Privacy Policy

PRIVACY POLICY

Introduction

The General Data Protection Regulation (GDPR) was introduced in 2016 to standardise data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used.

By processing data in accordance with the data protection principles, Train2 ensures the safeguarding of data for all individuals engaged with the assessment, delivery and award of Train2 approved qualification delivery.

Policy Purpose

This policy outlines:

The types of personal and sensitive data processed by Train2. How data is collected, recorded, stored, retrieved, disclosed and used. The procedures followed to fulfil our role as a training and qualification delivery organisation.

Definition of Data

Personal Data

Information relating to an individual who can be identified directly or indirectly from that information. This includes facts and opinions held electronically or in paper form.

Examples include:

Full name Date of birth Address Email address Telephone number

Sensitive Personal Data

Information relating to:

Racial or ethnic origin Political opinions Religious beliefs Trade union membership Physical or mental health Sexual life Criminal offences, proceedings or convictions

GDPR Lawful Bases for Processing

Train2 processes personal data under one or more of the following lawful bases:

Consent

The individual has given clear consent for their personal data to be processed for a specific purpose.

Contract

Processing is necessary to fulfil a contract or take steps before entering into a contract.

Legal Obligation

Processing is required to comply with legal requirements.

Vital Interests

Processing is necessary to protect someone's life.

Public Task

Processing is necessary to perform a task carried out in the public interest or under official authority.

Legitimate Interests

Processing is necessary for Train2's legitimate interests or those of a third party, provided these do not override the rights of the individual.

Information We Collect

Information You Provide to Us

We collect personal information when you:

Register for courses Enquire about products, services or events Sign up for newsletters or updates Browse our website Contact us by phone, text, email or post Apply for employment or development opportunities

Information collected may include:

Full name Date of birth Age Gender Postal address Email address Telephone number Marketing preferences Survey responses and feedback Communication records Event attendance records Photographs, videos and voice recordings Payment information (processed securely by payment providers) Employment and education details supplied in CVs

Information Collected from Other Sources

This may include:

Publicly available information (e.g. Companies House, Electoral Roll) Public social media information Information from credit reference agencies Information supplied by authorised third parties

How We Use Personal Information

Supplying Products and Services

We use personal information to:

Provide products and services Verify identity Fulfil contractual obligations Respond to enquiries and complaints Notify customers of service changes Maintain website security and performance

Marketing and Communications

Where consent has been given, we may:

Send information about services, events and products Invite participation in market research Share updates and relevant opportunities

Individuals may opt out at any time.

Service Improvement

Information may be used to:

Improve services and events Develop new products and services Improve staff training and performance Improve website functionality Measure advertising effectiveness

Contact and Customer Support

We may use information to:

Respond to enquiries Manage communications Inform individuals about important changes to policies or services

Identity Verification and Fraud Prevention

Information may be used to:

Verify identity Meet legal obligations Detect fraud, money laundering and other criminal activity

Protecting Individuals

Information may be used to protect:

Customers Employees The public Train2's business interests

Sharing Personal Information

Personal information may be shared where:

Required by law Necessary for court proceedings or regulatory investigations Required to protect public safety Needed to prevent or detect crime Part of a business sale, merger or restructuring

All third-party providers are required to process personal data securely and in accordance with data protection legislation.

Data Retention

Train2 retains personal information only for as long as necessary.

Employment Applications

CVs and supporting information are normally retained for:

3 months following application

General Customer Records

Physical and electronic records are normally retained for:

3 years following the last contact

Longer retention periods may apply where required for legal claims or statutory obligations.

Data Security

Train2 takes reasonable steps to protect personal information through:

Secure systems and servers Controlled access procedures Security monitoring Password protection Appropriate organisational and technical safeguards

While every effort is made to secure information, no internet transmission can be guaranteed to be completely secure.

Your Rights

Individuals have the following rights under GDPR:

Right to Be Informed

To understand how personal data is collected and used.

Right of Access

To request a copy of personal information held by Train2.

Right to Rectification

To request correction of inaccurate or incomplete information.

Right to Erasure

To request deletion of personal information where appropriate.

Right to Data Portability

To receive personal data in a structured, commonly used and machine-readable format.

Right to Object to Direct Marketing

To stop receiving marketing communications at any time.

Right to Object to Legitimate Interest Processing

To object where processing is based on legitimate interests.

Right to Restrict Processing

To request limitations on how personal data is processed.

Rights Relating to Automated Decision-Making and Profiling

Train2 does not use automated decision-making that produces legal or similarly significant effects on individuals.

Changes to This Policy

This policy may be updated periodically.

Any changes will be published on our website and, where appropriate, communicated directly to affected individuals.

Complaints

If you have concerns about how your personal data has been collected or used, please contact us first so that we can attempt to resolve the issue.

Contact Details

Train2 10 Park Avenue New Earswick York YO32 4DB

Email: info@train2.org

Monitoring and Review

This policy and associated procedures are reviewed annually to ensure they remain fit for purpose and compliant with current data protection legislation.

Version: V6 Last Updated: 11 December 2025