We implement GDPR as follows

  • For requests to access any record we hold please eMail – we aim never to take longer than 7 days and target under 7 hours. The statutory limit is 1 month in most cases
    • Formats include plain text and csv or others by request if we have the capability
    • We will ask for verification of right to access before releasing information
    • Unfounded and excessive requests will be decided on a case by case basis
  • Right to be forgotten – We will forget your data or ask you for an extension – in line with legislated limits as amended by legislatures from time to time
  • Data is stored
    • On our learning platform ( – operated by solely to administer your access to training courses payments, access and participation
    • In our  web-based contact system (operated by solely for the purpose of outreach to you following your declaration of interest in our products
    • On our website ( if you have joined as a member or purchased a product via the ‘shop’
    • In our social media accounts (twitter & facebook) solely for the purposes of outbound messaging
    • On our office server solely to administer aspects of your use of our products such as exam bookings
      • Some server accessed storage is within’s One-Drive for business
    • On our Examining Institutes(  servers solely to facilitate your sitting examinations
    • On our VAT MOSS compliance operator – quaderno,com and our accountants Derek Napier and Co.
    • On payment platforms Natwest Bank, Paypal, Stripe
  • Procedures are not published outside the company but are freely available to all employees and positive affirmation is sought on each change of employee role or procedures used. Procedure use is audited to confirm compliance on an event basis and periodically
  • Privacy Impact Statement – Our data holdings may show whether a contact passed or failed an exam, was able to pay or was declined for a financial transaction by an intermediary, They may show a delivery address for books purchased in connection with training aims
    • We do not participate in data sharing activities
    • We do not hold data that benefits from anonymisation nor do we anonymise any
    • We hold all data privately and securely within the capabilities of the software and systems supplied to us and listed above
    • Our products do not contin content we consider requires screening contacts by age or any other factor
  • Our data protection staff are: Simon Harris  for all technical & policy elements, Lea Harris for access requests, complaints and concerns. We do not believe we operate ‘cross-boarded’ other than as may occur without visibility due to the nature of eCommerce however our lead data protection supervisor is the UK ICO

PECR – Privacy and Electronic Communications Regulations

  • We have marketing procedures and assigned responsibilities – available on request with sufficient reason
  • We operate B-2-B direct marketing
  • We operate B-2-C marketing through channels such as linked-in, google adwords, facebook etc
  • We operate direct marketing to opt-in members of our platforms
  • We reserve the right to apply soft-opt-in / legitimate interest tests to send outbound marketing
  • By policy commitment we will not use bought-in marketing lists
  • We identify ourselves and our purpose in all outbound communications)
  • All outbound communications include (working!) opt-out facilities