Legal

Privacy Notice

How Nineteen Point Two Limited collects, uses, stores and shares personal data across the website, customer relationships and WAIA.

Last updated: 27 May 2026 Version: 1.0

This Privacy Notice explains how Nineteen Point Two collects, uses, stores and shares personal data.

It applies to:

  • visitors to the Nineteen Point Two website
  • visitors to WAIA pages
  • prospects and business contacts
  • customer contacts
  • WAIA organisation administrators
  • WAIA learners
  • people who contact us for support, sales, partnerships or general enquiries

1. Who we are

Nineteen Point Two is a business that provides practical operating systems, commercial advisory services and workplace AI adoption tools, including WAIA, the Workplace AI Academy.

Legal entity: Nineteen Point Two Limited
Company number: 15905276
Registered address: C/O James Todd & Co Furzehall Farm, 110 Wickham Road, Fareham, Hampshire, United Kingdom, PO16 7JH
Privacy contact: ben@nineteenpointtwo.com

In this Privacy Notice, “Nineteen Point Two”, “19.2”, “we”, “us” and “our” refer to the organisation providing these services.

2. Our role under data protection law

Our role depends on the context.

Where we are controller

We are controller where we decide why and how personal data is used. This includes personal data used for:

  • our website
  • sales and marketing
  • prospecting and business development
  • customer relationship management
  • billing and account administration
  • support enquiries
  • supplier management
  • our own business operations

Where we are processor

For WAIA learner data provided or managed by a customer organisation, the customer organisation will usually be the controller and Nineteen Point Two will usually act as processor.

This means the customer decides why learner data is used, who should access WAIA, what learning is assigned, and how WAIA records are used internally. Nineteen Point Two processes the data to provide WAIA under the customer’s instructions.

3. Personal data we collect

The personal data we collect depends on how you interact with us.

Website visitors

We may collect:

  • IP address
  • device and browser information
  • pages viewed
  • approximate location derived from technical data
  • referral source
  • cookie preferences
  • website usage data
  • security and diagnostic logs

Prospects and business contacts

We may collect:

  • name
  • job title
  • organisation
  • work email address
  • work telephone number, if provided
  • LinkedIn or professional profile information, where relevant
  • communication history
  • areas of business interest
  • campaign engagement information
  • publicly available business information

Customer contacts

We may collect:

  • name
  • job title
  • organisation
  • work email address
  • contract and order information
  • billing contact details
  • communication history
  • meeting notes
  • service preferences
  • support history

WAIA organisation administrators

We may collect:

  • name
  • work email address
  • organisation
  • admin role or permission level
  • login and account activity
  • invitation activity
  • learner management activity
  • organisation settings
  • organisation AI guidance configuration
  • organisation branding information, such as logo URL, website URL and short description
  • support messages
  • technical logs

WAIA learners

We may collect:

  • name
  • work email address
  • organisation
  • user role or access level
  • invitation status
  • course assignment
  • course progress
  • lesson completion status
  • knowledge check or assessment responses
  • guidance acknowledgement status
  • certificate or completion records
  • login and security logs
  • support messages

Support and enquiries

We may collect:

  • contact details
  • message content
  • files or screenshots you choose to send us
  • technical diagnostic information
  • support history

Please do not send us special category data unless we specifically ask for it and there is a clear reason to do so.

4. How we collect personal data

We may collect personal data:

  • directly from you
  • from your employer or organisation
  • when an organisation invites you to WAIA
  • when you use WAIA
  • when you complete learning, acknowledgements or assessments
  • when you contact us
  • when you visit our website
  • from publicly available business sources
  • from service providers used for email, analytics, hosting, security, customer management or support

5. Why we use personal data

We use personal data for the following purposes.

Purpose

Examples

Likely lawful basis

Provide WAIA

Account access, learning delivery, progress records, admin reporting

Contract, legitimate interests, or processor activity on customer instructions

Manage customer relationships

Contract management, onboarding, support, renewal discussions

Contract and legitimate interests

Support users

Troubleshooting, responding to questions, resolving issues

Contract and legitimate interests

Evidence learning and acknowledgement

Completion records, guidance acknowledgement, certificate status

Customer instruction, contract and legitimate interests

Maintain security

Login monitoring, audit logs, misuse prevention, service protection

Legitimate interests and legal obligation

Improve services

Understanding usage, identifying errors, improving content and workflows

Legitimate interests, or consent where required

Sales and marketing

Relevant business communications, follow-up, campaign activity

Legitimate interests or consent where required

Billing and finance

Invoicing, payment records, accounting

Contract and legal obligation

Legal and compliance

Handling disputes, enforcing terms, meeting legal duties

Legal obligation and legitimate interests

Where we act as processor, the customer organisation is responsible for identifying its own lawful basis for using learner data.

6. Marketing communications

We may contact business contacts about Nineteen Point Two services where we believe there is a relevant business interest. We will respect opt-out requests.

Where consent is required for a particular type of communication, we will seek consent before sending it.

You can ask us to stop sending marketing communications at any time by contacting ben@nineteenpointtwo.com or using any unsubscribe link provided.

7. Cookies and similar technologies

We use cookies and similar technologies where needed to operate our website or platform, remember preferences, maintain security, understand usage or support analytics.

Non-essential cookies will only be used where required consent has been obtained.

More detail is available in our Cookie Notice: /cookies/.

8. Who we share personal data with

We may share personal data with:

  • hosting and infrastructure providers
  • database and authentication providers
  • application deployment and monitoring providers
  • email and communication providers
  • analytics providers
  • payment, accounting and finance providers
  • professional advisers
  • legal, regulatory or public authorities where required
  • customer organisations, where WAIA records relate to their own learners
  • suppliers who help us provide, secure or support our services

Where a third party processes customer personal data on our behalf for WAIA, we treat them as a subprocessor and require appropriate contractual protection.

9. Current and expected providers

Depending on the current deployment, providers may include:

  • Lovable, for application hosting, deployment, platform operation or related services
  • Supabase, for database, authentication, storage, backend and related services
  • GitHub, for code hosting, website hosting or deployment workflows
  • Cloudflare, for DNS, security, routing, hosting or deployment support where used
  • Microsoft 365 or Google Workspace, for email, documents, business administration and support where used
  • Hunter.io or similar tools, for business contact research, outreach or campaign management where used
  • analytics tools, where enabled
  • payment, accounting or invoicing tools, where used

The active WAIA subprocessor list is maintained separately at /subprocessors/.

10. International transfers

Some of our service providers may process personal data outside the United Kingdom or European Economic Area.

Where this happens, we use appropriate safeguards where required, such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Addendum, data processing agreements or other lawful transfer mechanisms.

11. How long we keep personal data

We keep personal data only for as long as reasonably needed for the purpose for which it was collected, including to provide services, meet legal duties, resolve disputes and maintain business records.

Typical retention periods are:

Data type

Retention approach

Website enquiry data

Kept for as long as needed to respond and manage the relationship

Prospect and marketing data

Kept while there is a relevant business relationship or legitimate interest, unless you opt out

Customer contact data

Kept for the duration of the customer relationship and a reasonable period afterwards

Billing and accounting records

Kept for the period required by tax and accounting law

WAIA learner data

Kept for the customer contract term and any agreed learning evidence retention period

Support records

Kept for a reasonable period to manage service quality, disputes and continuity

Security logs

Kept for a limited period unless needed to investigate an incident

Specific customer learner data retention may be agreed in customer terms, the order form or data processing agreement.

12. Your rights

Depending on the circumstances, you may have rights to:

  • access your personal data
  • correct inaccurate personal data
  • request deletion
  • restrict processing
  • object to processing
  • request portability
  • withdraw consent where processing is based on consent
  • complain to the Information Commissioner’s Office

Where your data is processed in WAIA on behalf of your employer or organisation, we may need to refer your request to that organisation because it is usually the controller.

13. Security

We use reasonable technical and organisational measures to protect personal data. These may include access controls, authentication, role-based permissions, encryption where supported by the relevant provider, logging, supplier controls and operational security practices.

No online service can be guaranteed to be completely secure. Customers and users are responsible for keeping their own login credentials secure and for using WAIA in line with their organisation’s policies.

14. Children

WAIA is designed for workplace use and is not intended for children.

15. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The latest version will be published on our website with an updated version date.

16. Contact

For questions about this Privacy Notice or how we handle personal data, contact:

ben@nineteenpointtwo.com

You can also complain to the Information Commissioner’s Office if you are unhappy with how we handle your personal data.