📄 UK GDPR & Data Protection Policy

Effective Date: 01/07/2025 Last Updated: 01/07/2025
Company Name: Swiftcert
Website: Swiftcerttraining.co.uk

1. Purpose of This Policy

This Data Protection Policy outlines how Swiftcert collects, processes, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

We are committed to protecting the privacy and rights of our users, customers, employees, and business partners.

2. Who We Are

Swiftcert is a Distributer of online training solutions to individuals and businesses. For the purposes of UK GDPR, we act as a Data Controller when processing personal data related to our services.

3. What Data We Collect

We may collect the following types of personal data:

  • Contact Data: Name, email address, phone number

  • Business Data: Company name, job title, team members

  • Account Data: Login credentials, course access history, progress tracking

  • Payment Data: Billing address, transaction ID (handled by third-party processors)

  • Technical Data: IP address, browser type, cookies, device identifiers

  • Marketing Preferences: Opt-in status, communication preferences

4. Lawful Bases for Processing

We process personal data only when we have a lawful basis under UK GDPR. This includes:

  • Contractual necessity (e.g. to provide purchased training)

  • Consent (e.g. for marketing emails or optional analytics)

  • Legal obligation (e.g. invoicing records for HMRC)

  • Legitimate interest (e.g. improving services, fraud prevention)

5. How We Use Your Data

We use your data to:

  • Register and manage your account

  • Provide access to training content

  • Process payments and send receipts

  • Communicate with you about your account or services

  • Send relevant updates and marketing (only with your consent)

  • Monitor website usage and improve our services

6. Data Sharing

We do not sell personal data. We may share data with:

  • Trusted service providers (e.g. hosting, email, payment platforms)

  • Business clients (only for user progress reports under a B2B contract)

  • Regulatory bodies or legal authorities (if required by law)

All third parties are required to process data in compliance with UK GDPR.

7. International Transfers

If personal data is transferred outside the UK (e.g. to cloud providers), we ensure:

  • Adequate safeguards are in place (e.g. UK-approved Standard Contractual Clauses)

  • Transfers comply with UK data protection law

8. Data Retention

We retain personal data only for as long as necessary for the purposes collected, including:

  • Contract fulfillment

  • Legal/accounting requirements

  • Support or dispute resolution

Retention periods are regularly reviewed and securely enforced.

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate or outdated data

  • Request deletion of your data (“right to be forgotten”)

  • Restrict or object to certain types of processing

  • Withdraw consent (where applicable)

  • Request data portability (in some cases)

  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise your rights, contact:
📧 Email: businessmanager@swiftcerttraining.co.uk

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encrypted transmission (SSL)

  • Secure servers and cloud platforms

  • Access controls and password policies

  • Regular security audits and staff training

11. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that has legal or significant effects.

12. Policy Updates

We may update this policy to reflect legal or operational changes. We encourage you to review it periodically. Any material changes will be communicated via email or site notification.

📧 Email: businessmanager@swiftcerttraining.co.uk
📞 Phone: 0330 043 1781
Support Hours: UK based phone support open 9am -5pm Monday to Friday