Privacy policy

Thank you for trusting us with some information about you.  We take that trust seriously and we want you to know how we use your information and why.

1. Who is holding your information?

NameThe IT Training Surgery Ltd
Director – Paul Wherly
Company Registration Number07744878
Data Retention Period(s)Prospects up to three years.
Customers and suppliers – ten years after the last financial transaction.
Cookie policy
Third parties we share information withCourseCheck for evaluations – CourseCheck privacy policy

Google Analytics for website performance and YouTube – Google’s Privacy Policy

Xero for accounting and invoicing – Xero’s GDPR statement

Microsoft Office 365 – data privacy policy

Facebook button to promote webpages or share posts – Facebook Privacy Statement

Twitter button to share posts – Twitter Privacy Statement

Complianz cookie consent tool – Complianz Privacy Statement

The person responsible for data within our business: Name and contact informationPaul Wherly
Email –
Telephone – 0208 203 1774
Our data regulator contact details are:The data regulators for EU and UK can be found via these links: UK-

EU –

Date this Policy last updated26th of March 2021

2. Whose information do we collect?

We process information about:

“Prospects” contacts at potential Clients;
“Clients”who have bought goods or services from us, and “Client Contacts” who are individuals employed by or contracted to Clients;
“Suppliers”, “Associates”suppliers or potential suppliers of goods or services to us;
“Affiliates/Referrers”who have signed up to our affiliate scheme or who have referred Prospects to us.
“Employees”Our employees, if we have any. Employees should refer for data privacy information relating to their own data to their contract of employment.

3. Our policy

We promise respectful treatment of the personal information of everyone we have contact with.  We want it to be simple and clear.

This Policy explains how we do that – when and why we collect information, how we use it, the situations when other people can see or use it, and how we keep it secure.

But just to set the scene, if you don’t want to read through all the details just now, we can be clear upfront.

We don’t sell, rent or trade email lists with anyone else.

We’ve split this Policy into sections, depending on who you are.

  1. Section A – everyone and includes information about cookies on our websites.
  2. Section B – if you are or work for a business prospect.
  3. Section C  – if you are a Client or a Client Contact.
  4. Section D – if we have information about you purely because we are providing services to a Client.
  5. Section E – if you’re a supplier, associate or Affiliate/Referrer.

Section A: For everyone

Whoever you are, our intention is to use your information to make things work smoothly for you in your experience of dealing with us. If that’s not how it turns out for you, please make sure to contact us. It’s best to put things in writing, which you can do by emailing the address above.

We keep this Policy under regular review, and we may revise it as time goes on. Please check back here from time to time to make sure you’ve got the latest information.

A.1. Our general approach to personal data

We’re committed to protecting your privacy and honouring your legal rights to control how we use your personal data.

We only collect and use personal data when we need to

  • because you have asked us to do something (for example, send you newsletters);
  • so that we can reply to queries or complaints;
  • to develop and manage our business relationships;
  • to help grow our business and fulfil our contracts;
  • to provide services to clients;
  • to calculate payments to associates or Affiliates/Referrers
  • to meet our legal obligations.

We try to make sure the information we hold is accurate and up to date and is no more than we need to have.

A.2. Categories of data

The types of information that we will be processing depend on the nature of our relationship with you.

We may process information about you that you have yourself provided to us or published generally on the internet through social media or other websites.

In all cases, we will have what identifying and communication information that is relevant and that we can sensibly obtain: that is, your name, email address, employer or business name, job title or position, contact address, social media addresses, and we may also capture some of the information published by you in your social media output to the extent that it may be relevant to our interactions.

If you are or work for a prospect, we will aim to obtain and process information that is relevant to our building a business relationship with you and doing business together, which may relate to your business and your personal interests.

If you are or work for a customer or supplier, we will also keep records of our interactions, the work we have done for you or commissioned from you, the progress of work, and financial and accounting records.

If we are processing information about you purely because we are providing services to others, please see Section D below.  Please note that your rights may be subject to applicable exemptions.

If you have any questions or concerns about our use of your information or how we have responded to any request about your personal data, please take it up in the first instance by emailing us at the above address.

If we can’t sort it out, the official authority contact details are set out in the form above, and you can raise your concerns with them.

A.3. Downloads, newsletters and services

Existing Clients may receive emails about specific offers relating to things they have already purchased.   You can unsubscribe from these at any time.

We use anonymised data about you from time to time to target advertising campaigns based on profiling the sort of person who wants to receive information from us.

We ask our own sales and marketing people (both internal and external) to contact Prospects from time to time.   This is normally because you have requested a call or because we are actively trying to let you know about something you may benefit from.

We are not a hard sell or cold calling based organisation but prefer to build long-term relationships with satisfied and relaxed clients.


We have an active presence on social media. If you are using social media, they are holding and using your information in accordance with their data privacy policy.

If you ‘like’ any of our posts or ‘follow’ us or contact us on social media, we keep a record of that. Your replies to us, messages you send us, and your other activity linked to our posts may be seen by members of our staff and by our associates.  Our contracts with them hold them to high standards of protecting your information.

A.5. No sale or exchange of your data

We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

A.6. Data location and platforms

Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our Client records, to email, to accounting.

This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere.  We have picked mainstream suppliers with appropriate security standards.  For example, all our accounting data goes to New Zealand, and Email data is stored in Microsoft systems, and these servers are predominantly in the EU and the UK.

CourseCheck is a tool that we use to collect, manage and respond to customer feedback.  At the end of a training course, we will ask you for optional feedback.  We collect your name, email address, telephone number (optional), organisation (optional), job role (optional) and ratings of the course. Suppose you give permission, the course rating, first name and initial of your surname can be published on the public areas of the CourseCheck and The IT Training Surgery websites.  The customer feedback is kept until a reviewer asks CourseCheck to delete their record.  Here is a link to the CourseCheck privacy policy.

Website analytics to measure website performance is provided by Google Analytics.  If you have visited our website or made an enquiry, this will be listed in Google Analytics. Here is a link to Google’s Privacy Policy

A.7. We may share some of your data with these people

We have an outsourced support team for our own business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more.  They have limited access to your data, where the service they provide to us means they need it.

For example, if we invoice you, our Accountant needs to process the information in the invoice.

Our team use our software to access any data they need.  We do not permit copying or sharing by the team and actively monitor for any potential breaches.

Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses.

We restrict who can export or download data that is held to a limited number of individuals who are authorised to back up data.

If you want to know who is on our team, please email and ask us.

A.8. How long do we keep your data for?

We will keep your information for the length of time set out in our retention period (see section 2, Table above).

A.9. Want to see what we hold on you?

If you want to know what information we have about you (if any), email the address above and give us your name, email address(es). We may require you to confirm your identity before proceeding.

Provided we can legitimately disclose the information to you (see section D), we will happily search and send you screenshots of what we have.


You have the right to know what information we are collecting on you and to amend it if it is inaccurate.

If you feel, for some reason, we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know, and we will take appropriate action.

Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our products and services.

You have a “right to be forgotten”, – but that does have some legal limits to it.  If you want us to remove information about you, let us know.  If you have been a Client, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.

A.11. Our legal basis for processing your data

The information we hold is based on our needing the information to run our business and provide our products and services – either so we can perform our contract with you or because we have a legitimate business interest in processing your data.

In a few situations, we are processing personal data because we are under a legal obligation to do so.  This principally relates to our business, accounting and tax records.

Section B: Prospects

Most of the information we process comes from you.  We process it so we can reply to you, and when you contact us again, we know what you asked before, what you were sent, and what you told us.

Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our products or services or a relevant contact for our business.

If we email you individually using our own email system or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.  We use Microsoft Outlook to store emails, and these are linked to an Exchange server in Office 365.  Here is a link to the Microsoft data privacy policy.

If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period (section 2, Table, above).

We do not routinely keep special category data.  To the extent we hold this, it was supplied or made publicly available by you.

Section C: Clients

Once you buy something from us, we will collect information from you at the point of sale.

This will include the information we collect from Prospects (above).  We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.  As such, we use Xero, a cloud based accounting system for record-keeping.  Here is a link to Xero’s GDPR statement.

We process your data to support the delivery of the goods and services you have bought.  We keep records of the goods/services provided to you and the information you give us, so we can support you when needed and advise you of any additional services you may need.

C.1. Third party data

As well as your own personal data, we understand that you may need to provide us with personal data relating to your employees, your workers, or third parties (often your clients or suppliers) – depending on the services we are providing to you.  We hold all such information under strict confidentiality obligations, as set out in our terms of business.

C.2. Financial details

If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.

We do not routinely keep credit scores nor use credit reference agencies.

Section D: Third party information

We will act in accordance with your statutory rights, subject to the exclusions and exemptions that may apply.

When we are processing data about you on behalf of a Client, we are operating under the banner of our Client’s data privacy policy.  We will refer any enquiry from you to them, as they are the ‘data controller’ responsible for dealing with your query.  But we will support that by providing relevant information to our Client for passing to you.

When we are processing data about you because of a direct connection between you and our business, we are acting as a ‘data controller’ (and operating under this policy).

Section E:  Suppliers, associates and affiliates

If you become a supplier, associate or Affiliate/Referrer, we keep a copy of the contract between us and your bank details so we can pay you.  We also keep a record of invoices/payments for accounting purposes.

We keep a record of the work you undertook for us/our clients along with any comments, reviews or suggestions about that work, including complaints (if any) and their resolution.

This information is all needed to manage our client relationships and our supply chain.

If we set up an Affiliate/Referrer scheme, Affiliate/Referrer data will be held in accordance with this policy.  We will ask you for information when you apply, and that information will be kept to administer the scheme.

If you are a Referrer, we remind you that referrals that you make to us may only be made with the knowledge and consent of the person being referred.

4.  Complaints

If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address set out above.

If we can’t sort it out, the relevant supervisory authority details can be found on the form above.

Contact us

Would you like to talk through your IT Training needs?
Just send through your details and we'll get back to you.