Privacy Policy

1. Purpose and scope

This Privacy Policy explains how Experienced Training Ltd ("we", "us", "our") collects, uses, stores, and protects personal data when delivering business-to-business training and consultancy services, and through our website https://experiencedtraining.co.uk.

2. Who we are (Data Controller)

Legal entity: Experienced Training Ltd

Company number: 12549529

Registered in: England and Wales

Registered office: 9 Windhill Crescent, Staincross, Barnsley, S75 5BN, United Kingdom

Email: chrisw@experiencedtraining.co.uk

3. Nature of our services

We provide facilitated training, workshops, consultancy, eLearning development, and learning materials for systems implementation and change programmes. Training is delivered on client premises or via client-controlled systems. We do not operate, manage, monitor, or administer client IT systems.

4. Our data protection role (Controller vs Processor)

Website enquiries / our marketing / our admin: we are usually the Data Controller.

Training delivery where your organisation provides delegate details: your organisation is usually the Data Controller and we act as a Data Processor (or service provider) for that limited information, following client instructions and applicable data protection law.

5. Personal data we collect

5.1 Data you provide to us

Name, job title, organisation; Email address and/or phone number; Enquiry content and messages; Booking/admin details; Feedback you choose to provide.

5.2 Data we may receive from a client organisation

Delegate name, business contact details, role/team information (where needed to deliver training); Attendance/participation records (where agreed).

5.3 Data collected automatically via the website

Technical data (IP address, device, browser type); Usage data (pages visited, interactions); Cookie and consent preferences.

6. How we use personal data

We use personal data to: respond to enquiries and provide requested information; arrange, deliver, and administer training/services; manage billing, invoicing, and contract administration; maintain website security and prevent fraud/abuse; improve the website and services; comply with legal obligations.

7. Lawful bases (UK GDPR)

We process personal data using: Contract (where processing is needed to provide services); Legitimate interests (to respond to B2B enquiries, run our business); Consent (for non-essential cookies); Legal obligation (for compliance duties).

You can withdraw consent at any time where processing is based on consent.

8. Cookies

We use cookies to support website functionality and (where enabled and consented) analyse usage. Cookie choices can be managed via the cookie banner / Cookie Settings on the website, and your browser/device settings. See our Cookie Policy for details.

9. Sharing personal data

We only share personal data where necessary, for example with: website hosting providers; email and productivity tools; cookie consent management provider; analytics providers (only if consented); professional advisers; regulators/authorities where required by law.

We do not sell personal data.

10. International data transfers

If personal data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place.

11. Security measures

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

12. Data retention

We retain personal data only as long as necessary. Standard retention periods: Contact form submissions (up to 24 months); Client training records (6 years); Website analytics (up to 26 months); Marketing communications (until unsubscribe); Financial records (6 years).

After these periods, data is securely deleted or anonymised.

13. Your rights (UK GDPR)

You have rights including: access to your data; rectification; erasure; restriction or objection to processing; data portability; withdrawal of consent.

To exercise your rights, contact us using the details in section 2.

14. No ongoing control or monitoring

We do not retain access to client systems after training delivery and do not monitor system usage post-training.

15. Client equipment and environment

Training is delivered using client-provided equipment, accounts, software, and network access unless otherwise agreed. We are not responsible for client hardware failures, software defects, network issues, data loss, malware, or misconfiguration of client systems.

16. Regulated environments

Where training is delivered within regulated environments (including NHS, defence-adjacent, banking, or government bodies), responsibility for compliance with internal policies and statutory obligations remains with the client organisation.

17. Children's data

Our services and website are not intended for children under 16. We do not knowingly collect personal data from children.

18. Complaints

If you have concerns about how we handle personal data, contact us first using the details in section 2. You also have the right to complain to the UK Information Commissioner's Office (ICO).

19. Updates to this policy

We may update this Privacy Policy from time to time. Changes will be posted, and the "Last updated" date will reflect the current version.