Privacy Policy



Last Revised: 23rd May 2018 

  1. Introduction 

GSTC TRAINING cares about your privacy.  For this reason, I collect and use personal data only to deliver to you my services, details of which are detailed on the website  

  1. Personal Data Collected 

GSTC do not need to gather excessive information, but we will collect:: 

  • Name 
  • Address 
  • Telephone number 
  • Date of birth 
  • Email address 
  • Any other information an individual from your business chooses to tell us. 

  1. What we use your personal data for and the legal basis we rely on 

The legal basis we rely on are: 

Contractual obligation (GDPR Article 6(1)(b)) 

The services we provide to you are done so under contract. If you are unable to provide us with the required information to fulfil the contract, we may not be able to provide the service to you and the arrangement may be terminated. 

Legitimate interests (GDPR Article 6(1)(f) 

GDPR allows us to use legitimate interests for direct marketing purposes. For customers who have either enquired about our services with a view to purchasing them, or are existing customers using our services, or are lapsed customers who have used our services, it would not be an unreasonable expectation to receive information from us about our services, new products, events and news, etc. 

We always give you the opportunity to object to receiving marketing communications from us, when we first collect your personal data and with every marketing communication thereafter. This can be requested by telephone (07851873069) or email (  

  1. Who we will share your personal data with 

GSTC only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent). 

This may include but not limited to, official governing bodies such as ITSSAR and ABA etc: 

  • to conduct accredited training courses. (Basic, Experienced, Conversion, Safety Refresher and Candidate Assessments) 
  • when required by law or to respond to a legal process  
  • to prevent or stop activity we consider to be illegal or unethical 
  • to protect our property and rights or the property and rights of a third party 
  • to protect the safety of the public or any person 

  1. How we keep your personal data safe 

GSTC take the security of any personal data that we hold incredibly seriously. Our measures to safeguard your personal data include: 

  • follow generally accepted standards to store and protect your personal data GSTC collect, both prior to training and on course induction  
  • Encrypting devices where appropriate 
  • Password access to computers and mobile devices 
  • Secure premises 
  • Restricting access to those staff who need to see the information 

  1. Transferring personal data outside of the UK and EU 

GSTC will not store personal data outside of the EU. Data is stored within the UK and Spain on encrypted secure devices. 

  1. Retention of information  

GSTC will retain information for the period that any valid agreement or contract is in place, or until instructed otherwise by a customer. All data is stored for 7 years after completion of services for a variety of legitimate legal or business purposes. This might include:   

  • mandated by law, contract or similar obligations applicable to my business operations; 
  • for preserving, resolving, defending or enforcing our legal/contractual rights; or 
  • needed to maintain adequate and accurate business and financial records. 

  1. Your Rights 

Unless you are a sole trader or a partnership (in certain cases), it will be the individuals who work for your business that have various rights in relation to how we process their personal data. Individuals can: 

  • access the personal data we keep about them and be given specific information about the processing. 
  • ask us to update inaccurate personal data we hold about them. 
  • ask us to delete their personal data but only when specific grounds apply. 
  • ask us to restrict the processing of their personal data, for example if they are contesting the accuracy of it. 
  • object to the processing of their personal data if they do not agree with our legitimate interest grounds and for direct marketing purposes. 
  • transfer personal data from us to another service provider but only when certain grounds apply. 

If you would like to: 

  • object to the processing of your personal data (where we have relied on legitimate interests as our legal basis for the processing); 
  • or to unsubscribe from future marketing communications
    exercise any of your data rights 

please email and we will resolve your request within 30 days. 

We would appreciate being updated if any of your personal data changes, to maintain up to date and accurate records. 

We do not undertake any solely automated decision-making, including profiling. 

If you are not happy with how we have been processing your personal data, or have not dealt with one of your rights correctly when you have asked us to, you may lodge a complaint with the Information Commissioners Office (ICO). The ICO has several ways in which you can get in touch with them, including post, email, and online forms. To find out how clickhere

  1. Data Protection Officer 

If at any time you have questions about GSTC practices or any of your rights, you may reach our Data Protection Officer (“DPO”) by contacting me at: .  

  1. Notice to End Users 

The services supplied by GSTC Training are intended for use by organisations correctly contracting with us for a service. Your use of these services may be subject to your organisation’s policies, if any. If your organisation is administering your use of these products and services, please direct your privacy enquiries to your administrator. GSTC Training is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.