top of page

Privacy Policy

The Privacy Centre Ltd Customer privacy notice 

The Privacy Centre Ltd (“TPC”, “we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our website and services. 

This privacy notice tells you what to expect us to do with your personal information. 

1. Contact Details 

The Privacy Centre Ltd is incorporated and registered in England & Wales (Company Number: 15301998). 
Registered Address: 31 Rooksmead, Bedford, MK41 7QX. 
Contact: info@theprivacycentre.co.uk 

 

2. What Information We Collect, Use and Why 

We collect or use the following information to ensure the best customer experience when booking on one of our training courses, enrolling in one of our networks or purchasing any of our other products.

 

To deliver our training and related services, we may collect and use the following information:

  • Names and contact details – so we can register you for courses, send joining instructions, and keep in touch about your training.

  • Addresses (work or home) – to issue invoices, receipts or certificates. You can choose which address you prefer us to use.

  • Occupation – to ensure you are enrolled on the right course for your role and level of responsibility.

  • Payment details (card or bank information) – to process payments, transfers, or direct debits securely.

  • Transaction data – records of payments you make and the courses, products, or services you purchase.

  • Usage data – information on how you use our website, products, and services, which helps us improve your experience.

  • Compliments, testimonials, or complaints – so we can respond appropriately and use positive feedback (with your consent) to promote our services.

  • Video recordings – occasionally used for quality assurance and staff training purposes.

  • Website user information – such as cookies or analytics data to understand site performance and user interaction.

  • We may also collect certain special category information where relevant to your training needs. Because this information is more sensitive, we only ask for it when necessary and handle it with additional care:

  • Dietary requirements – if we are hosting a face-to-face event where catering is provided.

  • Accessibility needs – to make sure the training environment and materials are suitable and inclusive for you.

​3. Publically available sources  we use

We sometimes collect limited business-contact information about you from publicly available sources where you have made your details available for professional purposes. This may include:

  • Professional networking sites (e.g., LinkedIn)

  • Official registers (e.g., Companies House, ICO fee-payer register)

  • Your organisation’s website, event speaker pages and conference programmes

  • Trade/professional directories and press releases

What we collect: name, role/title, employer, work email/phone, work address, and context such as team/department and areas of professional responsibility. We do not intentionally collect special category data from these sources.


Why we collect it: to identify and contact relevant professionals about our services (including training), manage or develop a B2B relationship, verify organisational details, and maintain accurate suppression lists for opt-outs. 


Our legal basis (UK GDPR) and PECR
For this activity we rely on Legitimate Interests (UK GDPR Art. 6(1)(f)) to conduct proportionate B2B outreach and relationship management. Individuals have an absolute right to object to direct marketing at any time, and we will honour that immediately. Every message includes an easy opt-out. 


If we contact you by electronic mail (e.g., email, LinkedIn InMail), we also follow PECR. Where messages are sent to corporate subscribers (e.g., work addresses), consent is not required under PECR, but we still include sender identification and a clear opt-out in each message. For individual/sole-trader addresses we will only email where PECR allows (e.g., valid consent or soft opt-in, as applicable). 


Transparency when we didn’t get your data from you (Article 14)
When we collect your details from public sources, we will tell you who we are, what we use your data for, our lawful basis, your rights (including the right to object to marketing), and how to exercise them—either at the time of first contact or within a reasonable period. 


How we keep this fair
We take steps to ensure fairness and respect your expectations. In particular, we:
Keep to professional context only; messages are targeted to your role and sector.
Use corporate/work contact points where available and avoid personal addresses for marketing.


Provide one-click or single-step opt-out in every message and maintain a suppression list to ensure you’re not contacted again.


Do not scrape at scale or circumvent platform terms; we respect platform privacy settings.


Do not profile in a way that produces legal or similarly significant effects, and we do not use special category data for marketing.


Review and refresh public-source data periodically; if not used, we delete it after a set period. 


LIA (Legitimate Interests Assessment) — summary

Purpose test: Grow and service B2B relationships; provide role-relevant training and services; maintain accurate contact and suppression records.


Necessity test: Public professional sources are a proportionate way to find relevant contacts where consent-based channels are impractical for initial B2B introductions. Alternatives (cold calling or generic post) are less targeted and more intrusive.


Balancing test: Low intrusion (professional context, minimal data); strong safeguards (clear opt-out, suppression, relevance filters, platform-respecting collection); reasonable expectations where details are published for work purposes. Individuals have an absolute right to object to direct marketing and can do so at any time. Overall, the impact is limited and outweighed by the legitimate interest. 
Safeguards: One-click unsubscribe; role-based targeting; no special category data; DPIA considered not required given low risk, but LIA reviewed at least annually or on material change.


Who we share data with:
We may use trusted processors (e.g., CRM, email delivery, analytics) under contract. They act only on our instructions and are not permitted to use your data for their own purposes.


International transfers:
Where transfers occur outside the UK/EEA, we use an appropriate safeguard (e.g., IDTA/SCCs) plus transfer risk assessment as required.


Retention:
Prospect contact data collected from public sources: up to 24 months from last interaction or immediately upon objection to marketing (kept only on a suppression list).
Suppression lists: retained indefinitely to respect opt-outs.

4. Lawful bases and data protection rights 

Under UK data protection law, we must have a lawful basis for collecting and using your personal information. The lawful basis we rely on depends on the purpose for which we use your information.

  • Providing training, products, and services – We use your information because it is necessary to enter into or carry out a contract with you. Most of your data protection rights will apply, except the right to object.

  • Operating client or customer accounts – We use your information on the basis of contract, for example to manage bookings, payments, and records. Most of your rights will apply, except the right to object.

  • Information updates and marketing – We only use your information for these purposes if we have your consent or we are able to rely on the soft opt in options. You have the right to opt out or withdraw your consent at any time. Just let us know.

  • Queries, complaints, or claims – We use your information on the basis of contract, as this is necessary for us to provide the service and respond appropriately. Most of your rights will apply, except the right to object.

  • Video recordings – We may use recordings for quality assurance and staff training on the basis of legitimate interests. If we wish to use recordings for promotional purposes, we will only do so with your consent.

  • Special category data (such as dietary or accessibility needs) – We may collect this information to make sure our events are inclusive and accessible. Our lawful basis under UK GDPR is consent, and under the Data Protection Act 2018 we rely on the condition of substantial public interest to meet our duties around equality and inclusion. This information is only used for the specific purpose you provide it for.

 

Your data protection rights

You have rights under UK data protection law. These include:

  • Right of access – to request copies of your personal information, and details of how we use it and who we share it with.

  • Right to rectification – to ask us to correct or complete information you believe is inaccurate or incomplete.

  • Right to erasure – to ask us to delete your information in certain circumstances.

  • Right to restrict processing – to ask us to limit how we use your information in certain circumstances.

  • Right to object – to object to the processing of your information in certain circumstances.

  • Right to data portability – to ask us to transfer the information you provided to you or to another organisation.

  • Right to withdraw consent – when we rely on consent as the lawful basis, you can withdraw this at any time.

 

Not all rights are absolute and we may have legal obligations that override some of these rights in some circumstances. But we will always explain this to you, whwre it is the case. 

If you make a request, we must respond without undue delay and within one month. To make a request, please contact us using the details at the top of this notice.

 

5.Where we get personal information from 

Directly from you 

Or your employer if they book you for a training course.  

6.How long we keep information 

We keep your personal information only for as long as it is necessary for the purposes we collected it. This includes meeting legal, accounting, or reporting requirements. When information is no longer needed, we securely delete it or anonymise it so it can no longer identify you.

For special category information (such as dietary or accessibility needs), we keep it only for as long as necessary to deliver the service you have requested.

 

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above. 

 

7.Who we share information with 

We do not sell your personal information. However, we sometimes share it with trusted third parties who provide services that help us run our business. These organisations act as data processors, which means they only use your information under our instructions and in line with the law.

Examples include:

  • Microsoft 365 – provides our email and document hosting environment.

  • QuickBooks – provides financial processing and invoicing services.

  • Wix – provides our website platform, hosting, and online booking system.

  • Hubken – provides our online learning management system for course delivery.

  • Brevo - email marketing

 

We also use other suppliers from time to time for IT support, payment processing, and marketing tools. When we do, we make sure they meet data protection requirements and keep your information safe.

Where possible, we ensure that personal information is stored and processed within the UK or the European Economic Area (EEA). If information is transferred outside these areas, we make sure suitable safeguards are in place.

 

8.How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO. 

 

The ICO’s address:            

Information Commissioner’s OfficeWycliffe HouseWater LaneWilmslowCheshireSK9 5AF 

Helpline number: 0303 123 1113 

Website: https://www.ico.org.uk/make-a-complaint 

bottom of page