please contact our Data Protection Officer if you need us to rectify your information at [email protected].

The right of erasure

If you would like VinciWorks to erase your personal data and we do not have a legal reason to continue to process and hold it, please contact our Data Protection Officer at [email protected].

The right to restrict processing

Pursuant to Article 18 of GDPR, you have the right to ask VinciWorks to restrict how we process your data in certain circumstances. If you would like VinciWorks to restrict processing of your data, please contact our Data Protection Officer at [email protected].

The right to object

Under Article 21 of GDPR, you have the right to object to processing of personal data for the purpose of direct marketing. VinciWorks protects your “right to object” to processing for direct marketing purposes. Upon providing us with your personal information, by registration form or otherwise, you will receive an initial communication from VinciWorks via email or otherwise giving you the ability to “unsubscribe” from any further direct marketing. All subsequent direct marketing will also contain a link to “unsubscribe” from having your personal data processed for direct marketing purposes.

VinciWorks as a data processor

VinciWorks values customer trust. We understand how important protecting personal data is to our clients, and we ensure that client’s data remains private and safe.

VinciWorks supports hundreds of clients and hundreds of thousands of users across 70 countries. Our clients entrust us with a wide variety of information about their employees.

VinciWorks is committed to helping clients maintain control of the personal data that they store with us, and provide our clients with tools to easily comply with GDPR rights requests.

Products where VinciWorks acts as data processor

  • Learning management system
  • E-learning courses
  • SCORM Gateway
  • Continuing Competence Module
  • Policy Tracker
  • Risk Management System
  • Omnitrack

Data processing agreements

VinciWorks has updated its terms and conditions with all of its clients governing the relationship between the clients (acting as a data controller) and VinciWorks (acting as a data processor). This agreement facilitates our clients’ compliance with their obligations under GDPR.

Data security

VinciWorks is committed to ensuring the security of all of our products. When accessing the VinciWorks servers all data is encrypted via SSL/TLS. This is to ensure that data remains secure in transit.

Data hosted within the European Union

All data stored by VinciWorks in our products will be stored exclusively in secure hosting facilities located in the UK and provided by Razorblue Ltd. VinciWorks has a data processing agreement in place with its hosting provider ensuring compliance with GDPR. Personal Data is stored and processed in the EEA. Personal Data may also be processed within EU Commission’s list of countries or territories providing adequate protection for the rights and freedoms of data subjects.

Compliance with rights requests

VinciWorks is committed to making GDPR compliance as straightforward as possible for our clients. As a data processor, VinciWorks has made preparations to ensure that data controllers can easily comply with rights requests in relation to the data that we hold.

Assistance with GDPR compliance

VinciWorks provides its clients with a wide range of tools and resources to help with GDPR compliance.

Further information

For further information on how your information is used, how we maintain the security of your information, and your rights, please contact us as directed in the ‘Contact Us’ section below.