📄 UK GDPR & Data Protection Policy

Effective Date: 01/07/2025 Last Updated: 01/07/2025
Company Name: Swiftcert
Website: Swiftcerttraining.co.uk

1. Purpose of This Policy

This Data Protection Policy outlines how Swiftcert collects, processes, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

We are committed to protecting the privacy and rights of our users, customers, employees, and business partners.

2. Who We Are

Swiftcert is a Distributer of online training solutions to individuals and businesses. For the purposes of UK GDPR, we act as a Data Controller when processing personal data related to our services.

3. What Data We Collect

We may collect the following types of personal data:

Contact Data: Name, email address, phone number

Business Data: Company name, job title, team members

Account Data: Login credentials, course access history, progress tracking

Payment Data: Billing address, transaction ID (handled by third-party processors)

Technical Data: IP address, browser type, cookies, device identifiers

Marketing Preferences: Opt-in status, communication preferences

4. Lawful Bases for Processing

We process personal data only when we have a lawful basis under UK GDPR. This includes:

Contractual necessity (e.g. to provide purchased training)

Consent (e.g. for marketing emails or optional analytics)

Legal obligation (e.g. invoicing records for HMRC)

Legitimate interest (e.g. improving services, fraud prevention)

5. How We Use Your Data

We use your data to:

Register and manage your account

Provide access to training content

Process payments and send receipts

Communicate with you about your account or services

Send relevant updates and marketing (only with your consent)

Monitor website usage and improve our services

6. Data Sharing

We do not sell personal data. We may share data with:

Trusted service providers (e.g. hosting, email, payment platforms)

Business clients (only for user progress reports under a B2B contract)

Regulatory bodies or legal authorities (if required by law)

All third parties are required to process data in compliance with UK GDPR.

7. International Transfers

If personal data is transferred outside the UK (e.g. to cloud providers), we ensure:

Adequate safeguards are in place (e.g. UK-approved Standard Contractual Clauses)

Transfers comply with UK data protection law

8. Data Retention

We retain personal data only for as long as necessary for the purposes collected, including:

Contract fulfillment

Legal/accounting requirements

Support or dispute resolution

Retention periods are regularly reviewed and securely enforced.

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

Access your personal data

Correct inaccurate or outdated data

Request deletion of your data (“right to be forgotten”)

Restrict or object to certain types of processing

Withdraw consent (where applicable)

Request data portability (in some cases)

Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise your rights, contact:
📧 Email: businessmanager@swiftcerttraining.co.uk

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

Encrypted transmission (SSL)

Secure servers and cloud platforms

Access controls and password policies

Regular security audits and staff training

11. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that has legal or significant effects.

12. Policy Updates

We may update this policy to reflect legal or operational changes. We encourage you to review it periodically. Any material changes will be communicated via email or site notification.

📧 Email: businessmanager@swiftcerttraining.co.uk
📞 Phone: 0330 043 1781
⏱ Support Hours: UK based phone support open 9am -5pm Monday to Friday