Legal

Privacy policy

View our privacy policy below

Privacy policy

Privacy Policy

Last Updated: 11/01/2026 Version: 4.1

1. Introduction

International Workplace Limited ("We", "us", "our") is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.

For the purpose of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), the data controller is International Workplace Limited (Co. No. 05033133), 1-3 Church Plain, Wells-next-the-Sea, NR23 1EQ.

2. Lawful Bases for Processing

We process your personal data under the following legal bases:

  • Contractual Necessity: To fulfil our obligations under a contract with you (e.g., providing training services).
  • Legal Obligation: To comply with the law.
  • Legitimate Interests: For our business interests in improving our services and maintaining site security, provided these do not override your rights. Where you have purchased a service from us (or enquired about doing so), we may rely on Legitimate Interests to send you marketing communications about similar products or services (often referred to as a 'soft opt-in'). You have an absolute right to stop these at any time.
  • Consent: Where you have explicitly opted in to receive marketing communications. You have the right to withdraw consent for marketing communications at any time e.g. through an ‘unsubscribe’ link or by contacting our Information Governance Lead.

3. Information We Collect

We may collect and process the following data:

  • Information you give us: Your name, address, email, telephone number, job title, and organisation.
  • Special Category Data: For certain qualifications, we may collect your Date of Birth or Nationality. This is processed strictly for registration with awarding bodies and is handled with enhanced security.
  • Technical Information: Including IP addresses and browser types collected via automated site logs.

Marketing and the 'Soft Opt-in': We may use your contact details to provide updates on similar training services you have previously used. We will always provide a clear 'opt-out' at the point of collection and in every subsequent communication.

4. Cookies and PECR Compliance

Our website uses cookies to distinguish you from other users and improve your experience.

Under the Privacy and Electronic Communications Regulations (PECR), we categorise our cookies as follows:

  • Strictly Necessary Cookies: Essential for the website to function (e.g., login sessions). These do not require consent.
  • Analytical/Performance Cookies: Used to understand site usage (e.g., Google Analytics).
  • Marketing/Targeting Cookies: Used to deliver relevant advertisements.

We will only set non-essential cookies if you provide active consent via our cookie banner. You can withdraw this consent at any time through your browser settings.

5. International Data Transfers

The data we collect is primarily processed within the UK or the European Economic Area (EEA). Where we use sub-processors located outside the UK/EEA (such as Stripe or Google), we ensure they provide an adequate level of protection.

This is achieved through:

  • Adequacy Regulations: Transferring to countries approved by the UK government.
  • Standard Contractual Clauses (SCCs): Or the UK International Data Transfer Agreement (IDTA) to ensure your rights remain protected.

6. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of Access: To request a copy of the data we hold.
  • Right to Rectification: To correct inaccurate information.
  • Right to Erasure: The right to be 'forgotten' in specific circumstances.
  • Right to Object: To stop processing for direct marketing or where we rely on legitimate interests.
  • Right to Data Portability: To move your data to another provider.

To exercise these rights, please contact us at gdpr@internationalworkplace.com. We will respond within one month.

7. Disclosure of Your Information

We may share your information with:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
  • Third-Party Marketing Partners: Where you have provided explicit consent for us to do so, we may share your contact details with specific business partners so they can contact you about products or services that may interest you. We will never share your data for third-party marketing without your clear permission.
  • Accreditation bodies, such as IOSH and NEBOSH, who certify our training programmes.
  • Service Providers: Such as payment processors (Stripe), accounting software (Xero), and marketing applications (HubSpot).
  • Legal Authorities: If we are under a duty to disclose data to comply with a legal obligation.

8. Data Security and Retention

We use strict procedures and security features to prevent unauthorised access. If you have a password, you are responsible for keeping it confidential. We retain your data only as long as necessary for the purposes it was collected, as specified in our Information and Records Management Policy. If you close your account, we will remove personally identifiable information, though some data may be retained for legal or fraud prevention purposes.

9. Complaints

If you have a concern about our privacy practices, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.

10. Changes to this Privacy Policy

We will review this Privacy Policy regularly to ensure it remains accurate and compliant with evolving legislation. We will communicate changes as follows:

  • Routine Updates: Minor changes (e.g., clarifying wording) will be updated on this page with a new "Last Updated" date.

  • Material Changes: If we make significant changes to how we process your data or a change in our lawful basis, we will proactively notify you via a prominent notice on our website or, where appropriate, via email.

11. Contact

Email: gdpr@internationalworkplace.com Address: Information Governance Lead, International Workplace Ltd, 1-3 Church Plain, Wells-next-the-Sea, NR23 1EQ Telephone: +44 (0) 333 210 1995.