1. Introduction & Scope

Richardson Rail Services Ltd, including any trading as names associated or grouped to us (e.g. Richardson Training Ltd) (“we”, “us”, “our”) is committed to protecting your personal data and privacy in accordance with UK data protection law. This Privacy Policy applies to all personal data we collect or process in connection with our website, e-learning platform, and in-person training or assessment activities.

2. Data Controller & Contacts

ICO Registration No: ZA884995

Data Controller:
Richardson Rail Services Ltd
Address: The Transport Depot, Warnham, RH12 3RL
Email: rhys@richardsonrail.co.uk
Phone: 01403 586036
Data Protection Lead: Rhys Richardson (MD)

3. What Personal Data We Collect

We collect and process different categories of data depending on your relationship with us (website user, learner, candidate, sponsor, client etc.). Examples include contact details, login credentials, course records, payment information, health declarations (where required), and technical data such as IP addresses and cookies.

4. Purposes & Lawful Bases of Processing

We process personal data to deliver training services, verify competence, issue certificates, manage payments, and maintain audit records. Lawful bases include Contract, Legal Obligation, Legitimate Interest, and Consent (where applicable). Special-category data (e.g. health information) is processed under Schedule 1 DPA 2018 conditions or explicit consent.

5. Sharing & International Transfers

We share data only where necessary with awarding bodies (NSAR, Sentinel, Qualsafe etc.), employers, IT and hosting providers, or regulators under data-sharing agreements. Any transfers outside the UK or EEA use appropriate safeguards (SCCs / IDTAs / adequacy decisions).

6. Data Retention

• Training and assessment records – 7 years after completion
• Financial records – 7 years (accounting law)
• ID verification – until expiry + 7 years
• Health data – course duration + 7 years
• Website analytics – 24 to 36 months

7. Cookies & Tracking

We use cookies and similar technologies for authentication, functionality, analytics, and marketing (with consent). For details and management options, see our Cookie Policy.

8. Security & Integrity

We apply technical and organisational controls including encryption, secure servers, access restrictions, back-ups, and staff training. We regularly review and test our measures to protect personal data from loss or unauthorised access.

9. Data Breaches

Any breach posing risk to individuals will be reported to the ICO within 72 hours and, where necessary, to affected individuals. We record and review all incidents to prevent recurrence.

10. Your Rights

You have rights to access, rectify, erase, restrict, object, port, and withdraw consent. To exercise these rights, email rhys@richardsonrail.co.uk. We respond within one month (subject to extensions for complex cases).

11. Marketing & Communications

We send service emails essential to your contract and optional marketing only with consent (or legitimate interest where appropriate). You can unsubscribe at any time.

12. Updates & Versioning

We review this policy at least annually or after major changes to law or our systems. The latest version is always available on this website.

13. Contact

For privacy queries or complaints, contact Rhys Richardson at rhys@richardsonrail.co.uk or call 01403 586036. If unsatisfied, you may contact the Information Commissioner’s Office at www.ico.org.uk.