This privacy policy explains how National Compliance Training Ltd (“National Compliance Training”, “we”, “us”, “our”) collects and uses your personal data when you use our websites, book or attend training, create an account, or otherwise interact with us.

This policy applies to:

  • Website(s): https://nationalcompliancetraining.co.uk and any sub-domains (e.g. courses.nationalcompliancetraining.co.uk, bookings.nationalcompliancetraining.co.uk) unless their own policy states otherwise.

  • Learners, employers, customers, enquirers, and website users in the UK.

We are the data controller for the personal data described here.

Controller details
National Compliance Training Ltd
Registered in England & Wales:  10990047
Registered office: C/O Pkf Smith Cooper Prospect House, 1 Prospect Place, Pride Park, Derby, United Kingdom, DE24 8HG
Trading address (if different): Unit 7 Trident Business Park, Holman Way, Nuneaton, CV11 4PN
Email: info@nationalcompliancetraining.co.uk)
Telephone: 020 3026 4629

1) The data we collect

We collect and process the following categories:

Identity & contact data – name, job title, employer, email, phone, postal address.
Account data – usernames, hashed passwords, user IDs on our LMS/booking system.
Training data – course bookings, attendance, assessments, results, certificates, expiry/renewal dates, Unique Candidate IDs, awarding body IDs.
Financial/transaction data – invoices, payments, refunds (limited card details handled by payment providers only).
Communications – emails, messages, feedback forms, support queries.
Marketing preferences – your consents/opt-outs, click-throughs.
Technical data – IP address, device/browser, pages viewed, cookies, logs, approximate location (derived from IP).
Special category data (if provided) – e.g., health or accessibility information where needed to make reasonable adjustments for training/assessment. We only collect this where necessary and with an appropriate lawful basis (see section 4).

We do not intentionally collect children’s data. Our services are aimed at adults (16+). If you believe a child has provided us data, please contact us.

2) How we collect your data

  • Directly from you (web forms, email, phone, in person, on-site sign-in).

  • From your employer when they book you onto a course.

  • Automatically via our websites and systems (cookies, analytics, logs).

  • From awarding/industry bodies where required to verify or upload results (e.g., RTITB, JAUPT/DVSA, CILT), and from e-learning platforms/LMS where you study online.

3) Why we use your data (purposes)

  • To provide and administer training (bookings, joining instructions, delivery, assessment, certification, renewals).

  • To set up and manage accounts on our LMS/booking portals.

  • To issue and verify certificates and to upload/validate results with awarding/industry bodies.

  • To provide customer service and respond to enquiries.

  • To invoice, take payment, and manage refunds/credit notes.

  • To comply with legal/regulatory requirements (e.g., training record retention for Driver CPC/JAUPT, tax and accounting).

  • To improve our services and websites (analytics, troubleshooting, testing, security).

  • To send marketing where you’ve consented or where permitted by law, and to manage your preferences.

  • To maintain site security, detect/prevent fraud or misuse.

4) Our lawful bases for processing

We rely on one or more of the following under UK GDPR:

  • Contract – to provide services you (or your employer) request, process bookings, deliver training, issue certificates.

  • Legal obligation – record-keeping for tax, training compliance (e.g., Driver CPC (JAUPT/DVSA)), health & safety, and other statutory duties.

  • Legitimate interests – running and improving our business and websites, IT/security, service analytics, limited B2B marketing (where allowed), and communicating with existing customers about related services. We balance these interests against your rights.

  • Consent – certain marketing (especially B2C email/SMS) and any processing of special category data (e.g., health/access needs) where consent is the most appropriate basis. You can withdraw consent at any time.

Special category data (e.g., health information for reasonable adjustments) is processed only where necessary and based on explicit consent or where necessary for employment and social protection law (e.g., health & safety obligations) as applicable.

5) Who we share data with

We share only what’s necessary with:

  • Awarding/industry bodies (as applicable to your course): e.g., RTITB, JAUPT/DVSA, CILT, and other accreditation bodies for registration, verification, certification, audits, or compliance reporting.

  • Payment providers: e.g., [Stripe/PayPal/Worldpay]. We do not store full card details.

  • IT and SaaS providers acting as processors: website hosting, email, LMS/e-learning, booking/ticketing, CRM, analytics, document storage, helpdesk.

  • Professional advisers: accountants, auditors, legal counsel, insurers.

  • Regulators, law enforcement, courts – where legally required or to protect legal rights.

  • Prospective buyers – if we undergo a business sale/restructure (with appropriate safeguards).

We require processors to meet UK GDPR standards under written contracts.

We do not sell your personal data.

6) International transfers

Some suppliers may be outside the UK. Where data is transferred internationally, we rely on UK adequacy regulations or International Data Transfer Agreements/Standard Contractual Clauses with supplementary measures where needed.

 

7) Data retention – how long we keep data

We keep personal data only as long as necessary for the purposes above and to meet legal/accounting/reporting requirements. Typical periods:

  • Training records and certificates: generally 6–7 years from course end (e.g., Driver CPC/JAUPT records are commonly retained for 6 years; some awarding bodies require up to 7 years).

  • Financial/transaction records: 6 years plus current financial year (HMRC).

  • Account & LMS data: for the life of the account and up to 2 years after inactivity, unless needed longer for compliance.

  • Enquiry data: 24 months from last contact unless you become a customer or ask us to delete sooner.

  • Marketing lists: until you unsubscribe; we keep a minimal suppression record to respect opt-outs.

  • CCTV/Access logs: typically 30 days unless required longer for an incident.

Where multiple rules apply, we use the longest required period. When no longer needed, data is securely deleted or anonymised.

8) Your rights

You have the following rights under UK GDPR (subject to conditions/exemptions):

  • Access to your personal data and a copy of it.

  • Rectification of inaccurate or incomplete data.

  • Erasure (“right to be forgotten”).

  • Restriction of processing.

  • Data portability (for data you provided to us, where processing is by consent or contract and automated).

  • Object to processing based on our legitimate interests or to direct marketing at any time.

  • Withdraw consent at any time where consent is the basis.

To exercise rights, contact info@nationalcompliancetraining.co.uk. We will respond within one month (extendable by two months for complex requests). We may need to verify your identity.

Complaints: You can complain to the Information Commissioner’s Office (ICO) at any time: ico.org.uk or 0303 123 1113. We’d appreciate the chance to address your concerns first.

9) Marketing

We’ll only send you electronic marketing (email/SMS) with your consent or where permitted by PECR (e.g., soft-opt-in to existing customers for similar services). You can opt out any time via the unsubscribe link or by contacting us.

10) Cookies, analytics & similar tech

We use cookies and similar technologies to operate our websites, provide secure log-in, remember preferences, and analyse site usage.

Types of cookies we use

  • Strictly necessary – required for site operation, security, account log-in, basket/checkout.

  • Performance/analytics – help us understand usage and improve services.

  • Marketing  – measure campaign performance and, where applicable, show relevant content/ads.

Consent: On your first visit we present a cookie banner so you can accept, reject, or manage non-essential cookies. You can change your choices anytime. Most browsers also let you block or delete cookies (see browser help). Blocking some cookies may affect site functionality.

For details, see our Cookie Notice:Cookie Policy

11) Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, least-privilege permissions, secure configuration, logging/monitoring, staff training, and vetting of suppliers. No internet service is 100% secure; please keep your account credentials confidential and tell us immediately if you suspect misuse.

12) Third-party links

Our sites may link to third-party websites or services. Their privacy policies apply to their processing; please review them.

13) Business changes

If we undergo a reorganisation, merger, or sale, personal data may be transferred to the new controller under this policy’s terms and with appropriate safeguards.

14) If you book through your employer

Where your employer books or funds training, we may share relevant information with them (e.g., attendance, outcomes, certificates, renewal dates) to deliver the service, verify competence, and support compliance. Employers are independent controllers for their own uses of the data.

15) Optional clauses

CCTV at our premises – We operate CCTV for security and safety. Footage is retained for 30 days unless required for an incident or investigation and may be shared with law enforcement where lawful. Signs are displayed at entry points.
Call recording – We do not record calls. If recorded, this is for training, quality and dispute resolution. Recordings are kept for 30 days.
Automated decision-making – We do not conduct automated decision-making producing legal or similarly significant effects.

16) Changes to this policy

We may update this policy from time to time. The latest version will always be published on our website with the effective date at the top. Significant changes may be notified by email or site notice.

17) Contact us

Questions, requests, or complaints:
Email: info@nationalcompliancetraining.co.uk
Post: Unit 7 Trident Business Park, Holman Way, Nuneaton, CV11 4PN
Phone:020 3026 4629

Last updated: 7 October 2025