Policy Owner: Stephanie Austin, Owner & Lead Trainer

Version: 2.2

Last Reviewed: June 2026

Next Review Due: January 2027 (or sooner if statutory guidance changes)

Applies To: All Prima Cura Training deliveries across the United Kingdom

1. Introduction

Prima Cura Training is committed to protecting and respecting the privacy of individuals whose personal data we process. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and the Data (Use and Access) Act 2025.

Prima Cura Training is the trading name of a UK sole trader. Prima Cura Training is not associated with Prima Cura Limited. For the purposes of UK data protection legislation, Prima Cura Training is the data controller responsible for the processing of personal data described in this policy.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Contact information: name, email address, telephone number, and postal address
  • Professional information: job title, employer, and organisation name
  • Training and certification records: course attendance, assessment outcomes, and certificates issued
  • Booking and financial information: course bookings, invoices, and payment records
  • Website usage data: IP address, browser type, pages visited, and time spent on our website (collected via cookies and analytics tools)
  • Communication records: emails, enquiry forms, and correspondence related to our services

3. How we collect personal data

We collect personal data through the following means:

  • Enquiry and booking forms on our website
  • Direct email and telephone contact
  • Course registration and sign-in sheets
  • Eventbrite, where used to manage event bookings
  • Google Analytics and Google Search Console, which collect anonymised website usage data
  • Correspondence during the delivery of training services

4. Legal basis for processing

We process personal data on the following legal bases under UK GDPR Article 6:

  • Contract performance (Article 6(1)(b)): processing necessary to deliver training courses, issue certificates, and manage bookings.
  • Legal obligation (Article 6(1)(c)): processing required to comply with applicable law, including financial record-keeping obligations under the Taxes Management Act 1970.
  • Legitimate interests (Article 6(1)(f)): processing carried out in pursuit of our legitimate business interests, including responding to enquiries, maintaining training records, improving our services, and marketing our services to existing and prospective clients. We have assessed these interests against the rights of individuals and are satisfied that processing does not override those rights.
  • Consent (Article 6(1)(a)): where we rely on consent, for example for certain types of electronic marketing communication, we will obtain consent separately and you may withdraw it at any time.

5. How we use personal data

We use personal data for the following purposes:

  • Responding to enquiries and providing information about our training services
  • Processing course bookings and managing delegate attendance
  • Delivering training, issuing certificates, and maintaining learner records
  • Sending booking confirmations, joining instructions, and post-course correspondence
  • Issuing and processing invoices and payments
  • Complying with accreditation body requirements and regulatory obligations
  • Improving our website and marketing our services
  • Maintaining records as required by law

6. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with applicable legal and accreditation requirements. Our standard retention periods are:

  • Enquiry and contact records: 12 months from the date of last contact
  • Learner training and certification records: 7 years from the date of training, in line with accreditation body requirements
  • Financial and invoicing records: 6 years from the end of the relevant financial year, in accordance with HMRC requirements

When data is no longer required, we will delete or destroy it securely.

7. Who we share personal data with

We do not sell, rent, or trade personal data. We may share data with the following third parties where necessary:

  • Accreditation and awarding bodies: where required to register learners, issue certificates, or verify qualifications.
  • Eventbrite: where used to manage course bookings. Eventbrite processes data in accordance with its own privacy policy, available at eventbrite.co.uk.
  • Google LLC: Google Analytics and Google Search Console are used to analyse website usage. Data collected is anonymised and governed by Google’s privacy policy.
  • IT and hosting providers: our website hosting provider processes data as a data processor on our behalf.
  • Professional advisors: including accountants and legal advisors, where necessary.
  • Regulatory authorities and law enforcement: where we are required to disclose information by law.

We do not transfer personal data outside the United Kingdom or the European Economic Area except where appropriate safeguards are in place.

8. Your data protection rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may ask us to delete your personal data where there is no lawful reason to continue processing it.
  • Right to restriction: you may ask us to restrict processing of your data in certain circumstances.
  • Right to data portability: where processing is based on consent or contract and is carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format.
  • Right to object: you have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing for that purpose immediately.
  • Rights relating to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the details in section 12. We will respond within one month of receiving your request. We will not charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.

9. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us understand how visitors use our website.

We use Google Analytics to collect anonymised information about website usage, including pages visited, time on site, and referral sources. This data helps us improve our website and services.

Most browsers allow you to refuse or delete cookies. Please refer to your browser’s help documentation for guidance. Disabling cookies may affect the functionality of some parts of our website.

For further information about cookies and how to manage them, visit www.ico.org.uk.

10. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include password-protected systems, secure email communication, and restricted access to personal data.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner’s Office (ICO) without undue delay and, where required, notify affected individuals.

While we take reasonable steps to protect your data, no transmission of data over the internet can be guaranteed to be entirely secure. You provide data to us at your own risk.

11. Data protection complaints

If you have a concern about how Prima Cura Training has handled your personal data, please contact us in the first instance. We are committed to resolving data protection complaints fairly and promptly.

To raise a complaint, please email: info@primacuratraining.co.uk

We will acknowledge your complaint within 30 days of receipt and will investigate and respond without undue delay. We will keep you informed throughout the process and notify you of the outcome.

If you are not satisfied with our response, or if we have not responded within a reasonable timeframe, you may then escalate your complaint to the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Contact details

For any questions regarding this Privacy Policy or to exercise your data protection rights, please contact:

Stephanie Austin, Data Controller

Prima Cura Training

Glen Avenue, Manchester, M9 4EE

Email: info@primacuratraining.co.uk

Telephone: 0333 999 8783

ICO Registration Number: ZA763319

13. Changes to this policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or business practices. The most current version will always be available on our website at primacuratraining.co.uk/privacy-policy/

Last updated: 9th June 2026