DATA PROTECTION POLICY

 

Policy Review Date: 01 June 2026
Next Review Date: 01 June 2027

 Data Protection Policy Statement

GH Training is committed to protecting the privacy and security of personal data. We recognise the importance of handling personal information responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.

This policy applies to all employees, instructors, contractors, learners, customers, and any third parties who process personal data on behalf of the company.

Purpose

The purpose of this policy is to ensure that personal information is collected, processed, stored, shared, retained, and disposed of securely and lawfully.

Data We May Collect

The company may collect and process the following information:

  • Names and contact details
  • Addresses
  • Email addresses
  • Telephone numbers
  • Training records and certification details
  • Employment-related information where required for training purposes
  • Payment and invoicing information
  • Any other information necessary to deliver training services

Principles of Data Protection

The company will ensure personal data is:

  • Processed lawfully, fairly, and transparently.

 

  • Collected only for specified, legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and kept up to date.
  • Retained only for as long as necessary.
  • Protected against unauthorised access, loss, damage, or disclosure.
  • Processed in accordance with individuals' rights.

Data Storage and Security

The company will:

  • Store electronic records on secure password-protected systems.
  • Restrict access to personal data to authorised personnel only.
  • Use antivirus and security software where appropriate.
  • Ensure staff understand their responsibilities regarding confidentiality and data protection.

Sharing Information

Personal data will only be shared where:

  • The individual has provided consent.
  • It is necessary for the delivery of training services.
  • It is required by law.
  • It is required by awarding bodies, accrediting organisations, or regulatory authorities for verification purposes.

Personal information will never be sold or shared for marketing purposes without explicit consent.

Data Retention

Training records and associated documentation will be retained only for the period required by legislation, awarding body requirements, contractual obligations, or legitimate business purposes.

Once retention periods expire, records will be securely destroyed.

Data Disposal

The company will ensure that personal data is disposed of securely by:

  • Shredding confidential paper documents.
  • Permanently deleting electronic files from systems and storage devices.

 

  • Ensuring any third-party disposal services comply with data protection requirements.

Data Subject Rights

Individuals have the right to:

  • Access their personal information.
  • Request correction of inaccurate information.
  • Request erasure where applicable.
  • Restrict or object to processing in certain circumstances.
  • Lodge a complaint with the Information Commissioner's Office (ICO).

Data Breaches

Any suspected or actual data breach will be investigated immediately.

Where required by law, the company will notify the Information Commissioner's Office (ICO) and affected individuals within the applicable reporting timescales.

Responsibilities

Management is responsible for implementing and monitoring this policy.

All employees, instructors, and contractors are responsible for complying with this policy and protecting personal information they handle during their duties.

Policy Review

This policy will be reviewed annually or sooner if legislation, business activities, or regulatory requirements change.

 

For any questions about this policy please contact 

GH Training

Gary@gh-training.co.uk

01925 500796

GH Training

78 Oake Ave, Newton -Le-Willows, St Helens, WA12 8LS