Privacy Policy
Last updated: March 2026
1. Who We Are
Abertay Training Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are a UK-registered training provider (Company Reg No: SC508923, VAT Reg No: 230 3977 16).
| Registered address | Abertay Training Ltd, Scotland, United Kingdom |
| info@abertaytraining.co.uk | |
| Telephone | 0333 500 5000 |
| ICO Registration | Registered with the Information Commissioner's Office (ICO) |
2. What Personal Data We Collect
We collect and process the following categories of personal data depending on how you interact with us:
| Category | Examples | How collected |
|---|---|---|
| Identity data | First name, last name | Booking form, contact form |
| Contact data | Email address, phone number, postal address | Booking form, contact form |
| Financial data | Payment card details (processed securely via payment gateway — not stored by us) | Payment at booking |
| Transaction data | Course bookings, invoices, payment history | Booking system |
| Technical data | IP address, browser type, pages visited, time on site | Automatically via cookies and analytics |
| Communications data | Enquiry messages, email correspondence | Contact form, email |
| Marketing preferences | Newsletter opt-in status | Booking form, newsletter sign-up |
We do not collect any special category data (such as health, race, religion or biometric data) unless you voluntarily provide it (for example, dietary or accessibility requirements when booking a course), in which case we process it only to fulfil your booking.
3. How We Use Your Personal Data
We process your personal data only where we have a lawful basis to do so under UK GDPR Article 6. The table below sets out our purposes and the corresponding lawful basis.
| Purpose | Lawful basis |
|---|---|
| Processing and managing your course booking | Performance of a contract (Art. 6(1)(b)) |
| Sending booking confirmations and joining instructions | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and issuing invoices | Performance of a contract (Art. 6(1)(b)) |
| Responding to your enquiries | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing communications (newsletter) | Consent (Art. 6(1)(a)) — you may withdraw at any time |
| Maintaining financial and booking records | Legal obligation (Art. 6(1)(c)) — HMRC requirements |
| Improving our website and services | Legitimate interests (Art. 6(1)(f)) |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
4. Who We Share Your Data With
We do not sell or rent your personal data to third parties. We may share your data with trusted third-party service providers who process data on our behalf, under strict data processing agreements:
| Recipient | Purpose | Location |
|---|---|---|
| Payment processor (SagePay / Opayo) | Secure card payment processing | UK |
| Xero | Accounting and invoice management | New Zealand / UK data centres |
| Email service provider | Sending booking confirmations and newsletters | UK / EEA |
| Website hosting provider | Hosting and operating our website | UK / EEA |
| Regulatory authorities | Where required by law (e.g. HMRC, ICO, police) | UK |
Where we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V, such as adequacy decisions or standard contractual clauses.
5. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.
| Data type | Retention period | Reason |
|---|---|---|
| Booking and financial records | 7 years from end of tax year | HMRC legal requirement |
| Course completion records / certificates | 3 years (certificate validity period) | Certification renewal tracking |
| Contact enquiries | 2 years from last contact | Legitimate interests |
| Marketing preferences | Until you unsubscribe or withdraw consent | Consent-based |
| Website analytics data | 26 months | Standard analytics retention |
6. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Right of access | Request a copy of the personal data we hold about you (Subject Access Request) |
| Right to rectification | Ask us to correct inaccurate or incomplete data |
| Right to erasure | Ask us to delete your data where there is no compelling reason to continue processing it |
| Right to restrict processing | Ask us to pause processing of your data in certain circumstances |
| Right to data portability | Receive your data in a structured, machine-readable format |
| Right to object | Object to processing based on legitimate interests or for direct marketing |
| Right to withdraw consent | Withdraw consent at any time where processing is consent-based (e.g. marketing emails) |
To exercise any of these rights, please contact us at info@abertaytraining.co.uk. We will respond within one calendar month as required by UK GDPR. We may need to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
7. Cookies
Our website uses cookies to improve your experience and to analyse website traffic. For full details of the cookies we use and how to manage them, please see our Cookie Policy.
8. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These measures include SSL/TLS encryption for data in transit, secure server infrastructure, access controls, and regular security reviews. Payment card data is processed directly by our PCI DSS-compliant payment processor and is never stored on our systems.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "last updated" date. Where changes are significant, we will notify you by email or by a prominent notice on our website.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Abertay Training Ltd
Email: info@abertaytraining.co.uk
Telephone: 0333 500 5000
Data Controller registered with the Information Commissioner's Office (ICO), United Kingdom.