Creative Consulting and Training Ltd trading as Training Creatively

Version 2.0 | Last updated: 21 May 2026

1. About this Privacy Notice

Creative Consulting and Training Ltd trading as Training Creatively (“Training Creatively”, “we”, “us” or “our”) is committed to protecting personal data and handling it lawfully, fairly and transparently.

This Privacy Notice explains how we collect, use, store, share and protect personal data when you visit our website, enquire about or purchase our services, attend our courses, sit examinations, use our learning platforms, communicate with us, apply for a role, or otherwise interact with us.

This notice is designed to meet the transparency requirements of the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and, where relevant, the Privacy and Electronic Communications Regulations (“PECR”).

2. Who we are

3. Personal data we collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

• Identity and contact data: full name, job title, employer, postal address, email address, telephone number and account details.
• Booking and learner data: course registrations, attendance records, learner progress, course completion, certificate records, examination details, candidate numbers and reasonable adjustment requests where applicable.
• Payment and transaction data: billing contact details, purchase history, invoices, payment status and records required for accounting. We do not intentionally store full card details where payments are processed by third-party payment providers.
• Professional and education data: role, organisation, training needs, qualifications, employment history and information supplied for recruitment, examination or training administration.
• Communication data: enquiries, emails, live chat messages, feedback forms, survey responses, complaints, support requests and preferences.
• Marketing data: marketing preferences, event registrations, webinar attendance, campaign engagement and unsubscribe records.
• Technical and usage data: IP address, browser type, device information, operating system, referring pages, pages visited, time spent on pages, cookie identifiers and analytics information.
• Recruitment data: CVs, covering letters, interview notes, references, right-to-work information and related recruitment records.
• Compliance and security data: fraud-prevention checks, audit logs, access records and information needed to protect our systems, learners, customers and business.

We may also process special category data only where necessary and lawful, for example where a learner requests reasonable adjustments, accessibility support, dietary information for an event, or where health-related information is voluntarily provided for training delivery or safeguarding purposes. We will apply additional safeguards to this data.

4. How we collect personal data

• Directly from you when you complete forms, create an account, book a course, make an enquiry, attend training, contact support, use live chat, complete a survey, enter a promotion, attend an event or apply for a role.
• From your employer, sponsor, training coordinator, procurement team or another organisation that books training or examinations on your behalf.
• From awarding bodies, examination institutes, accreditation bodies, proctoring providers, digital badge providers and learning platform providers involved in delivering or verifying your training or certification.
• Automatically through our website, learning platforms, cookies, analytics tools, security logs and similar technologies.
• From business partners, resellers, public sources, professional networking platforms or event organisers where there is a lawful basis to use the information.

5. Why we use personal data and our lawful bases

We only process personal data where we have a lawful basis. The table below summarises the main purposes for which we process data and the lawful bases we rely on.

6. Marketing communications

We may contact you with information about courses, events, webinars, resources and services that may be relevant to you or your organisation. We will do this in accordance with UK GDPR and PECR.

• You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us at info@trainingcreatively.com.
• We maintain suppression records to ensure we respect opt-out requests.
• Where we rely on legitimate interests for B2B marketing, we consider whether the communication is relevant, proportionate and reasonably expected.
• We do not sell personal data to third parties.

7. Cookies, analytics and similar technologies

Our website and online platforms may use cookies, pixels, scripts and similar technologies. Some are strictly necessary for the website or platform to function. Others, such as analytics, advertising or performance cookies, will only be used where the required consent has been obtained.

We may use tools such as Google Analytics, Google Ads, embedded media providers and similar services to understand website performance, improve user experience and assess marketing effectiveness. Where these tools collect personal data, we will process it in accordance with this Privacy Notice and applicable cookie rules.

• Essential cookies: required for security, network management, accessibility, session management and core website or platform functionality.
• Analytics cookies: help us understand how visitors use our website and improve content and navigation.
• Marketing cookies: may help us measure campaigns and present relevant content, where used and consented to.
• Embedded content cookies: third-party content such as videos may place cookies controlled by the relevant third party.

You can manage cookie preferences through our cookie banner or browser settings. Blocking some cookies may affect website or platform functionality.

8. Live chat, webinars and online training

Where we provide live chat, webinars, virtual classrooms or online learning, we may process information such as your name, phone number, email address, organisation, candidate number, browser, operating system, page URL, local time, approximate location, chat messages, attendance, participation, questions, feedback and agent ratings.

We use this information to provide support, deliver training, improve services, maintain records, troubleshoot technical issues and protect our systems. Where sessions are recorded, we will make this clear where reasonably practicable and will restrict access to authorised individuals.

9. Who we share personal data with

We only share personal data where necessary and lawful. Recipients may include:

• Awarding bodies, examination institutes, accreditation bodies and certificate verification providers.
• Learning management system, virtual classroom, webinar, live chat, customer support and digital badge providers.
• Payment processors, finance systems, banks, accountants and auditors.
• Cloud hosting, IT support, cybersecurity, analytics, CRM, email marketing and document management providers.
• Employers, sponsors, training coordinators or organisations that book training or examinations on your behalf.
• Professional advisers, insurers, regulators, law enforcement, courts or public authorities where required or permitted by law.
• Business partners, resellers or subcontractors where necessary to provide services you or your organisation requested.
• A purchaser or prospective purchaser if our business or assets are sold, transferred or reorganised, subject to appropriate confidentiality safeguards.

Where third parties process personal data on our behalf, we require them to process it only on our instructions, apply appropriate security measures and use it only for the agreed purpose unless the law requires otherwise.

10. International transfers

We aim to store and process personal data in the United Kingdom or European Economic Area where practical. Some service providers, awarding bodies, examination institutes, digital badge providers, online proctoring providers, cloud providers or support teams may process personal data outside the UK or EEA.

Where we make a restricted international transfer, we will use appropriate safeguards under UK GDPR, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism. We no longer rely on the invalidated EU-US Privacy Shield as a transfer mechanism.

11. How we protect personal data

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include:

• access controls and role-based permissions;
• multi-factor authentication where appropriate;
• secure cloud services and contractual controls for suppliers;
• encryption or secure transmission where appropriate;
• confidentiality obligations for staff and contractors;
• backup, recovery and business continuity arrangements;
• monitoring, logging and incident management procedures;
• secure disposal and retention controls;
• periodic review of systems, suppliers and data protection practices.

No system is completely secure. If we identify a personal data breach that creates a risk to individuals, we will assess it and notify affected individuals and/or the Information Commissioner’s Office where required by law.

12. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this notice, including legal, regulatory, contractual, accreditation, accounting, audit and legitimate business purposes. Typical retention periods are set out below.

13. Your data protection rights

Subject to legal conditions and exemptions, you may have the following rights:

• The right to be informed about how your personal data is used.
• The right of access to your personal data.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure where there is no lawful reason for us to continue processing the data.
• The right to restrict processing in certain circumstances.
• The right to data portability where processing is based on consent or contract and carried out by automated means.
• The right to object to processing based on legitimate interests or direct marketing.
• The right to withdraw consent at any time where we rely on consent.
• The right not to be subject to solely automated decisions that have legal or similarly significant effects, unless permitted by law.

To exercise your rights, contact our Data Protection Manager at info@trainingcreatively.com. We may need to verify your identity before responding. We will respond within the timeframe required by law.

14. Automated decision-making and profiling

We do not currently make decisions about individuals based solely on automated processing that produce legal or similarly significant effects. We may use limited profiling or segmentation for marketing, service improvement or learner support, but you can object to direct marketing at any time.

15. Children and young people

Our services are primarily intended for adult learners, professionals, employers and organisations. We do not knowingly target children with marketing. If we process personal data relating to a child or young person, for example in connection with an organisational booking, apprenticeship, education programme or safeguarding matter, we will do so only where lawful and with appropriate safeguards.

16. If you do not provide personal data

Where personal data is required to provide a service, register you for a course or examination, verify certification, process payment, comply with law or enter into a contract, we may be unable to provide the relevant service if the required information is not supplied.

17. Links to other websites and third-party services

Our website, emails, platforms and learning materials may contain links to third-party websites, platforms or embedded services. We are not responsible for the privacy practices of third parties. You should read their privacy notices before providing personal data to them.

18. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the matter.

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection. Website: ico.org.uk. Telephone: 0303 123 1113.

19. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect legal, regulatory, operational or service changes. The latest version will be made available on our website. Where changes are significant, we will take appropriate steps to bring them to your attention.

20. Contact us

For questions about this Privacy Notice or how we handle personal data, please contact:

• Data Protection Manager
• Creative Consulting and Training Ltd trading as Training Creatively
• Suite 156, Rosden House, 372 Old Street, London, EC1V 9AU, United Kingdom
• Email: info@trainingcreatively.com
• Website: www.trainingcreatively.com
• /legal adviser before publication.