Privacy policy

Privacy Notice

The Learning Foundry Privacy Notice

The Learning Foundry (TLF) is a training provider and part of the Regenda Group. This notice explains how and why we use your personal information, and the rights you have.

We are committed to handling your information fairly, transparently and in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data (Use and Access) Act 2025 (DUAA).

1. Personal data we collect

We collect information about you when you enquire about adult training, Education Programmes for Young People (EPYP) and apprenticeship opportunities or visit our website. This may include:

Personal data

Contact details (name, address, phone, email, contact preferences)
Date of birth, age, gender, and national identifiers (e.g., NI number, passport)
Next of kin/ emergency contact
DBS (Disclosure Barring Service) check
Criminal convictions and offences
Financial information (income details of household members, bank details)

· Eligibility for training and residency status

· Educational information, including qualifications and support needs

· Employment details and work experience

· Change of name documentation i.e. marriage certificates

· Performance on programme of study, individual achievements, attendance and results

· Cognitive assessments

CCTV footage where you are in view

Special category data (where necessary)

Disability or health information and vulnerabilities
Age
Gender
Race or Ethnic origin
Religion
Sexual orientation

We only ask for this information to ensure that your needs are met, and for fairness, inclusivity and compliance with equality law. You do not have to provide it.

2. How we collect your information

We collect personal data from:

Application forms
Employers
CCTV and building security systems
Our website, portals and digital tools
Phone contact, emails and letters
Automated tools (e.g., sentiment analysis, web analytics)

We will always explain what information is required and why.

3. How we use your personal data

We use your information to:

Manage the delivery of adult training, EPYP and apprenticeship programmes
Provide support to you and identify further opportunities
Analyse customer needs, shape services and collect feedback
Monitor equality, diversity and inclusion
Meet regulatory and legal requirements
Make bursary payments
Marketing and research purposes

We use the following Artificial Intelligence (AI), analytics and automated tools:

Segmentation and profiling to understand service needs
Algorithmic tools to prioritise customer contact
Automated decision‑support systems used internally to allocate resources

We do not make fully automated decisions that produce legal or significant effects without human involvement.

Where AI or automated analysis is used, it is governed by our AI and Machine Learning Policy.

You have the right to:

Request human review
Ask for an explanation of how automated tools affected your case
Object to automated processing where legally permitted

4. Legal bases for processing

We rely on one or more of the following:

Contract

To manage the delivery of training and apprenticeship programmes.

Legal obligation

Where processing is required by housing, safeguarding, tax, regulatory or other legislation.

Legitimate interests

Including:

Communicating with you to keep you updated on our services
Process next of kin and emergency contact details
Operating CCTV for safety and crime prevention

· Offer you further support, including referrals to external agencies

Quality monitoring and staff training
Customer surveys through approved partners

We always balance legitimate interests against your rights.

Consent

Where required, such as:

Use of certain special category data
Optional surveys or marketing communications.

You can withdraw consent at any time.

Vital interests

Protecting life or preventing serious harm.

Public interest / substantial public interest

Including safeguarding, preventing fraud, and equality monitoring.

Recognised legitimate interests

We may rely on this basis for:

Cybersecurity and system integrity - protecting our digital systems and preventing cyber threats
Crime prevention and detection
Safeguarding vulnerable individuals - where information is required to protect someone at risk
Disclosures to public bodies - where a public body (e.g., local authority, police, fire service) confirms it needs information to carry out its statutory public task
Responding to emergencies - such as fires, floods, structural hazards or risks to human welfare

5. Who we share your personal data with

We may share information with:

To deliver services

Employers
Work placement providers or delivery partners
End point assessment organisations

Where disclosure is required

· Ofsted

· Funding body (Department for Education DfE)

· Awarding Organisations

· Liverpool City Council

· Liverpool City Region Combined Authority (LCRCA)

· Secretary of State

· Auditors

6. International transfers

Where data is processed outside the UK or EEA, we ensure:

A UK‑approved adequacy decision is in place, or
UK‑approved International Data Transfer Agreements or Standard Contractual Clauses (Article 46 UK GDPR) are used

7. How long we keep your data

We only keep your information for as long as necessary to:

Deliver services
Meet legal and regulatory requirements
Defend legal claims

All information is securely disposed of when no longer required and some data may be anonymised for statistical purposes.

8. Protecting your personal data

We use organisational, technical and physical measures to safeguard data. These include:

Identity checks
Access controls
Encryption and secure systems
Incident and breach response procedures

No communication method is completely secure, but we take reasonable measures to reduce risk.

9. Cookies and website analytics

Our website uses cookies to:

Improve performance and user experience
Personalise content
Deliver relevant advertising
Understand user behaviour

Google Analytics and Google Signals may be used with your consent. No identifiable Google account data is shared with us.

You can change your cookie preferences at any time.

10. Your rights

You can ask us to:

Provide a copy of the personal data we hold (Subject Access Request)
Explain how your data is used
Correct or update inaccurate information
Delete your information (where applicable)
Restrict or object to processing
Transfer data to another organisation (where applicable)
Withdraw consent
Challenge automated decision‑making or request human intervention
Request explanation of algorithmic tools
Raise a complaint if you believe we have not met data protection standards, including fairness, transparency or data access rights