Privacy Notice

ABC GDPR Training is committed to protecting the privacy and security of your personal information. 

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).  It applies to all people that engage with our services and provide us with personal information.

ABC GDPR Training is a Data Controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.  We are registered with the Information Commissioner’s Office (ICO) and our registered address is The Cursitor Building, 38 Chancery Lane, London WC2A 1EN.

This notice applies to people that provide personal information to ABC, for those using our website seeking training services, including purchasing a product, or for marketing purposes. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.   

Our website address is:

Data protection principles:

We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes. 
  • Relevant to the purposes we have told you about and limited only to those purposes. 
  • Accurate and kept up to date. 
  • Kept only as long as necessary for the purposes we have told you about. 
  • Kept securely

The kind of information we hold about you:

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, store, and use the following categories of personal information about you:

  • Name
  • Address
  • Telephone number
  • Email address
  • Personal account preferences
  • Transactional data ie. purchase information
  • Technical data ie. Cookies

How is your personal information collected?

We use different methods to collect data from and about you through interacting with us on or through our website:

  • Filling in Contact forms or by corresponding with us by post, phone, email or otherwise.
  • Applying for our products or services
  • Creating an on-line account on our website
  • Subscribing to our services or publications
  • Requesting marketing materials to be sent to you
  • Providing us with feedback – see Comments below
  • Cookies – see below

Contact Forms

When personal data is captured by the submission of an on-line Contact Form, we will keep this information for a certain period of time for customer services purposes.  This information will not be used for marketing purposes.


When visitors leave comments on our site, we collect data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment, the comment and its metadata are retained indefinitely.  This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


As you interact with our website we collect technical data known as cookies.  We use cookies to understand your preferences, trends and browsing actions.  Cookies are stored on your device by websites, apps and advertisements.  We may also receive technical data about you from third parties such as an analytic provider, eg. Google, Bing, outside the EU.  Please see our Cookie Policy for full details of the first and third party cookies used by our website and associated plugins, social media and analytic sites.


When your personal information is being used as part of your subscription to our educational content and for marketing purposes, we will collect your information at the point of subscription; either directly from our website or from social media sites such as Linked-in.

You may opt out of receiving marketing messages and emails at any time by contacting us directly or following the instructions in the message.

What is our lawful basis for processing your information?

Under GDPR we are only allowed to process your personal information if we have a lawful basis to do so. The ‘lawful bases’ identified in the GDPR are:

  • Consent of the data subject
  • Performance of a contract with the data subject or to take steps to enter into a contract
  • Compliance with a legal obligation
  • To protect the vital interests of a data subject or another person
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Legitimate interests include:

  • Where the data subject is a client or in the service of the controller;
  • Transmission within a group of undertakings for internal administrative purposes;
  • Processing necessary to ensure network and information security, including preventing unauthorised access;
  • Processing for direct marketing purposes, or to prevent fraud; and
  • Reporting possible criminal acts or threats to public security.

Our ‘lawful bases’ which we may rely upon are Consent, Performance of a contract and Legitimate Interests.

Situations in which we will use your personal information:

When information is requested or provided it will be because we need it to perform our services and contract with you and to enable us to comply with legal obligations. 

Specific situations where we may use your personal information include:

  • Registering you as a new customer
  • Sending you information or content that is of specific interest to you
  • To process and deliver your order including the management of payments
  • To collect and recover any monies owed to us
  • For review and feedback services
  • Sending you information or content that is of specific interest to you
  • To make suggestions about services that may be of interest to you

Change of purpose:

We will only use your personal information for the purposes for which we collected it.  If we wish to use your information for a different purpose, we will contact you to gain your explicit consent.

Data sharing:

We may have to share your data with third parties, including third-party service providers and other entities in the group. We may transfer your personal information outside the EU.

We are satisfied that any personal data that is shared is fully protected and has the appropriate safeguards in place in accordance with GDPR.

Why might we share personal information with third parties?

We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?

Third parties include third-party service providers and other entities within our own group. The following activities are carried out by third-party service providers: administration and IT services.

The following providers process personal information on our behalf for the following reasons:

  • MailChimp marketing platform: provides mailing services, data may be processed in form of email addresses.
  • Dropbox: file hosting service

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

We will share your personal information with other entities in our group as part of our regular activities.

Your personal information will never be shared by third parties and the only uses will be those that allow us to carry out the services that you have agreed to.

Data security:

We have put in place measures to protect the security of your information. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention:

How long will you use my information for?

We will only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal information are available from us at your request.

To determine the appropriate retention period for personal data, we consider the amount, nature, sensitivity of the personal date, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy information in accordance with our data retention policy.

Rights of access, correction, erasure and restriction:

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

  • Under certain circumstances, by law you have the right to:
  • Request access to your personal information
  • Request correction of the personal information that we hold about you
  • Request erasure of your personal information 
  • Object to processing of your personal information 
  • Request the restriction of processing of your personal information 
  • Request the transfer of your personal information to another party 

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information please put your request to us in writing.

No fee usually required:

You will not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you:

We may need to request specific information from you to help us confirm your identity and ensure your right to access information. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent:

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for any specific purpose, you have the right to withdraw your consent for the specific processing at any time.

To withdraw your consent please contact us in writing. Once we have received your request your information will no longer be processed.

Data protection manager:

Our Data Protection Manager oversees compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Manager – Bill Conner at [email protected].

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

Changes to this privacy notice:

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.