Privacy Policy
1. Introduction
IBS Training & Development respect the privacy of every person who visits or subscribes to our websites and publications and are committed to ensuring a safe online-experience. This Privacy Notice explains how IBS Training & Development ("we", "us", "our") collects, uses, shares, stores and protects personal information when dealing with prospective students, current students, suppliers, customers, and other individuals who interact with us. It also explains your rights under UK data protection law, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA).
We are committed to protecting your privacy. This Notice is our promise to be transparent about what we do with your personal data, and to ensure that your data is treated lawfully, fairly, and securely.
2. Who We Are
Controller: IBS Training & Development is the data controller in relation to your personal data—meaning we decide why and how your data is processed.
Contact details:
Address: Kirkdale House Unit 317 (3rd Floor), 9 Kirkdale Rd, Bushwood, London, E11 1HP
Phone: +44 7990655259
Email: admin@ibstraining.co.uk
If you have any questions about this Privacy Notice, or how we process your data, please contact us.
3. What Personal Information We Collect
We collect different types of personal data depending on how you interact with us (e.g., as student applicant, parent/guardian, supplier, customer). The types of data we may collect include:
- Identity information: your name, title, date of birth, gender (if necessary).
- Contact information: postal address, email address, telephone number.
- Application/enrolment information: school/education history, qualifications, references, interview notes.
- Financial information: payment details, invoicing, bank account information if you are a supplier or if you are paying fees.
- Communications data: correspondence with us, feedback, complaint history.
- Service usage data: details of services requested or accessed.
- Technical data: IP addresses, browser/device information (particularly for website visitors).
- Special category data (if applicable): such as health information or disability status, where you choose to share, or where we need to take it into account for enrolment or safeguarding purposes.
We collect this data either directly from you (for example when you fill in forms, apply, contact us), or from third parties (references, exam boards, government bodies), or through your use of our website and services.
4. Why We Use Personal Data / Purposes of Processing
We process personal data for the following purposes:
| Purpose | Examples |
|---|---|
| To respond to enquiries, manage applications and deliver educational or other services | Reviewing applications; communicating decisions; arranging enrolment; scheduling classes |
| To manage student welfare, health & safety, safeguarding | Collecting relevant health/disability information; emergency contact details |
| To fulfil contract or perform obligations | When providing services you have requested (courses, materials etc.) |
| To administer payments, invoices, and financial accounts | Fee payments; supplier payments; refunds where applicable |
| For marketing and communications (with your consent) | Newsletters; course promotions; event invitations |
| To comply with legal obligations | Regulatory reporting, child protection, preventing fraud, legal claims |
| For legitimate interests (balanced with your rights) | Improving services; website maintenance; internal analytics; preventing misuse of facilities or fraud |
Under UK GDPR, each of these purposes must rely on a lawful basis. These lawful bases include consent, contract, legal obligation, legitimate interests, and vital interests/safeguarding.
5. Lawful Basis and Consent
- We will ask for your consent when required (for example marketing emails). You can withdraw your consent at any time.
- When using legitimate interests, we will ensure that those interests are clearly described, necessary, and that your rights and freedoms are not overridden.
- Where sensitive/special category data is processed (e.g. health status), additional conditions will apply (for example explicit consent, or necessity for purposes of provision of health or social care, or safeguarding).
6. Data Sharing
We may share your personal data with third parties, including:
- Internal staff and departments when needed for the above purposes.
- Data processors who act on our behalf (e.g. IT service providers, cloud storage providers, payment processors). We require them to commit to GDPR-compliant obligations.
- Regulatory bodies, government agencies, law enforcement, or courts when required by law.
- Other parties when necessary for safeguarding or where required under contract (for example exam boards, accreditation bodies).
We will only share special category data where necessary and under strict controls.
7. International Transfers
If any of your personal data is transferred outside the UK (or outside the European Economic Area, if applicable), we will ensure appropriate safeguards are in place. These might include:
- Use of UK adequacy decisions.
- Standard Contractual Clauses approved by the UK government.
- Encryption, contractual safeguards, and strict processing agreements with the recipient.
8. How Long We Keep Your Data
We retain personal data only for as long as is necessary. Retention periods depend upon the type of record and the reason. Examples include:
| Data Type | Retention Period |
|---|---|
| General enquiry/contact data | Up to 12 months after last contact, unless you enrol or request otherwise |
| Student application, enrolment, academic & welfare records | Up to 6 years after the last date of active relationship, or longer if required by law |
| Financial/accounting records | At least 6 years, to comply with UK statutory/accounting requirements |
| Marketing and communications data (with consent) | Until you opt-out, and then not retained in identifiable form beyond a short period needed to confirm withdrawal |
At the end of the retention period, data will be securely deleted or anonymised.
9. Your Rights
You have rights under UK GDPR and the Data (Use and Access) Act 2025 in relation to your personal data. These include:
If you want to exercise any of these rights or have any question about how your data is processed, please contact us using the contact details above.
10. Children's Data
We do not knowingly collect personal data from children under the age of 13 via our website or application forms. If we learn that we have collected such data, we will take steps to destroy it as soon as possible.
If you are a parent or guardian, or dealing with us on behalf of a minor, please contact us if you believe your child's data has been collected in error.
11. Cookies and Similar Technologies
We use cookies and similar technologies to collect certain technical information, typically from visitors to our website. These help us:
- Improve website functionality and performance.
- Analyse how people use our site, to help improve content.
- Remember preferences and maintain sessions.
We do not use cookies to collect excessive personal data without your consent. More details of the cookies we use, what they do, and how you can disable or block them are set out in our Cookie Policy.
12. Data Security
We take reasonable technical and organisational measures to protect your data, including but not limited to:
- Access controls (only authorised personnel have access).
- Encryption of sensitive data in transit and at rest when possible.
- Staff training & confidentiality agreements.
- Secure storage, backups, and disaster recovery plans.
While we strive to protect your data, the internet cannot be guaranteed totally secure. If you are transmitting data via our website, you do so at your own risk. Once we have your data, we will protect it as described.
13. Complaints & Contact Information
If you have concerns or complaints about our handling of your personal data:
- First, contact us at admin@ibstraining.co.uk or by post to the address above. Please include as much detail as you can.
- If you are not satisfied with our response, you have the right to raise a complaint with the Information Commissioner's Office (ICO).
14. Changes to this Privacy Notice
We may update this Privacy Notice from time to time (e.g. when our practices change, new legal requirements arise, or we adopt new services). We will publish the updated notice on our website with a new version number and date. We encourage you to review the notice periodically.
15. Additional Information Specific to IBS Training & Development
- Data protection officer (DPO): We do not currently have a statutory DPO, as IBS Training & Development is a small organisation, but we appoint a senior staff member responsible for data protection compliance who you may contact via info@ibstraining.co.uk.
- Joint controllers: Where we share responsibility with another organisation for processing certain data (for example when partnering with other educational or regulatory bodies), we will make that very clear in communications to you.
- Automated decision-making: We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals, except where explicitly stated and subject to your rights.
Questions About Your Privacy?
If you have any questions or concerns about how we handle your personal data, please don't hesitate to contact us.
