Book Training

Data Protection Policy

1. Introduction

4JH Ltd collects and uses personal data so that we can run our business and deliver training, assessment and related services. This includes working with learners, clients, awarding bodies, instructors, staff, subcontractors and suppliers.

We respect the privacy of all individuals whose personal data we hold. We are committed to keeping personal data secure and to complying with the UK General Data Protection Regulation and the Data Protection Act 2018.

This policy explains how we collect, use, store, share and protect personal data. It also explains the rights individuals have over their data and how to exercise those rights.

The principles of good data protection practice are central to the way 4JH works. We only collect the information we need, keep it secure, use it fairly and keep it for no longer than necessary.

The Data Controller for 4JH Ltd is James Hawkins, Director.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

Learners and Course Candidates

  • Name
  • Date of birth
  • Email address
  • Phone number
  • Employer details
  • Assessment and learning records
  • Attendance information
  • Required awarding body information

Staff, Instructors and Subcontractors

  • Identification and contact details
  • Right to work checks
  • Qualifications and certificates
  • Training records
  • Payment and invoice information

Clients and Suppliers

  • Contact details
  • Business information
  • Contractual information

Website Users

  • Basic cookie and navigation data
  • Enquiry form details

We only collect data that is relevant and necessary for the services we provide.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To register learners on courses
  • To deliver training, assessment and certification
  • To issue certificates and maintain qualification records
  • To meet awarding body and regulatory requirements
  • To manage bookings and communicate with learners and clients
  • To carry out internal quality assurance, investigations and appeals
  • To meet legal and contractual duties
  • To maintain financial and administrative records
  • To ensure safety and safeguarding of learners

We do not sell or trade personal data.

4. Lawful Bases for Processing

4JH must have a lawful basis for processing personal data. We rely on the following bases:

 

Contract
Processing required to deliver training, issue certificates or fulfil a service agreement.

 

Legal obligation
Processing required by law.

 

Legitimate interests
Processing required for the normal running of our business, provided it does not override the rights of individuals.

 

Consent
Used only when required, such as for marketing.

 

Vital interests
Used if required to protect someone’s life in an emergency.

 

The lawful basis for each activity is stated in our internal data mapping register.

5. Individual Rights

Under UK GDPR, individuals have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights relating to automated decision making and profiling

To exercise these rights, individuals should contact the Data Controller at [email protected]. We will respond within one month. We may ask for proof of identity before releasing data.

6. Sharing Personal Data

We may share personal data with:

  • Awarding bodies such as Qualsafe Awards, IOSH, City and Guilds or other accreditation bodies
  • Regulators and government authorities when required by law
  • IT and system providers who support our operations
  • Subcontracted instructors who deliver training on our behalf
  • Law enforcement agencies if required

All third parties must protect personal data and use it only for agreed purposes. Access is limited to those who have a genuine business need.

7. Data Security

4JH takes the security of personal data seriously. Measures include:

  • Secure password protection
  • Restricted access to data
  • Encrypted cloud systems
  • Regular software updates
  • Staff and instructor training
  • Secure storage of paper records
  • Regular internal reviews of data handling

We work to ensure confidentiality, integrity and availability of all personal data we hold.

8. Personal Data Breaches

A personal data breach may include loss, theft, unauthorised access or accidental disclosure of personal data.

If a breach occurs:

  • We will investigate immediately
  • We will record the breach in our breach register
  • We will report to the Information Commissioner’s Office within 72 hours if required
  • We will notify affected individuals when there is a risk to their rights or freedoms
  • We will take steps to prevent recurrence

9. Data Retention

We keep personal data only for as long as necessary.

Examples:

  • Training and certification records kept to allow issuing replacement certificates
  • Quality assurance, appeals and investigations kept for four years
  • Financial records kept for HMRC compliance
  • Staff and instructor records retained while employed or contracted

When data is no longer needed it is securely deleted or shredded.

10. Contact and Complaints

If you have any questions about this policy or would like to exercise your rights, contact:

Data Controller  

4JH Ltd  

136 Leigh Road  

Eastleigh  

Hampshire  

SO50 9DU  

Email: [email protected]  

If you are unhappy with how your data has been handled, you can contact the Information Commissioner’s Office at www.ico.org.uk.

11. Version Control

Version    Date          Changes Made                     Approved By

1.0         January 2025  Initial full rewrite             James Hawkins