The start point is we are a small business that follows a policy of ‘do the right stuff the right way
‘Right’ is a combination of our values (which we have no problem  understanding 🙂 and the law (which we try to understand and follow but seems subject to many local expectations and contradictions). The practical result of that is we’re happy to listen to your needs and do our best to achieve mutual satisfaction.

When we receive your contact details it is either to provide a service you’ve purchased or a give you access to an offer you have requested. In both cases we will keep your contact details as noted below and use them to advise you of our own product offerings until you unsubscribe. We may reach out to you on behalf of affiliates with relevant products. We won’t give them (or sell etc) your details and we will only ever reach out with products etc that are aligned to our interest in improving the practices of project, program and portfolio management.

We implement GDPR as follows

  • For requests to access any record we hold please eMail – we aim never to take longer than 7 days and target under 7 hours. The statutory limit is 1 month in most cases
    • Default formats include plain text and csv or others by request if we have the capability
    • We will ask you to prove who you are before releasing information – so we don’t give your info to someone who isn’t you.
    • Unfounded and excessive requests will be decided on a case by case basis
  • Right to be forgotten – We will forget your data in line with legislated limits as amended by legislatures from time to time.
    • You can ask us to ‘forget’ any time you want
  • Data is stored
    • On our learning platform ( – operated by solely to administer your access to training courses payments, access and participation
    • In our  web-based contact system (operated by and solely for the purpose of outreach to you following your declaration of interest in our products
    • On our website ( if you have joined as a member or purchased a product
    • In our social media accounts (eg twitter & facebook) solely for the purposes of dialogue or outbound messaging
    • On our office server solely to administer aspects of your use of our products such as exam bookings
      • Some server accessed storage is within’s One-Drive for business and
    • On our axelos mandated Examining Institute’s ( servers solely to facilitate your sitting examinations
    • On our VAT MOSS compliance operator – quaderno,com and our accountants Derek Napier and Co.
    • On payment platforms Paypal, Stripe and our UK bankers
  • Procedures are not published outside the company but are freely available to all employees and positive affirmation is sought on each change of employee role or procedures used. Procedure use is audited to confirm compliance on an event basis and periodically
  • Privacy Impact Statement – Our data holdings may show whether a contact passed or failed an exam, was able to pay or was declined for a financial transaction by an intermediary, They may show a delivery address for books purchased in connection with training aims
    • We do not participate in data sharing activities
    • We do not hold data that benefits from anonymisation nor do we gather and then anonymise any data
    • We hold all data privately and securely within the capabilities of the software and systems listed above
    • Our products do not contain content we consider requires screening contacts by age or any other factor
  • Our data protection staff are: Simon Harris  for all technical & policy elements, Lea Harris for access requests, complaints and concerns. We do not believe we operate ‘cross-boarded’ other than as may occur without visibility due to the nature of eCommerce however our lead data protection supervisor is the UK ICO

PECR – Privacy and Electronic Communications Regulations

  • We have marketing procedures and assigned responsibilities – available on request with sufficient reason
  • We operate B-2-B direct marketing
  • We operate B-2-C marketing through channels such as linked-in, google adwords, facebook etc
  • We operate direct marketing to opt-in members of our platforms
  • We reserve the right to apply soft-opt-in / legitimate interest tests to send outbound marketing
  • By policy commitment we will not use bought-in marketing lists
  • We identify ourselves and our purpose in all outbound communications
  • All outbound communications include (working!) opt-out facilities