Common Mission Project – Virtual Learning Environment (LearnWorlds Platform)Last Updated: 24 February 2026
Common Mission Project (CMP) is a UK registered charity (Charity Number 1187549) and the Data Controller for personal data processed through our Virtual Learning Environment (VLE), hosted on the LearnWorlds platform.
CMP determines the purposes and means of processing personal data in accordance with:
- UK GDPR
- UK Data Protection Act 2018
CMP is regulated by the UK Information Commissioner’s Office (ICO).
If you are participating in a programme delivered in partnership with H4D Germany or another organisation, that organisation may act as an independent data controller for programme-specific data processed outside the VLE. This policy applies specifically to personal data processed within CMP’s LearnWorlds platform.
Contact:
Common Mission Project, 53-64 Chancery Lane, Chancery House, London, WC2A 1QS
Email: info@commonmission.uk
This policy explains how we collect, use, store and protect personal data when you:
- Register for access to the CMP Virtual Learning Environment
- Participate in one of our educational programmes
- Access learning materials hosted on LearnWorlds
This policy applies only to the CMP LearnWorlds platform.
We collect only the personal data necessary to deliver our educational programmes.
Core account information
This includes:
- Full name
- Email address
- Stakeholder role (for example educator, student or sponsor)
- Organisation or university affiliation
- Login credentials
- Learning activity data such as course progress, submissions and participation
- Communications made within the platform
We do not collect:
- Date of birth
- Postal or residential address details
- Financial or payment information
- Special category data, unless explicitly required and communicated in advance
- CMP does not request or process payment details through the VLE. There is no opportunity or requirement to provide financial information.
Optional information
In limited cases, we may invite users to provide additional information relating to background characteristics or demographics for research, evaluation or reporting purposes.
Providing such information is entirely optional. Users may choose not to disclose this information, or select “prefer not to say”, without any impact on their access to the VLE or participation in programmes.
Under Article 6 UK GDPR, CMP processes personal data on the following lawful bases:
- Article 6(1)(b): Processing necessary for participation in an educational programme
- Article 6(1)(f): Legitimate interests in delivering, maintaining and improving our educational programmes and ensuring platform security
- Article 6(1)(c): Compliance with legal obligations, where applicable
CMP’s legitimate interests include ensuring effective programme delivery, maintaining platform security and supporting long-term participant access to materials.
Where optional demographic information is collected, this is processed either on the basis of legitimate interests in programme evaluation or, where appropriate, on the basis of consent. In all cases, provision of such information is voluntary.
We do not use personal data for advertising or marketing purposes.
We use personal data strictly to:
- Provide and manage access to the VLE
- Deliver educational content and programme activities
- Monitor course participation and progress
- Maintain platform integrity and security
- Provide ongoing access to materials as part of the educational value offered
- Conduct programme evaluation and reporting, where applicable
We do not:
- Sell personal data
- Share data for marketing purposes
- Send promotional communications to VLE users
- Conduct automated decision making or profiling
Learner accounts remain active for as long as the user maintains an active account and valid email address.
Continued access to course materials forms part of the programme value. Personal data and course activity records remain linked to the active account.
CMP periodically reviews inactive accounts and may contact users to confirm continued access. Accounts that remain inactive for an extended period may be anonymised or deleted.
If a learner deletes or deactivates their account, associated personal data and linked course activity records will be securely deleted, subject to any minimal retention required by law.
CMP’s VLE is hosted by LearnWorlds Ltd, acting as a Data Processor under Article 28 GDPR.
CMP has a Data Processing Agreement in place with LearnWorlds to ensure compliance with GDPR requirements, including confidentiality, security of processing and appropriate technical and organisational safeguards.
LearnWorlds processes personal data only on CMP’s documented instructions.
Where personal data is transferred outside the United Kingdom, CMP ensures that appropriate safeguards are implemented in accordance with UK GDPR, such as:
- An adequacy regulation issued by the UK Government
- The UK International Data Transfer Agreement (IDTA) or Addendum to the EU Standard Contractual Clauses
- Other legally recognised transfer mechanisms
LearnWorlds is contractually required to implement appropriate safeguards where international transfers occur.
CMP implements appropriate technical and organisational measures to protect personal data, including:
- Secure account authentication
- Encrypted data transmission
- Restricted administrative access
- Platform-level security measures provided by LearnWorlds
Under GDPR, you have the right to:
- Access your personal data
- Request rectification of inaccurate data
- Request erasure of your data where applicable
- Restrict processing
- Object to processing based on legitimate interests
- Data portability, where applicable
- Lodge a complaint with a supervisory authority
You may lodge a complaint with the Information Commissioner’s Office (ICO).
We may update this Privacy Policy to reflect legal or operational changes. The most current version will always be available within the VLE.
