top of page

GDPR & Data Protection Policy

How First-Training Handles and Processes Data

We take the privacy of your personal data seriously and handle your information in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws. This policy outlines how First-Training collects, processes, stores, and protects your personal information.

By providing us with your data, you confirm that you are over 13 years of age. If you are under 13, we require signed parental consent before processing your data.

1. Data Controller

First-Training is the Data Controller responsible for the collection, processing, and security of your personal data.

For any questions regarding this policy, please contact us at:
📧 info@first-training.co.uk

2. What Data We Collect and Why We Collect It

We may process the following categories of personal data:

A. Communication Data

  • Includes emails, contact forms, text messages, social media interactions, and any communication you send us.

  • Purpose: To communicate with you, maintain records, and establish or defend legal claims.

  • Lawful Basis: Legitimate Interest (ensuring effective communication and record-keeping).

B. Customer Data

  • Includes name, title, contact details, payment details, and course purchase history.

  • Purpose: To provide our services, process payments, and keep accurate records.

  • Lawful Basis: Legitimate Interest (delivering services and maintaining financial records).

C. Course & Certification Data

  • Includes full name, Date of Birth (for regulated qualifications), course details, and certification records.

  • Purpose: To issue certificates, maintain training records, and comply with regulatory requirements.

  • Lawful Basis: Legitimate Interest (ensuring compliance with training regulations).

D. Technical & Website Usage Data

  • Includes IP address, browser type, session duration, pages visited, and interaction with our website.

  • Purpose: To improve website functionality, enhance security, and analyse user interactions.

  • Lawful Basis: Legitimate Interest (improving our online services and user experience).

E. Marketing Data

  • Includes preferences for receiving marketing communications and training updates.

  • Purpose: To provide relevant course updates, promotions, and industry news.

  • Lawful Basis: Legitimate Interest (growing our business and providing relevant content).

  • Opt-Out: You may unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in our emails.

F. Sensitive Data

  • Includes health-related information where reasonable adjustments are required for training.

  • Purpose: To ensure your safety during practical training exercises.

  • Lawful Basis: Explicit Consent (you will need to sign an additional consent form).

3. How We Collect Your Data

We collect data through the following methods:

  • Directly from you – when you book a course, contact us, or submit a form on our website.

  • From third parties – including your employer, training providers, or awarding bodies.

  • Website analytics – using cookies and tracking technologies.

4. How We Use Your Data

We will only use your personal data for the purposes it was collected or a legitimate and compatible reason. If we need to use your data for a new purpose, we will notify you and explain the legal basis.

We may use Customer Data, User Data, Technical Data, and Marketing Data to:

  • Improve our website

  • Deliver targeted ads (Facebook, Google)

  • Send promotional emails (with your consent)

If you wish to opt-out, email us at info@first-training.co.uk or click the “unsubscribe” link in any marketing email.

5. Who We Share Your Data With

We only share your data when necessary, and we ensure that all third parties comply with GDPR standards.

We may share your data with:

  • Nuco Training & First Aid Awards – our awarding body for certification processing.

  • Regulatory bodies – for compliance and certification verification.

  • IT service providers – who maintain our website and training systems.

  • Payment providers – for secure payment processing.

  • Legal authorities – if required by law or for dispute resolution.

We do not sell or share personal data for third-party marketing.

6. Data Retention & Storage

We only keep your personal data for as long as necessary, based on legal and regulatory requirements:

Data TypeRetention Period

Course & Certification Data3 years (qualification duration)

Payment Records6 years (for tax compliance)

Website Analytics Data2 years (for trend analysis)

Marketing PreferencesUntil you opt-out

After this period, data is securely deleted or anonymised for statistical purposes.

7. Data Security

We implement technical and organisational measures to keep your data secure, including:

  • Encrypted storage for sensitive data.

  • Restricted access to personal information.

  • Regular cybersecurity audits.

  • Secure backups of training records.

In the event of a data breach, we will notify affected individuals and the ICO within 72 hours, as required by law.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  1. Access – Request a copy of your data.

  2. Correction – Update inaccurate or incomplete data.

  3. Erasure – Request deletion of your data (where applicable).

  4. Restriction – Limit how we process your data.

  5. Objection – Stop us from using your data for marketing.

  6. Portability – Request a transfer of your data.

To exercise your rights, email info@first-training.co.uk.

We aim to respond to all requests within one month. If your request is complex, we may extend this by an additional two months but will notify you accordingly.

If you are not satisfied with how we handle your data, you can lodge a complaint with the Information Commissioner’s Office (ICO):
🌐 www.ico.org.uk

9. Third-Party Links & Cookies

Our website may include links to external sites. Clicking on those links may allow third parties to collect data. We do not control third-party sites and recommend reading their privacy policies.

We also use cookies to improve our website experience. You can adjust your cookie settings in your browser.

For more details, see our Cookie Policy.

10. Policy Updates

We may update this GDPR & Data Protection Policy periodically. The latest version will always be available on our website.

📅 Last Updated: [Insert Date]

For any privacy-related concerns, contact us at:
📧 info@first-training.co.uk

✅ First-Training is committed to protecting your privacy and ensuring compliance with GDPR.

bottom of page