Data Protection Policy - RADD Training Limited

Introduction

RADD Training Limited holds and processes information about learners, corporate clients, staff, and other data subjects for administrative, approval and commercial purposes. When handling such information, RADD Training Limited and all colleagues who process or use any personal information must comply with the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how long we keep it, and the rights of individuals under UK GDPR.

This policy should be read alongside our Privacy Notice.

Data protection principles

We process personal data in line with the UK GDPR principles. In summary, personal data shall:

be processed lawfully, fairly and transparently
be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
be adequate, relevant and limited to what is necessary
be accurate and kept up to date
be kept for no longer than necessary
be processed securely
not be transferred outside the UK unless appropriate safeguards are in place

Lawful basis for processing

We process personal data under one or more lawful bases, including:

performance of a contract (e.g., delivering training and associated services)
legal obligation (e.g., record keeping and regulatory requirements)
legitimate interests (e.g., service improvement, fraud prevention, quality assurance)
consent (where required, particularly for certain special category data)

What data we hold and why

Learners

We hold learner personal data to administer training, assessment and certification. This may include:

name, date of birth and contact details
employer details (where applicable)
attendance, assessment and results records
certification details and candidate/learner identifiers
reasonable adjustment and special consideration information (where applicable)

We use learner data for purposes including:

awarding certifications and issuing certificates
providing relevant information to awarding bodies for the awards being studied for
accounting and billing
identifying the learner and maintaining accurate training/assessment records
administering reasonable adjustments and special considerations

Staff and contractors

Personal information is held to administer employment/engagement and provide a safe working environment. This may include:

payroll and accounting information
contact details for normal working and emergency/business continuity purposes
medical information where required to provide special consideration, facilities or assistance

This policy forms part of each employee’s or contractor’s terms and conditions of employment/engagement.

Sharing personal data

We may share learner personal data with awarding bodies and, where required, their regulators or sector skills bodies for purposes including:

administration in relation to registered qualifications
issuing certificates
contacting learners for assessment, quality assurance, or investigations into suspected malpractice/maladministration
administering reasonable adjustments and special considerations
statistical analysis and equal opportunities monitoring (anonymised where appropriate)

We will only share personal data where there is a lawful basis to do so and where it is necessary for the stated purpose.

Special category data (medical information)

In some instances it may be necessary to hold medical information relating to a learner or member of staff (e.g., where special considerations, examination adjustments, or workplace support is required). Medical information is special category data.

We will only collect and use special category data where necessary, will restrict access, and will rely on an appropriate UK GDPR condition (including explicit consent where required).

Where we rely on consent, it may be withdrawn at any time. Withdrawal will not affect processing already carried out, but it may affect our ability to provide adjustments/special considerations.

Security of personal data

We use appropriate technical and organisational measures to protect personal data, including (where appropriate):

access controls and role-based permissions
secure storage for paper records
password protection and secure account management
encryption where appropriate
secure disposal of records and devices

Further information about secure storage and retention is contained in our Documentation Retention and Secure Storage Policy.

Responsibilities

Data subjects (learners, staff and others)

All people on which information is held shall:

ensure that personal information provided to RADD Training Limited is accurate and up to date
inform RADD Training Limited of changes (e.g., address or contact details)
check information made available by RADD Training Limited and report any errors

Staff and contractors

Staff and contractors shall ensure that:

personal information is kept securely
personal information is not disclosed to any unauthorised third party
any unauthorised disclosure is treated seriously and may result in disciplinary action and/or legal proceedings

Where colleagues supervise learners doing work which involves the processing of personal information, they must ensure learners are aware of the data protection principles and handle personal data appropriately.

Personal data breaches

Any actual or suspected personal data breach (loss, unauthorised access, disclosure, or destruction) must be reported immediately to the designated data protection lead so it can be assessed, contained, and reported to the Information Commissioner’s Office (ICO) and/or affected individuals where required.

Individual rights

Under UK GDPR, individuals have rights in relation to their personal data, including:

the right of access (Subject Access Request)
the right to rectification
the right to erasure (in certain circumstances)
the right to restriction of processing
the right to object
the right to data portability (where applicable)
rights relating to automated decision-making and profiling (where applicable)

Subject Access Requests (SARs)

Individuals may request access to personal data held about them by submitting a request in writing to RADD Training Limited.

Subject Access Requests are normally free of charge. We may charge a reasonable fee or refuse a request only where it is manifestly unfounded or excessive, in line with UK GDPR.

We will respond within one month. This may be extended by up to two further months where requests are complex or numerous; if so, we will explain why.

Individuals also have the right to raise concerns with the Information Commissioner’s Office (ICO).

Approved By:	Chrisy McLeod – Division Director
Version:	v2
Issue date:	23/02/2026
Last Review:	23/02/2026
Review date:	22/02/2027

Document control

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookies on our site