GDPR Policy

Our Commitment to Data Protection

We take data protection seriously and are committed to handling personal information lawfully, fairly and transparently. We comply with all requirements of the UK General Data Protection Regulation and the Data Protection Act. We aim to protect the rights of individuals whose information we hold including our employees, associates, learners and customers.

Our approach ensures that personal information is collected for clear and legitimate reasons, stored securely and used only for the purposes for which it was provided.

How We Manage Personal Data

We may need to collect personal information so we can deliver our services, meet our legal obligations and operate as a responsible employer and training provider. The types of data collected may include name, contact details, employment information, learner records, assessment evidence and other relevant information.

We process personal data to support
• administration, communication and record keeping
• training and assessment activities
• business operations and compliance
• HR and payroll where applicable

We aim to collect only the information we need and store it securely using appropriate technical and organisational measures.

What Processing Means

Processing refers to any activity that involves personal information. This includes collecting, recording, filing, organising, updating, reviewing, using, sharing or destroying the data. We take reasonable steps to ensure that all processing is lawful and necessary for our operations.

We actively prevent unauthorised access, misuse or accidental loss of personal information.

Consent and Transparency

Where consent is required for processing data we ask individuals to provide clear and voluntary agreement. This may apply to
• learners who provide evidence for vocational qualifications
• employees and associates who supply personal and sensitive details
• individuals whose images may be used for marketing purposes

Photographs or video used for promotional activity will only be used with express permission.

We do not share personal data with third parties unless
• it is required to deliver a contract
• it is needed to meet a legal obligation
• we have received explicit consent from the individual

Types of Personal Data

We may hold the following categories of personal data
• contact information
• employment information
• learner progress records
• qualification evidence
• communications and administrative information

We may also hold sensitive personal data where necessary. This may relate to
• health and wellbeing
• racial or ethnic background
• religious or philosophical beliefs
• trade union membership
• details relating to offences or criminal proceedings

Sensitive data is handled carefully and only when required.

Keeping Information Secure

We store personal and sensitive data securely in line with GDPR requirements. Security measures are reviewed regularly to ensure they remain effective.

Access to personal information is restricted to those who need it for legitimate business purposes.

Your Rights

Individuals have the right to
• request access to the personal information we hold
• ask for inaccurate data to be corrected
• request deletion of data where appropriate
• object to certain types of processing
• request that processing is restricted

Requests should be made to the Managing Director. Information will be provided within 28 days and there is no charge for making a request.

Data Retention

We keep personal information only for as long as it is needed to fulfil the purpose for which it was collected or to meet legal and regulatory requirements. Once no longer required, data is securely deleted or destroyed.

Continuous Improvement

We review this policy and our wider data protection practices regularly. This ensures we remain compliant with legislation and continue to protect the data entrusted to us.