top of page

AccessAbility Training

1. Purpose
AccessAbility Training is committed to protecting the privacy and security of personal data. We handle personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant laws. This policy outlines how we collect, use, store, and protect personal data.

2. Scope
This policy applies to all staff, trainers, contractors, learners, clients, and third-party providers who access or process personal data on behalf of AccessAbility Training. It covers all personal data, whether held electronically or in paper form.

3. Definitions

  • Personal data: Any information that relates to an identified or identifiable person (e.g., name, address, email, phone number, date of birth).

  • Special category data: Sensitive personal data such as health information, ethnicity, religion, or data relating to disability or neurodiversity.

  • Data subject: The person to whom the data relates.

  • Data controller: AccessAbility Training – the organisation that determines the purposes and means of processing personal data.

  • Data processor: Any third party that processes personal data on our behalf.

  • Processing: Any action performed on personal data, such as collecting, storing, using, or deleting it.

4. Our Responsibilities as a Data Controller

AccessAbility Training is responsible for ensuring that:

  • Personal data is processed lawfully, fairly, and transparently.

  • Data is collected for specified, explicit, and legitimate purposes.

  • Data is limited to what is necessary and kept accurate and up to date.

  • Personal data is stored securely and retained only for as long as necessary.

  • Individuals’ rights are upheld, including the right to access, correct, or erase their data.

5. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. This may include:

  • Consent – where the individual has given clear permission.

  • Contract – to fulfil our obligations under a contract.

  • Legal obligation – to comply with the law.

  • Vital interests – to protect someone’s life.

  • Public task – for tasks carried out in the public interest.

  • Legitimate interests – where necessary for our business purposes and balanced with individual rights.

6. How We Use Personal Data

We may collect and use personal data for the following purposes:

  • Delivering training and education services

  • Managing enrolment, attendance, and progress

  • Communicating with learners, clients, and stakeholders

  • Monitoring quality and evaluating outcomes

  • Meeting legal, contractual, and safeguarding obligations

  • Improving our services through feedback and analysis

We will always inform individuals why their data is being collected and how it will be used.

7. Data Security

We take appropriate technical and organisational measures to safeguard personal data, including:

  • Secure systems with restricted access

  • Password protection and encryption

  • Regular data backups

  • Lockable filing cabinets for physical records

  • Staff training on data protection and confidentiality

8. Data Retention

Personal data will be kept only for as long as necessary. Our retention periods are based on legal requirements, contractual obligations, and best practice. Once data is no longer needed, it will be securely deleted or destroyed.

9. Individual Rights

Under the UK GDPR, individuals have the following rights:

  • The right to be informed about how their data is used

  • The right to access their personal data

  • The right to rectification of inaccurate data

  • The right to erasure (‘the right to be forgotten’)

  • The right to restrict or object to processing

  • The right to data portability (where applicable)

  • The right not to be subject to automated decision-making without human involvement

Requests can be made by contacting:
accessabilitytraining@outlook.com
We aim to respond to all requests within one month.

10. Sharing Personal Data

We will only share personal data with third parties when:

  • It is necessary for service delivery (e.g., awarding bodies, funders)

  • We are legally required to do so

  • The individual has given consent

All third parties are required to comply with data protection laws and have appropriate security measures in place.

11. Data Breaches

In the event of a data breach, we will:

  • Investigate the breach promptly

  • Contain and assess the risk

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if required

  • Inform affected individuals where necessary

  • Take steps to prevent recurrence

12. Review and Updates

This policy will be reviewed annually or sooner if there are changes to legislation or our data practices.

Date of Last Review: 20.04.2025
Next Review Due: 20.04.2026
Data Protection Lead: Amy McManus

Protecting personal data is everyone’s responsibility.


AccessAbility Training is committed to upholding high standards of privacy and accountability in all that we do.

General Data Protection Regulation (GDPR) Policy

bottom of page