📄 UK GDPR & Data Protection Policy
Effective Date: 01/07/2025 Last Updated: 01/07/2025
Company Name: Swiftcert
Website: Swiftcerttraining.co.uk
1. Purpose of This Policy
This Data Protection Policy outlines how Swiftcert collects, processes, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).
We are committed to protecting the privacy and rights of our users, customers, employees, and business partners.
2. Who We Are
Swiftcert is a Distributer of online training solutions to individuals and businesses. For the purposes of UK GDPR, we act as a Data Controller when processing personal data related to our services.
3. What Data We Collect
We may collect the following types of personal data:
Contact Data: Name, email address, phone number
Business Data: Company name, job title, team members
Account Data: Login credentials, course access history, progress tracking
Payment Data: Billing address, transaction ID (handled by third-party processors)
Technical Data: IP address, browser type, cookies, device identifiers
Marketing Preferences: Opt-in status, communication preferences
4. Lawful Bases for Processing
We process personal data only when we have a lawful basis under UK GDPR. This includes:
Contractual necessity (e.g. to provide purchased training)
Consent (e.g. for marketing emails or optional analytics)
Legal obligation (e.g. invoicing records for HMRC)
Legitimate interest (e.g. improving services, fraud prevention)
5. How We Use Your Data
We use your data to:
Register and manage your account
Provide access to training content
Process payments and send receipts
Communicate with you about your account or services
Send relevant updates and marketing (only with your consent)
Monitor website usage and improve our services
6. Data Sharing
We do not sell personal data. We may share data with:
Trusted service providers (e.g. hosting, email, payment platforms)
Business clients (only for user progress reports under a B2B contract)
Regulatory bodies or legal authorities (if required by law)
All third parties are required to process data in compliance with UK GDPR.
7. International Transfers
If personal data is transferred outside the UK (e.g. to cloud providers), we ensure:
Adequate safeguards are in place (e.g. UK-approved Standard Contractual Clauses)
Transfers comply with UK data protection law
8. Data Retention
We retain personal data only for as long as necessary for the purposes collected, including:
Contract fulfillment
Legal/accounting requirements
Support or dispute resolution
Retention periods are regularly reviewed and securely enforced.
9. Your Data Protection Rights
Under UK GDPR, you have the right to:
Access your personal data
Correct inaccurate or outdated data
Request deletion of your data (“right to be forgotten”)
Restrict or object to certain types of processing
Withdraw consent (where applicable)
Request data portability (in some cases)
Lodge a complaint with the Information Commissioner's Office (ICO)
To exercise your rights, contact:
📧 Email: businessmanager@swiftcerttraining.co.uk
10. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
Encrypted transmission (SSL)
Secure servers and cloud platforms
Access controls and password policies
Regular security audits and staff training
11. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that has legal or significant effects.
12. Policy Updates
We may update this policy to reflect legal or operational changes. We encourage you to review it periodically. Any material changes will be communicated via email or site notification.
📧 Email: businessmanager@swiftcerttraining.co.uk
📞 Phone: 0330 043 1781
⏱ Support Hours: UK based phone support open 9am -5pm Monday to Friday
Swiftcert
Proudly helping institutions and organisations train, certify, and succeed.
© 2025. All rights reserved.
We work in partnership with a trusted training provider to deliver online IOSH Approved Managing Safely®. The course is delivered via their platform. As an agent for this course we are not directly approved by or associated with IOSH’