Contact information  

Email: contact@closeprotectionacademy.co.uk

Data Controller: Close Protection Academy Ltd. 

Designated Data Controllers: Nicholas Player & Jillian Robertson 

“Close Protection Academy Ltd. (CPA Ltd.)” refers to all staff, tutors, instructors, assessors and administrators who are employed or contracted directly with CPA Ltd. 

“Learners” refers to all individuals who undertake a course of study with CPA Ltd. 

“Processing” refers to any action involving personal information, including obtaining, viewing, copying, amending, adding, deleting, extracting, storing, disclosing or destroying information. 

 

When handling personal information, Close Protection Academy Ltd. must comply with the 7 General Data Protection Regulation (GDPR) principles. Article 5 of the UK GDPR defines the 7 key principles as: 

• Lawfulness, fairness, and transparency 
• Purpose limitations 
• Data minimisation 
• Accuracy 
• Storage limitation 
• Integrity and confidentiality 
• Accountability 

We will collect and/or use the following information for administrative purposes, to provide and improve services, to protect learners welfare and to comply with legal requirements: 

• Name, address, contact details (including phone and email) 
• Date of birth 
• Birth gender and pronoun preference 
• Marital status 
• Occupation and employment history 
• Health conditions / allergies 
• Criminal record data 
• Payment details 
• Identification documents 
• Emergency contact details 
• Audio and Visual recordings 
• EDI monitoring information 
• Any other personal information required to comply with legal obligations 

Our lawful bases for the collection and use of data in relation to administrative purposes, providing and improving services, protecting learners welfare and compliance with legal requirements: 

• Consent - CPA Ltd. have permission from you after we gave you all the relevant information. All your data protection rights may apply, except the right to object. You have the right to withdraw your consent at any time. 
• Contract - CPA Ltd. must collect and/or use the information so we can enter a learning contract with you. All your data protection rights may apply, except the right to object. 
• Legal obligations - CPA Ltd. must collect and/or use your information to comply with the law. All your data protection rights may apply, except the right to erasure, the right to object and the right to data portability. 

All learners must: 

• Ensure that all personal information which they provide to CPA Ltd. is accurate and up to date. 
• Inform CPA Ltd. of any changes to information (ie: change of address, name change). 
• Check the information which CPA Ltd. holds when it is made available through annual review. You must inform us of any errors or corrections. CPA Ltd. shall not be held responsible for errors of which it has not been informed. 

Close Protection Academy Ltd. must: 

• Ensure all personal data is obtained, processed and stored in accordance with UK GDPR and the Data Protection Act 2018. 
• Transport and store all exam documents in a locked box with access limited to Designated Data Controllers, Internal and external quality assurers and Highfield awarding body. 
• Carry out annual review of personal data to ensure it is current and correct. 
• Only disclose information when legally required to do so to include the following: financial /fraud investigation authorities, HMRC, emergency services, regulatory authorities or organisations we are legally obliged to share information with. Unauthorised disclosure may result in disciplinary action and/or escalation to gross misconduct. 
• Ensure learners adhere to Data Protection Principles when processing personal information in relation to their course of study. Obtain subject matter consent for the collection of information for teaching purposes. 

Section 388(4) (a) & (b) of the Companies Act sets out the document retention period as a minimum of 3 years. 

Learners have the right to ask CPA Ltd. for copies of information held about them. A Subject Access Request (SAR) must be made in writing to The Data Controller at (email). CPA Ltd. will process your request in line with UK GDPR and compliance with legislation to reply within 30 days of the receipt of initial request. 

Compliance with UK GDPR and The Data Protection Act 2018 is the responsibility of CPA Ltd. and all learners. Any deliberate or reckless breach of this Policy may lead to disciplinary action and/or legal proceedings. Any concerns or questions regarding how CPA Ltd. collects, processes and stores personal information must be addressed to The Designated Data Controllers. Further help and information can be obtained from the ICO (www.ico.org.uk). 

This policy was approved by: Nick Player & Jillian Robertson on 27/02/2025 

Review Due 26/02/2026