0808 164 2780
Food Hygiene Courses Fire Safety Courses Health & Safety Courses First Aid Courses Mental Health Courses Browse all 22 courses → About Blog Contact 0808 164 2780
Legal

Privacy Policy

This notice explains how we collect, use, share and protect your personal data when you visit our website, buy a course or train with us. It applies to learners, buyers, marketing contacts and website visitors, and sets out the rights you have over your information.

Who we are

This website is operated by MBM Ventures LLC trading as Online CPD Academy ("we", "us", "our"). We are the controller responsible for the personal data described in this notice. We act as a data controller when we handle the personal data of individual customers and learners, and as a data processor where corporate clients provide us with learner information.

If you have any questions about this notice, wish to exercise your rights or want to make a data request, you can contact us at info@onlinecpdacademy.co.uk.

Our services are intended for adults and for use by organisations. We do not knowingly collect personal data from children under the age of 16, nor do we process special category data unless identity verification is required. If you believe a child has provided us with their data, please contact us so that we can remove it.

What this notice covers

This notice explains how we collect and use your personal data when you:

  • visit our website;
  • purchase or access online training;
  • contact us via phone, email or social media;
  • subscribe to marketing communications; and
  • provide information during course enrolment or certification.

Our website may contain links to third-party sites. Please consult their privacy policies, as we are not responsible for how they handle your data.

What personal data we collect

The personal data we collect depends on how you interact with us:

  • Learners — your name, email address, password, IP address, course progress, postal address (for certificate delivery), an optional phone number and, where required for an accredited qualification, any identity verification documents you provide.
  • Buyers and administrators — your name, email address, phone number and order and payment information. Card payments are processed securely by our payment processor, Stripe; we do not store full card details on our systems.
  • Marketing contacts — your name and email address, where you have asked to hear from us or otherwise consented to receive marketing.
  • Competition entrants — additional data such as a postal address or ID may be collected for prize fulfilment.
  • Website visitors — cookies and similar technologies, which collect limited information about how you use our website. See our Cookie Policy for details.
  • Social media users — your username and any content you share with us for service-related interactions.

How we use your data

We use your personal data to:

  • deliver your courses and manage your account and learning record;
  • issue and verify your certificates;
  • process your payments and provide receipts and documentation;
  • provide customer support and respond to your enquiries; and
  • where you have consented, send you marketing about our courses and related services.

Lawful bases for processing

We only process your personal data where the law allows us to. The lawful bases we rely on are:

  • Contract — to provide the course or service you have purchased and to fulfil our obligations to you.
  • Legitimate interests — to run, improve and secure our business, gather feedback and send course reminders, provided your rights do not override those interests.
  • Legal obligation — to comply with our accounting, tax, invoicing and other legal and regulatory duties.
  • Consent — where you have given us permission, for example to send you marketing communications, newsletters, promotions or to enter competitions. You can withdraw your consent at any time.

Use of AI

We do not use your personal data to train artificial intelligence models. Where we implement any automated or generative AI tools to support our service, we ensure they meet data protection standards and are approved for use only after assessment. No AI system will access or use your identifiable personal data without your consent.

Data security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. These include password-protected accounts with minimum complexity standards, encrypted data transfers (SSL/TLS), role-based access to internal systems, secure storage and destruction of paper records, firewall and malware protection, ongoing staff training on data protection, and encrypted offsite backups with disaster recovery in place. While no online service can be guaranteed to be completely secure, we keep our safeguards under review.

Who we share your data with

We share your personal data only where it is necessary to provide our services or where we are required to do so. This may include:

  • contracted service providers who help us run our business and deliver our courses, such as email platforms and learning platform providers;
  • our payment processor, Stripe, to take and process payments;
  • accreditation bodies (for example CPD) where needed to certify and validate your training;
  • IT and hosting providers who support our systems; and
  • legal, regulatory and law enforcement bodies where we are required to disclose information.

We do not sell your personal data. If personal data is transferred outside the UK, appropriate safeguards will be in place. Tracking technologies used on our website may include the Meta Pixel and the LinkedIn Insight Tag, which help us measure and improve our advertising. You can control these through our Cookie Policy.

Social media interactions

Any personal data you share with us via social platforms (for example LinkedIn or Facebook) stays within those platforms unless you explicitly request contact outside of them. We may use tools such as the Meta Pixel or LinkedIn Insight Tag to tailor our website experience and deliver relevant ads, governed by our Cookie Policy and your social media privacy settings.

Data retention

We keep your personal data only for as long as we need it:

  • Learner records — retained for up to 20 years, so that certificates can be verified long after a course is completed.
  • Marketing data — retained until you unsubscribe or ask us to stop contacting you.
  • Call recordings — deleted automatically after up to 12 months.
  • Backups — retained for up to 4 years as part of our routine system backups, accessible only in emergencies.

Your rights

Under data protection law you have the right to:

  • be informed about how your data is used;
  • access the personal data we hold about you;
  • rectification of inaccurate or incomplete data;
  • erasure of your data in certain circumstances (the "right to be forgotten");
  • restriction of how we process your data;
  • portability, to receive your data in a usable format; and
  • objection to certain types of processing, including direct marketing.

To exercise any of these rights, contact us at info@onlinecpdacademy.co.uk. We will respond to a subject access request within one month, although this may be extended by up to a further two months (three months in total) where a request is particularly complex or you have made a number of requests.

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. We would ask that you contact us first so that we have the opportunity to put things right.

Contact details

Data Protection Lead
MBM Ventures LLC trading as Online CPD Academy
Email: info@onlinecpdacademy.co.uk
Phone: 0808 164 2780

Updates to this notice

We may update this notice from time to time to reflect changes in our practices or legal requirements. Any changes will be published on this page and take effect immediately, so please check back periodically for the latest version.