GDPR Privacy Policy


In order to conduct its business activities, it is necessary for HRd Bristol to collect personal data of individuals.  These can include clients, delegates and students, suppliers, other people we have a relationship with or may need to contact.  This policy sets out how we collect, use and protect any information you give us when you use this website and/or our services.  

We are committed to safeguarding your privacy.  Should we ask you to provide certain information, you can be assured that it will only be used in accordance with this policy.  We may be required to update this policy from time to time in order to remain legal and compliant. You should check this page periodically to ensure that you are happy with any changes.

What personal data do we collect?

We may collect and process the following personal data: 

  • Name, company name and job title;
  • Contact information including telephone number and email address;
  • Business address and postcode;
  • Other information relevant to your enquiry or to enable us to fulfil a contract or terms & conditions;

if you: 

  • complete a form on our Website; 
  • complete a survey or an evaluation form
  • correspond with us by phone, e-mail, or in writing;
  • sign up to receive our communications;
  • enter into a contract with us to receive products and/or services, such as if you attend one of our courses.

If you visit our Website, we may automatically collect the following information:

  • technical information, including the internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit to our Website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Sensitive personal data

In certain limited cases, we may collect certain sensitive personal data from you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, physical or mental health, sexual life, or details of criminal offences, or genetic or biometric data). In exceptional circumstances, we may be provided with sensitive personal data, such as information about your health, to enable us to administer requests for reasonable adjustments, or sensitive personal data relating to an investigation, complaint, or appeal. However, we will only do so on the basis of your explicit consent.

How do we use your personal data?

We may use your personal data where this is necessary to pursue our legitimate interests as HR and Development Consultants and as a provider of training, assessment, and certification products and/or services, including to:

Clients and Potential Clients

We require this information to understand your needs and provide you with a better service and in particular, for the following reasons:

  • To provide ongoing customer service and maintain internal record keeping 
  • To enable contact by email or phone in relation to the enquiry you have made with us;
  • To periodically send update emails about information relevant to your enquiry.  

Delegates / Students

  • To provide you with information about products and/or services which may be of interest to you or for which you have registered;
  • undertake administration in relation to products and/or services for which you have registered;
  • To provide you with a certificate, credential or other record of learning;
  • To contact you directly in relation to our quality assurance processes, investigations, appeals, and complaints;
  • To contact you directly in relation to new and existing products, services, news, awards and events
  • To assess and provide reasonable adjustments in relation to your learning or assessment where requested.

We may also process your personal data if required by law, including to respond to requests by government or law enforcement authorities, or for the prevention of crime or fraud.

Who do we share your personal data with?

We may share your personal data with relevant third parties, where necessary, in relation to your learning, assessment, or certification, including:

  • regulatory authorities, sector skills councils, professional bodies, and similar industry bodies;
  • consortiums, authorised representatives, and partners; and
  • centres, providers, awarding bodies and similar third parties.

We may share your personal data with The Institute of Leadership & Management (TILM) to enable TILM to offer you student membership in relation to leadership and management. You can find out more about TILM at We may also share your personal data with third party providers including:

  • legal and other professional advisers, consultants, and professional experts;
  • service providers contracted to us in connection with provision of learning, assessment, and training products and services such as markers, moderators, assessors, certification or credentialing providers, IT services and customer relationship management services; and
  • analytics and search engine providers that assist us in the improvement and optimisation of our website.

We will ensure there is a contract in place with such third parties which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.

Where a third party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data is protected by appropriate safeguards, including the use of model data protection clauses adopted or approved by the relevant authority where the data protection authority does not believe that the country has adequate data protection laws. We may also share your personal data with members of the City & Guilds Group. 

We take all reasonable steps to protect your personal data. We limit access to your personal data to those who have a genuine business need to know it. We may also share personal data with law enforcement or other authorities if required by applicable law.

How long will we keep your personal data?

We will retain personal data relating to your learning, assessment, and certification to enable us to provide information about your learning or a replacement certificate.

We will retain personal data relating to our quality assurance processes, appeals, or investigations for a period of 7 years to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.

Where do we store your personal data and how is it protected?

We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights

Under the GDPR, you have various rights with respect to our use of your personal data:

Right to Access

You have the right to request a copy of the personal data that we hold about you by contacting us at the email address given below. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information, or if there is no basis for your request, or if it is excessive.

Right to rectification

We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.

Right to erasure

You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided below.

Right to object

In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.

Right to restrict processing

In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.

Right to data portability

In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request make such request, please contact us using the contact details provided below.

Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.


If you have any queries about this Policy, the way in which HRd Bristol processes personal data, or about exercising any of your rights, please contact


If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint the applicable supervisory authority or to seek a remedy through the courts. Please visit for more information on how to report a concern to the UK Information Commissioner’s Office.

Changes to our Policy

Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.