Privacy Policy - EBS Training Academy
EBS Training Academy ("we", "our", "us") delivers training services and materials to trainers and learners across the UK. Our Data Protection Officer (or representative) can be contacted at:
Email: ellieprince@ebsinstantcare.co.uk
What Personal data we collect
Depending on how you engage with us, we may collect:
Identity & Contact Information (e.g., name, job title, email, phone number, organisation)
Training Data (e.g., course enrolments, attendance records, assessments)
Account & Billing Details (e.g., payment info, invoices)
Website & Technical Data (e.g., IP address, cookies, logs, browser/device type)
Optional Sensitive Data (e.g., accessibility requirements)—only when directly provided by you and strictly necessary for service delivery.
How we use you Personal Data
We process your data for the following purposes:
Service delivery – managing enrollment, training content, and communication
Administrative needs – billing, records management, customer support
Legal compliance – fulfilling contractual and regulatory obligations (e.g., HMRC, audit)
Improvements & analytics – anonymised usage data to enhance user experience
Communications – sending updates, with opt‑outs available for marketing
Our Legal Bases for processing
Under UK GDPR, we rely on the following lawful bases:
Contractual Necessity – to provide training services you request
Legal Obligations – e.g. financial or statutory requirements
Legitimate Interests – such as system administration and improving our services, balanced carefully against individual rights
Consent – for optional services like newsletters or non-essential cookie use
Policy Continued....
Data Sharing
We only share your data when necessary:
Service Providers (e.g., payment processors, hosting platforms) – only with contractual guarantees of GDPR compliance
Legal Authorities – if required by law or official request
Business Transfers – in cases like mergers or acquisitions, with safeguards maintained
International Transfers
Your data will remain in the UK or EEA unless we explicitly inform you otherwise. If transferred elsewhere, we’ll ensure legal safeguards (e.g., standard contractual clauses) are in place.
We apply security measures aligning with UK GDPR principles—data encryption, access controls, and regular audits—to protect your information.
How Long We Keep Your Data
We retain personal data only as long as needed:
Training records: up to 6 years (to meet audit/tax obligations)
Website analytics & logs: retained in anonymised form for periodic review
You may contact us to discuss deletion sooner if conditions allow
Your Rights
You have rights including:
Access – obtain your data and processing details
Correction – rectify inaccuracies
Erasure (“right to be forgotten”) – where lawful
Restrict Processing
Data Portability – obtain your data in a reusable format
Object – e.g., to marketing processing
Withdraw Consent – at any time where consent is the basis
Complain – to the Information Commissioner’s Office (ICO)
Cookies & Tracking
We use cookies necessary for site functionality. For non-essential cookies (like analytics), consent is obtained following ICO guidelines.
Privacy by Design
We embed privacy into our systems and operations from the outset, following the “privacy by design” principles.
Changes to This Policy
We may update this policy, especially to reflect legal changes or improvements in our practices. Significant updates will be communicated via our website and, where appropriate, via email.
Summary Table
| Section | Key Takeaways |
|---|---|
| What we collect | Contact, training, billing, technical, optional sensitive data |
| Why we collect it | Service delivery, legal compliance, improvements, communication |
| Legal basis | Contract, legal obligation, legitimate interest, consent |
| Who we share with | Service providers, legal authorities, in business transitions |
| Security & retention | Secure measures in place; data held only as long as necessary |
| Your rights | Access, correction, erasure, portability, objection, consent withdrawal, complaint |
| Cookies & tracking | Essential + consented non-essential following ICO rules |
| Privacy by design | Built-in from development and operations |
| Policy changes | Notified via website or email where appropriate |
