We need to process some personal data in order to provide our training courses and consultancy. We understand that when you share personal data with us, we must look after it. This privacy notice outlines what we do, how we do it, what we use it for and why use it.


We are Leadership Through Data, a Limited company registered in England (Company No. 11087569). Our Registered address is 122 Feering Hill, Feering, Colchester, Essex, CO5 9PY.
Our business is to provide training and consultancy to our clients on areas of Information Governance, Data Protection and Microsoft 365 Information Management.

We are what is known as the ‘Controller’ of the personal data and other information collected and we are registered as a data controller with the Information Commissioners Office (ICO) (registration no. ZA303412).

We have an appointed Data Protection Officer who can be contacted by email at dpo@leadershipthroughdata.co.uk.


We collect your personal data when you book a course or training with us, and we may collect additional information for invoicing purposes.

We will retain personal data for difference lengths of time, depending on why we collected it. We have to identify a lawful basis for processing your personal data and these are shown in the ‘Processing Conditions’ in the table below.

Type of dataProcessing ConditionsPurposeRetention Period
Booking forms, contact details and invoices.ContractTo book delegates onto our coursesLast action/entry plus 6 years
Enquiries (including those by social media)ConsentTo answer any queries and provide booking links to our booking forms.Last action/entry plus 1 year
IRMS DetailsContractWe contact IRMS if the delegate states they are a member in order to validate membership and apply training discount.Last action/entry plus 6 years
Allergens informationContract;

Health and Safety (Art. 9)

We ask for any allergens information in order to provide a meal for courses where lunch is provided to ensure individual needs are met.Last action/entry plus 6 years
Unsuccessful Competition entriesConsentWe occasionally run competitions to win free training courses in which we ask people to opt into joining our mailing list. To win, you do not need to opt-in, but we like it if you do so that you can hear about future training courses.Competition ends. Those who opt-in to the mailing list are added, others securely destroyed.
Marketing -Mailing List & NewsletterConsentDuring competitions, course booking process and course feedback, we ask if you want to be added to our mailing list with a tick box option. If you opt-in, via our booking system, ESB, you will receive ‘LTD Telegraph’ quarterly and ‘LTD snippets’ monthly to your email account. You can unsubscribe at any time by contacting us by email, simply reply ‘unsubscribe’ to info@leadershipthroughdata.co.uk and we will remove you.Last action plus 3 years.
IP Address, Location Data, Duration on our website, movement around website, browser used.Legitimate InterestsTo identify any suspicious activity on our website. If detected the connection will be blocked.

Data is held by our developer and is not passed to us for any other reason.

Last action/entry plus 3 months
Contact us website form (via Mailgun)ConsentTo respond to contacts submitted via our website. This contact form goes directly into our booking system, ESB.Last action/entry plus 72 hours
Training Feedback formsConsentTo take feedback on trainers’ performance and course satisfaction. Form can be submitted without delegate details but if supplied we ask if we can use company name and job title and feedback quotes on our website.Last action/entry plus 6 years
Training Delegate ListsContractHeld on our ESB booking system to determine who is booked on the training course. For face-to-face courses, a signature list to confirm delegate attendance is generated. Forms part of the contract and booking onto the course.Last action/entry plus 6 years
Live Chat on websiteConsentLive chat facility (Click4Assistance) on our website to support queries and contact.

Guest data is anonymised unless the guest includes their name and email address. All information sent is stored in the UK.

Last action/entry 30 days
PhotographsConsentPhotographs taken during training sessions for use on social media, website, and marketing material.

We ask those present if they are happy to have their photograph taken and only proceed with consent.

Last action/entry plus 5 year


Our website is managed by an external developer, who is based in the UK. They have a contract with us which covers the limited personal data that they may process on our behalf.
We use a training management system that processes all of the personal data or delegates that book onto our courses. The system is based in the UK and we have a contract in place with them.

Access is controlled by unique logins and a one-time passcode process.

We use an external marketing company, who is based in the UK to conduct Search Engine Optimisation. They do not process any personal data on our behalf.

We use Click4Assistance as our online chat facility. They are a UK company that stores data in the UK. We have a contract in place with them.

All our trainers are self-employed, but we have a contract in place with them for the processing of any personal data.

We hire venues to provide face-to-face training courses. We will share allergen information that could result in you being identified when collecting a meal, however, we do not pass on any names for this purpose. We are sometimes required to share the training delegate list to some of the venues for the purpose of health and safety reasons. Venues may also have their own methods of collecting data such as signing in books and CCTV for the prevention and detection of crime. Unfortunately, we have no control over this information, and you must contact the individual venue when exercising any of your rights.

We use MS Teams and Zoom to deliver our virtual training and webinars. We have contracts for both and ensure that the minimum data is processed to enable us to deliver the sessions using these.


We do not knowingly transfer or process data outside the EEA. To the best of our knowledge, all information we have created is stored within the UK.


We do make delegate names available to our trainers to enable them to confirm attendance on courses. Where the course is virtual, we will also make email addresses available to enable them to contact delegates if this is necessary. Trainers have access to this information via our ESB booking system to enable them to see who is booked on the training course. They do not retain this information.

We do not sell or trade your personal data in any way.

We may be legally required to share certain

personal data. This includes if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority such as HMRC.


You have a number of rights under the applicable data protection legislation. These are:

  • a right of access to your personal data held by us.
  • a right to rectify any personal data held by us that you believe is incorrect.
  • a right to erase any personal data that we no longer have a legitimate purpose to process.
  • a right of access to a machine-readable version of your data (data portability). There are conditions that apply to this right, but we will endeavour to give you a portable version of any of your data where possible.
  • a right to stop us processing any of your data that we do not have a legal or contractual obligation to process.
  • a right to prevent any wholly automated decisions involving your data – We do not use wholly automated decision-making techniques.

In general, we do not charge for exercising your rights and we are obliged to respond with one month (subject to exceptions). You can exercise any of these rights by contacting us at DPO@leadershipthroughdata.co.uk.


If you have any cause for complaint about our use of your personal data we would like the opportunity to resolve this with you. You can contact our Data Protection Officer at DPO@leadershiptrhoughdata.co.uk. If you feel that we cannot resolve this for you or you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office via their online form at www.ico.org.uk.


We may change this Privacy Notice from time to time and recommend that you revisit this when you next contact us. (Last reviewed 25 January 2021).

VersionRevision DateAction taken
7.025 January 2021Updated. Including Click4Assist and new ESB booking system.
6.07th July 2020New address added and cookie notice separated from the privacy notice. Other small amendments made.
5.09th October 2019Amend to reflect Google Ads marketing. Change DPO contact email address.
4.011th March 2019Added in new processing of personal data for mailing list / newsletter and photographs for marketing plus confirmation for cookies turning off website functionality such as live chat.
3.025th February 2019Streamlined for transparency
2.029th September 2018Updated to reflect GDPR16 / DPA18
1.013th December 2017Created