GDPR Policy

GDPR Privacy Statement

We do our best to protect and respect your personal data. This statement explains how we collect that data, why we use it and how we keep it safe.

How do we collect your information?

We obtain information about you when you make contact with us. For example, when you register on our website, when you contact us by phone, or when you contact us by email. On occasion we may collect limited information about you indirectly, for example where a colleague has made an event delegate booking on your behalf.

When a delegate is happy to book a course we will include a link to an online “consent form” in the course booking email. There is also a link to our GDPR privacy policy for delegates to read. Delegates are requested to complete the consent form or to contact us if they have any questions regarding their privacy and our policy.

What sort of information do we hold?

Information that you may provide to us such as your name, address, telephone number, email address and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;

Information about the Services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and Services, and so on);

Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services.

Why do we collect your information?

We only use your information in accordance with the law. This gives us various powers to use your data. These are effectively the reasons for our processing and are:

Who has access to your information?

We will share personal data with third party Accredited organisations as necessary for the administration of training and examinations. Third party organisations will delete all personal data when they are no longer required to perform the services. We will not sell or rent your information to third parties. We will not share your information with third parties for them to market to you.

Retention of your data

We will retain your personal data for no longer than is necessary in order to comply with our legal obligations, noting that this may extend beyond your actual relationship with us. Following the end of your relationship with us we will restrict the processing of your data to those purposes which form a legal obligation for us, such as financial reporting.

Your data will be destroyed no later than 12 months from the end of training or exam. If you’ve registered for our mailing list your data will be removed from the list and destroyed when you elect to unsubscribe.

How do we protect your data?

We take several steps to protect your data. This includes robust IT security. All staff receive data protection training and our premises are secured.

Use of ‘cookies’

Like most websites, our pages uses ‘cookies’. Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies make it possible for your browser to remember your setting and preferences. Cookies also collect statistical data about your browsing and do not identify you as an individual. This helps us to improve our website and deliver a more personalised service for you. We also use cookies to provide tailored advertising to you on other websites. We do not pass on your personal details to others in this way. It is possible to switch off cookies in your browser preferences. Regulations state we may use cookies which are necessary for the operation of the site. Other categories of cookie (such as for preferences and marketing) are optional and can be selected when you first visit the site.

IP addresses

An internet protocol (IP) address can allow us to track who visits our webpages. We use software to plan our services and provide information on what topics people may be interested in. We will not match IP addresses to an individual.

Links to other websites

Our website contains links to websites run by other organisations. This statement applies only to our site and we are not responsible for the policies and practices of other sites.

Your Rights

Access and correction of your personal information. You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge. Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it. If you would like to exercise these rights, please contact us as set out below.

Right to stop or limit our processing of your data. You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances. If you would like to exercise this right, please contact us as set out below.

16 or Under?

We particularly wish to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission before you provide us with personal information.

Contact us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email: or through the contact form on our website.

By post: Data Protection Officer, [IPSO FACTO Training Solutions Ltd] (MCO)

IPSO FACTO, Lancaster Court, Barnes Wallis Rd, Fareham, Hampshire, PO15 5TU

T: 01489 588453

You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to to find out more.

Review of this statement

We keep this statement under review as part of our overall Data Protection Policy. It was last updated in June 2020.


Data Minimisation

We ensure that any personal data we process about you is:

More information about data minimisation from the ICO

Storage Limitation

More information about Storage of customer information from the ICO

Requests for Rectification

Complying with requests for rectification

More information about Your Right for Rectification from the ICO

Lawful basis for Processing – Accountability

More information about Accountability from the ICO