TrainKit← Back to Login

Privacy Policy

Last updated: 7 February 2025

1. Introduction

TrainKit ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the TrainKit platform at trainkit.co.uk and associated subdomains, including the student portal and training centre websites.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

TrainKit acts as a data processor on behalf of training centres (the data controllers) who use our platform. When you book a course or create a student account, the training centre you are booking with is the data controller for your personal data. TrainKit processes this data on their behalf to provide the platform services.

For data that TrainKit collects directly (such as website analytics and platform account data), TrainKit is the data controller. You can contact us at support@trainkit.co.uk.

3. What Data We Collect

We may collect the following personal data:

Information you provide

  • Contact details: Name, email address, phone number, postal address
  • Booking information: Course selections, session preferences, special requirements
  • Account credentials: Email address and password (passwords are securely hashed)
  • Payment information: Payment card details are collected and processed directly by Stripe — we do not store your full card details on our servers
  • Communication data: Messages sent through contact forms or email

Information collected automatically

  • Device information: Browser type, operating system, screen resolution
  • Usage data: Pages visited, time spent on pages, click patterns
  • IP address: Used for security purposes and approximate location
  • Cookies: Session cookies for authentication and preferences (see Section 8)

Information from training centres

  • Certification data: Course completion records, certificate details, expiry dates
  • Attendance records: Session attendance and completion status

4. How We Use Your Data

We use your personal data to:

  • Process course bookings and payments
  • Create and manage your student account
  • Provide access to your certifications and booking history
  • Send booking confirmations and course reminders via email
  • Send certification renewal reminders before expiry dates
  • Respond to your enquiries and provide customer support
  • Improve and maintain the platform
  • Comply with legal obligations

5. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract: Processing necessary to fulfil your booking and provide our services
  • Legitimate interests: Improving our platform, preventing fraud, and ensuring security
  • Consent: Where you have given specific consent, such as for marketing communications
  • Legal obligation: Where we are required to process data by law

6. Who We Share Your Data With

We may share your personal data with:

  • Training centres: The training centre you have booked with receives your booking details, contact information, and attendance/certification records
  • Stripe: Our payment processor, who handles all card transactions securely. Stripe's privacy policy is available at stripe.com/privacy
  • Email service providers: To send transactional emails such as booking confirmations and certification reminders
  • Hosting providers: Our platform is hosted on secure cloud infrastructure

We do not sell your personal data to third parties. We do not share your data with third parties for their marketing purposes.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services and maintain your account
  • Keep records of certifications (which may need to be retained for the lifetime of the certification plus a reasonable period)
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements

Booking and payment records are retained for a minimum of 6 years in line with HMRC requirements. You can request deletion of your account at any time (see Section 9).

8. Cookies

We use the following types of cookies:

  • Essential cookies: Required for the platform to function, including authentication cookies that keep you logged in to the student portal
  • Functional cookies: Remember your preferences and settings

Essential cookies cannot be disabled as they are necessary for the platform to work. By using the platform, you consent to the use of essential cookies.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Restriction: Request that we limit how we use your data
  • Portability: Request your data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at support@trainkit.co.uk. We will respond to your request within one month.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit using HTTPS/TLS
  • Secure password hashing (passwords are never stored in plain text)
  • Payment card data handled exclusively by Stripe (PCI DSS compliant)
  • Regular security reviews and updates
  • Access controls limiting who can view personal data

11. International Transfers

Your data may be processed by service providers located outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO), to protect your data.

12. Children's Privacy

The TrainKit platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

Phone: 0303 123 1113

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@trainkit.co.uk

Powered by TrainKit