For More Information Click on Courses below.

Click for larger map

Security and Privacy

Elm Training Privacy Notice


Our policy on data protection.

1. Introduction

Elm Training Services is committed to protecting the privacy and ensuring the security of your personal data. Elm Training Services is a data controller which means we are responsible for the information you give us and that we process for various purposes.

This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data and keep it safe.

First of all, here’s a few terms we may use in this document to explain ourselves. “Personal data” is information relating to you as a living, identifiable individual. So, this could be anything from a postal address to a telephone number or date of birth.

“Processing” your data includes various operations that may be carried out on your data, including collecting, recording, organising, using, disclosing, storing and deleting it. A “Condition for processing data” is essentially our justification for processing the information, for example we may ask you to agree for us to send you marketing information, in this instance we may ask you for your Consent.

The law requires us:

The following sections will answer any questions you have but if not, please do contact us, details are shown below.

It is likely that we will need to update this Privacy Notice from time to time, and you are welcome to come back and check this at any time or contact us by any of the means shown below. 

2. Who we are.

Elm Training Services is an organisation that carries out electrical training and assessment

3. Why we need to process data and how.

The law on data protection sets out a number of different reasons or conditions for which an organisation may collect and process your personal data. When collecting your personal data, we will always make clear to you what data is necessary for each purpose we wish to use it for.  Most commonly, we will process your data using the following lawful grounds:


In specific situations, we can collect and process your data with your consent.

This may include when you agree to receive an email about our training and certification services or an event we may hold. When you make an enquiry online for example, we may assume your consent to enable us to send information you have requested. This is a quick and easy way for you to indicate your agreement. You can easily stop these communications at any time by unsubscribing or Opting-out.

We may have a Contractual obligation.

In certain circumstances, we need your personal data to comply with our contractual obligations. This will be most likely where you have paid to attend one of our training programs.

Other Legal compliance.

If the law requires it, we may need to collect and process your data. This might be when a Criminal Act is detected or matters relating to taxation for example. In this case we have no option but to comply with the law.

Legitimate interest.

In certain circumstances, we require your data to pursue our legitimate interest in a way which you might reasonably expect when we pursue the interests of our company. When we process data in this way, we’ll make sure there isn’t a chance of any adverse or negative  impact on your rights.

Vital use of data

We may also use your data, typically in an emergency, where this is necessary to protect your life, or someone else’s life.  In a small number of cases where other lawful bases do not apply, we will process your data on this basis and in your best interest.

Special category data

We may need to collect some sensitive information about you, the types of which are shown below. Generally, we have no need for this information, so we don’t collect it. However, we are mindful that information of the type may be available to us from time to time. For example, if we need to make special arrangements for someone with a disability to attend one of our courses. We don’t process this data for the purpose of understanding a person’s health condition, but we have a duty of care to protect anyone who may interact with us or attend our premises.

"Special categories" of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data.  We aim to collect and process special category data as little as possible, the catagories considered to be sensitive are;

The Special Categories of personal data consist of data that may reveal:

We may process special categories of personal data in the following circumstances:

Further legal controls apply to data relating to criminal convictions and allegations of criminal activity.  We may process such data on the same grounds as those identified for “special categories” referred to above.

4. When we collect your personal data.

These occasions will include, but are not limited to:

When you visit our offices or attend an event we may organise.

5. How and why we collect your personal data.

We collect personal data in order to manage our day to day business activities and deliver its services. The data collected is most likely in electronic format but can also be in paper form.

When you visit our website, we may collect your IP Address, page visited, web browser, any search criteria entered, previous web page visited and other technical information. This information is used solely for web server monitoring and to deliver the best visitor experience. We may use technology such as cookies to help us deliver relevant and interesting content in our communications in the future. We may use information with gather about you you to find out more about you but in the least most intrusive way. We may use information we collect to display the most interesting content to you on our website or to send communications that you’ll find of interest.

We may also collect your social media username if you interact with us through those channels in order to help us respond to your comments, questions and feedback. The data privacy law allows this as part of our legitimate interest in understanding our audience.

For your security, we use all appropriate organisational and technical security controls to safeguard your data.

When we interact with you we may also collect notes from our conversations with you, and details of any complaints or comments you make. We may record your age or identity where the law requires this.

We will only ask for and use your personal data collected for the purpose stated at the point at which it is collected. If we believe your data is no longer needed for this purpose, we will not process your data further.

6. We are committed to your data protection rights.

You have eight important rights detailed in the GDPR and the data protection act 2018, here’s a brief explanation of each.

Right to Object

You have the right to object to our processing of your personal information if we used it for the purpose of direct marketing. But remember in some cases we are bound by law to process your data. If you have given consent to collect and process your personal data, you have the right to change your mind at any time and to withdraw that consent. We’ll let you know how every time to communicate with you.

Right to challenge automated decisions

You have the right to challenge automated decisions we make about you. You may ask for these to be assessed by a member of our team. We don’t currently make decisions in this way but may do in the future.

Right to a copy of your information and a chance to correct inaccuracies

You have the right to request a copy of any information about you that we may hold at any time to check whether it is accurate. To ask for that information, please contact us using the details below. To protect the confidentiality of your information and the interests of our business, we will ask you to verify your identity before proceeding with any request for information. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.

Right to be Forgotten

You have the right to ask us to forget you from our records. We will uphold this right unless there is a legal obligation such as a contractual agreement or it is in our legitimate interest to keep your data.

Right to be informed

You have a right to be informed, to know what we are doing with your data and why. We promise to publish privacy notices wherever they may be required to clearly explain our reasons.

Right to Restriction

You have the right to ask us to stop processing your data for a number of difference reasons. For example, it might be because you think the data we hold about you is incorrect. Or maybe you think we are doing something wrong. Please contact us for further details.

Your right of portability

If we hold information about you and you want us to ‘port’ it or send it to another organisation that does similar work to us or provides a similar service, you can ask us to do this.  This service will be free of charge and we will endeavour to provide this service without undue delay.

Other important information 

Sometimes we are required to inform you about certain changes, including updates to this Privacy Notice and where we have a legal obligation such as a duty of care or safeguarding. These administrative messages will not include any marketing content and do not require prior consent when sent by email. This ensures that we are compliant with our legal obligations.

We may use your data to send you a survey and feedback requests to help improve the way we communicate. Again, these messages will not include any marketing and do not require prior consent when sent by email. We have a legitimate interest to do so as this helps improve our services and make them more relevant to you. Of course, you are free to opt out of receiving any of these communications should you wish.

7. Data retention and how long we may keep information.

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected.  Annual reviews will ensure that retention schedules are followed.  At the end of the retention period, your data will either be deleted completely, put beyond use or anonymised. In some cases, personal data will be kept in perpetuity.

8. Protecting your data outside the EEA.

Occasionally we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). The EEA includes all EU Member countries as well as Iceland, Liechtenstein Switzerland and Norway.

We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as the USA. For example, this might be required when we store data in a Cloud Service. If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA, and we will treat the information under the guiding principles of this Privacy Notice.

9. Stopping us from using your data in the future.

You can stop us from processing your data by contacting us using the information below.

Remember, some administrative communications cannot be stopped.

10. How to complain about our processing of your data.

If you feel that your data has been handled incorrectly, or you are unhappy with the way we have dealt with your query regarding the way we use your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK.

You can call them on 0303 123 1113 or go online to 
If you are based outside the UK, you have the right to complain to the relevant data protection supervisory authority in your country.

If you would like to discuss any aspect of this policy or the way we process your information, please contact Mike Roper 0115 946 3342 The Data Controller.