Excellent 0 reviews
Courses Licences Careers Business Blog Help About Contact Login
Sign Up Free
Legal

Privacy Policy

Your privacy is important to us. This policy explains what data we collect, how we use it, and the rights you have over it.

Last updated: 15 May 2026

1. Introduction

Your privacy is important to us. RFTB Ltd ("RFTB", "we", "us") is committed to protecting and respecting your personal data. This Privacy Policy explains what information we collect when you use our website and Services, how we use it, who we share it with, and the rights you have over your data.

We are the data controller for the personal information we collect about you. If you have any questions, please contact us via the Contact page.

2. What Information We Collect

We collect personal information in the following situations:

When you create an account or book a course:

  • Full name, date of birth, email address, phone number, home address and postcode
  • Photo ID details (passport / driving licence) where required by SIA training standards
  • Right-to-work documentation where relevant
  • Course preferences, venue and date selections
  • Emergency contact (if you choose to provide one)

When you pay:

  • Card details and billing address — these are collected and processed by Stripe; RFTB does not store full card numbers.

When you use the platform:

  • Pages visited, time spent, clicks, search queries
  • Device type, browser, IP address, operating system
  • Lesson progress, mock exam answers, scores and learning activity

When you contact us:

  • The contents of your message, screenshots, attachments, and any record of our correspondence.

3. How We Use Your Information

We use personal data to:

  • Process your bookings and deliver the Courses you have paid for
  • Communicate with you about your account, bookings, certificates and exam results
  • Provide customer support and respond to queries
  • Improve our courses, content, platform and services
  • Send marketing emails about new courses, offers and content (only where you have opted in — you can unsubscribe at any time)
  • Detect, prevent and address technical issues, fraud and security risks
  • Meet our legal obligations and regulatory requirements

4. Legal Bases for Processing

Under UK GDPR we must have a lawful basis for each use of your data. Ours are:

  • Contract: to fulfil your booking and provide the Services you have paid for.
  • Legitimate interests: to run our business, improve our products, prevent fraud and keep our platform secure.
  • Consent: for marketing emails and certain cookies; you can withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, regulatory and law-enforcement requirements.

5. Who We Share Your Information With

We share personal data only when needed and only with parties who handle it responsibly:

  • SIA-approved Training Partners delivering your Course — they receive the minimum information needed to verify attendance and issue your certificate.
  • The Security Industry Authority (SIA) where required for licence-related processes you initiate.
  • Payment processors (e.g. Stripe) to process card payments.
  • Email and SMS providers to send transactional and marketing messages.
  • Cloud and analytics providers that host our infrastructure and help us improve the platform.
  • Authorities where we are legally required to disclose information (e.g. a court order).

We do not sell your personal data to third parties.

6. Cookies

We use cookies and similar technologies to make the platform work, remember your preferences, and understand how it is used. Cookies fall into three groups:

  • Essential cookies — required for the site to function (login, security, your basket). You cannot opt out of these.
  • Performance cookies — help us understand which pages are popular and where users encounter problems.
  • Marketing cookies — used to measure the effectiveness of our marketing.

You can manage your preferences via the cookie banner on first visit, or by clearing cookies in your browser at any time.

7. How Long We Keep Your Data

We keep your personal data only as long as we need to:

  • Account & booking data: for the lifetime of your account plus 7 years thereafter (tax and audit requirements).
  • Training certificates & exam results: for at least 3 years after course completion.
  • Marketing data: until you unsubscribe.
  • Support correspondence: for 3 years after the last interaction.

When data is no longer needed we either delete it or anonymise it so it can no longer identify you.

8. Security

We use appropriate technical and organisational measures to protect your personal data. These include encrypted transmission (HTTPS), restricted internal access, regular backups and ongoing monitoring. No system is perfectly secure, but we work hard to keep yours safe.

9. Children's Privacy

SIA training is for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with their data, please contact us and we will delete it.

10. Your Rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you
  • Rectify inaccurate or incomplete information
  • Erase your data where we no longer have a lawful basis to keep it
  • Restrict how we process your data
  • Port your data to another provider in a machine-readable format
  • Object to processing based on legitimate interests or direct marketing
  • Withdraw consent at any time where we are relying on consent

To exercise any of these rights, contact us via the Contact page. We will respond within one calendar month.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.

11. International Transfers

Some of the service providers we use (e.g. email or analytics) operate outside the UK. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place — typically standard contractual clauses approved by the ICO.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or via a prominent notice on our website. The "last updated" date at the top of this page tells you when the current version came into effect.

13. Contact Us

Questions, requests or complaints about your data? Contact us via the Contact page and we will respond within one calendar month.

Also:

Terms & Conditions Contact us