We need to process some personal data in order to provide our training courses and consultancy. We understand that when you share personal data with us, we must look after it. This privacy notice outlines what we do, how we do it, what we use it for and why use it.


We are Leadership Through Data, a Limited company registered in England (Company No. 11087569). Our Registered address is 122 Feering Hill, Feering, Colchester, Essex, CO5 9PY.

Our business is to provide training and consultancy to our clients on areas of Information Governance, Data Protection and Microsoft 365 Information Management.

We are what is known as the ‘Controller’ of the personal data and other information collected and we are registered as a data controller with the Information Commissioners Office (ICO) (registration no. ZA303412).

We have an appointed Data Protection Officer who can be contacted by email at dpo@leadershipthroughdata.co.uk.


We collect your personal data when you book a course, webinar or consultancy work with us, and we may collect additional information for invoicing purposes.

We will retain personal data for difference lengths of time, depending on why we collected it. We have to identify a lawful basis for processing your personal data and these are shown in the ‘Processing Conditions’ in the table below.

Type of data Processing Conditions Purpose Retention Period 
Booking forms, contact details and invoices. Contract To book delegates onto our courses and collect payments. Last action/entry plus 6 years 
Enquiries (including those by social media) Consent To answer any queries and provide booking links to our booking forms. Last action/entry plus 1 year 
IRMS Details Contract We contact IRMS if the delegate states they are a member in order to validate membership and apply training discount. Last action/entry plus 6 years 
Allergens information Contract; 

Health and Safety (Art. 9) 

We ask for any allergens information in order to provide a meal for courses where lunch is provided to ensure individual needs are met.  Last action/entry plus 6 years 
Unsuccessful Competition entries Consent We occasionally run competitions to win free training courses in which we ask people to opt into joining our mailing list. To win, you do not need to opt-in, but we like it if you do so that you can hear about future training courses. Competition ends. Those who opt-in to the mailing list are added to this, others securely destroyed. 
Marketing -Mailing List & Newsletter Consent During competitions, course booking process and course feedback, we ask if you want to be added to our mailing list with a tick box option. If you opt-in, via our booking system, you will receive ‘LTD Telegraph’ quarterly and ‘LTD snippets’ monthly to your email account. You can unsubscribe at any time by contacting us by email, simply reply ‘unsubscribe’ to info@leadershipthroughdata.co.uk and we will remove you.  Last action plus 3 years. 
IP Address, Location Data, Duration on our website, movement around website, browser used. Legitimate Interests To identify any suspicious activity on our website. If detected the connection will be blocked. 

Data is held by our developer and is not passed to us for any other reason. 

Last action/entry plus 3 months 
Contact us website form (via Mailgun) Consent To respond to contacts submitted via our website. This contact form goes directly into our booking system. Last action/entry plus 72 hours 
Training Feedback forms Consent To take feedback on trainers’ performance and course satisfaction. Form can be submitted without delegate details but if supplied we ask if we can use company name and job title and feedback quotes on our website.  Last action/entry plus 6 years 
Training Delegate Lists Contract Held on our booking system to determine who is booked on the training course. For face-to-face courses, a signature list to confirm delegate attendance is generated. Forms part of the contract and booking onto the course. Last action/entry plus 6 years 


Live Chat on website Consent Live chat facility on our website to support queries and contact. 

Guest data is anonymised unless the guest includes their name and email address. 

Last action/entry 30 days 
Photographs Consent Photographs taken during training sessions for use on social media, website, and marketing material. 

We ask those present if they are happy to have their photograph taken and only proceed with consent. 

Last action/entry plus 5 year 


Our website is managed by an external developer, who is based in the UK. They have a contract with us which covers the limited personal data that they may process on our behalf. 

We use a training management system that processes all of the personal data or delegates that book onto our courses. The system is based in the UK and we have a contract in place with them. Access is controlled by unique logins and a one-time passcode process. 

We use a Customer Relationship Management (CRM) system. This also provides additional facilities such as live chat. This uses regional based data centres. We have a contract and subscription with the suppliers and have undertaken all reasonable due diligence steps to ensure that any data we store in the CRM system is secure and only available to authorised staff. 

All our trainers are self-employed, but we have a contract in place with them for the processing of any personal data. 

We hire venues to provide face-to-face training courses. We will share allergen information that could result in you being identified when collecting a meal, however, we do not pass on any names for this purpose. We are sometimes required to share the training delegate list to some of the venues for the purpose of health and safety reasons. Venues may also have their own methods of collecting data such as signing in books and CCTV for the prevention and detection of crime. Unfortunately, we have no control over this information, and you must contact the individual venue when exercising any of your rights. 

We use MS Teams and Zoom to deliver our virtual training and webinars. We have contracts for both and ensure that the minimum data is processed to enable us to deliver the sessions using these. 


As far as possible, we do not transfer or process data outside the UK. We endeavour to contract with companies that store data in the UK or EEA. Where we are informed that data is transferred overseas, we ensure that we have the appropriate safeguards in place to protect your personal data. 


We do make delegate names available to our trainers to enable them to confirm attendance on courses. Where the course is virtual, we will also make email addresses available to enable them to contact delegates if this is necessary. Trainers have access to this information via our booking system to enable them to see who is booked on the training course. They do not retain this information. 

We do not sell or trade your personal data in any way. 

We may be legally required to share certain personal data. This includes if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority such as HMRC. 


You have a number of rights under the applicable data protection legislation. These are: 

  • a right of access to your personal data held by us. 
  • a right to rectify any personal data held by us that you believe is incorrect. 
  • a right to erase any personal data that we no longer have a legitimate purpose to process. 
  • a right of access to a machine-readable version of your data (data portability). There are conditions that apply to this right, but we will endeavour to give you a portable version of any of your data where possible. 
  • a right to stop us processing any of your data that we do not have a legal or contractual obligation to process. 
  • a right to prevent any wholly automated decisions involving your data – We do not use wholly automated decision-making techniques. 

In general, we do not charge for exercising your rights and we are obliged to respond with one month (subject to exceptions). You can exercise any of these rights by contacting us at DPO@leadershipthroughdata.co.uk 


If you have any cause for complaint about our use of your personal data we would like the opportunity to resolve this with you. You can contact our Data Protection Officer at DPO@leadershiptrhoughdata.co.uk. If you feel that we cannot resolve this for you or you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office via their online form at www.ico.org.uk. 


We may change this Privacy Notice from time to time and recommend that you revisit this when you next contact us. (Last reviewed 25 February 2022). 

VersionRevision DateAction taken
8.0 25 February 2022 Updated to include CRM system and changes to LiveChat system. Overseas transfers amended. 
7.025 January 2021Updated. Including LiveChat changes and new booking system. 
6.07th July 2020New address added and cookie notice separated from the privacy notice. Other small amendments made.
5.09th October 2019Amend to reflect Google Ads marketing. Change DPO contact email address.
4.011th March 2019Added in new processing of personal data for mailing list / newsletter and photographs for marketing plus confirmation for cookies turning off website functionality such as live chat.
3.025th February 2019Streamlined for transparency
2.029th September 2018Updated to reflect GDPR16 / DPA18
1.013th December 2017Created