Legal

Privacy Policy

Last updated: 29 May 2026  ·  UK GDPR & Data Protection Act 2018 compliant

SkillGuardian is committed to protecting your privacy and handling your personal data transparently and responsibly. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

SkillGuardian ("we", "us", "our") is the data controller for personal data collected through the Platform. We are registered in England and Wales.

Our data protection contact is: support@skillguardian.co.uk

2. What Personal Data We Collect

We collect personal data in the following categories:

CategoryExamples
Identity dataFull name, job title, role
Contact dataEmail address, organisation name
Account dataUsername, hashed password, account settings
Training dataCourse completions, quiz scores, competency records, certificates
Usage dataPages visited, features used, login timestamps, IP address
Communication dataMessages sent to us via contact forms or email
Technical dataBrowser type, operating system, device identifiers

We do not knowingly collect special category data (health, biometric, etc.) unless explicitly provided by you or your organisation in the context of training records, in which case it is processed under Article 9(2)(b) UK GDPR (employment / social security obligations) or your explicit consent.

3. How We Collect Personal Data

  • Directly from you: when you register, complete courses, submit contact forms, or communicate with us.
  • From your employer / organisation: when an organisation administrator creates or manages your account.
  • Automatically: through cookies and similar tracking technologies when you use the Platform (see Section 11).

4. Lawful Bases for Processing

Under the UK GDPR, we rely on the following lawful bases to process your personal data:

PurposeLawful basis
Providing the Platform and account managementContract (Art. 6(1)(b))
Processing subscription paymentsContract (Art. 6(1)(b))
Sending service and compliance notificationsLegitimate interests (Art. 6(1)(f))
Marketing communications (opt-in only)Consent (Art. 6(1)(a))
Legal compliance and regulatory obligationsLegal obligation (Art. 6(1)(c))
Security monitoring and fraud preventionLegitimate interests (Art. 6(1)(f))
Analytics and platform improvementLegitimate interests (Art. 6(1)(f))

5. How We Use Your Personal Data

  • To create and manage your user account and organisation profile.
  • To deliver training content, track course progress, record assessment results, and issue completion certificates.
  • To send you notifications about expiring training, platform updates, and service messages.
  • To generate compliance reports and analytics for organisation administrators.
  • To respond to enquiries submitted via our contact form or email.
  • To process subscription payments and manage billing.
  • To detect, investigate, and prevent fraud or security incidents.
  • To fulfil our legal obligations, including retaining records as required under applicable UK legislation.
  • With your consent, to send marketing communications about new features, courses, and offers. You may withdraw consent at any time.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share it with:

  • Your organisation's administrators: who may view your training records, competency status, and certificates within the Platform.
  • Service providers: who process data on our behalf under Data Processing Agreements (e.g. cloud hosting, payment processing, email delivery). These providers are contractually required to protect your data and may not use it for their own purposes.
  • Law enforcement or regulators: where required by law, court order, or to protect the rights and safety of individuals.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate safeguards.

7. International Transfers

We aim to keep personal data within the UK and the European Economic Area (EEA). Where any transfer outside these areas is necessary, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent adequacy decisions, in accordance with Chapter V of the UK GDPR.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

  • Active account data: retained for the duration of your subscription plus 6 years (limitation period for contract claims under the Limitation Act 1980).
  • Training and certificate records: retained for a minimum of 7 years from the date of completion to support regulatory audit requirements.
  • Contact form submissions: retained for 2 years.
  • Usage/technical logs: retained for up to 12 months.

When data is no longer required it is securely deleted or anonymised in accordance with our Data Retention Policy.

9. Your Rights Under UK GDPR

You have the following rights in relation to your personal data. To exercise any of them, contact us at support@skillguardian.co.uk. We will respond within one calendar month.

RightWhat it means
AccessRequest a copy of the personal data we hold about you (Subject Access Request).
RectificationAsk us to correct inaccurate or incomplete data.
ErasureAsk us to delete your data where there is no compelling reason to continue processing.
RestrictionAsk us to restrict processing while a complaint or accuracy issue is resolved.
PortabilityReceive your data in a structured, machine-readable format where processing is automated and based on consent or contract.
ObjectObject to processing based on legitimate interests, including profiling.
Withdraw consentWithdraw any consent given at any time, without affecting prior lawful processing.
Automated decisionsNot be subject to solely automated decisions that produce significant effects on you.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113, although we encourage you to contact us first so we can address your concern directly.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include:

  • Encryption of data in transit (TLS) and at rest.
  • Role-based access controls and audit logging.
  • Regular security assessments and penetration testing.
  • Staff training on data protection and information security.
  • Incident response procedures in accordance with ICO guidance.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you without undue delay.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Platform and improve your experience. Cookies are small text files stored on your device.

TypePurpose
Strictly necessaryAuthentication, session management, security. Cannot be disabled.
FunctionalRemember your preferences and settings.
AnalyticsUnderstand how the Platform is used so we can improve it. Anonymised where possible.

You can control non-essential cookies through your browser settings. Blocking cookies may affect Platform functionality.

12. Children's Privacy

The Platform is not directed at children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

13. Links to Other Websites

The Platform may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes we will notify you by email or by a prominent notice on the Platform at least 14 days before the changes take effect. The "last updated" date at the top of this page will always reflect the most recent version.

15. Contact Us

For any questions, concerns, or to exercise your data protection rights, please contact:

Data Protection Contact — SkillGuardian
Email: support@skillguardian.co.uk
United Kingdom

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113