Privacy Notice

The Learning Foundry is one of the North West’s most successful training providers. Now part of The Regenda Group, we offer a wide range of training and apprenticeship qualifications.

This privacy notice tells you what to expect when The Learning Foundry collects personal information. It applies to information we collect about:

  • Individuals and employers who use and/or enquire about our services
  • Visitors to our website
  • Job applicants

1. What is data protection?

The General Data Protection Regulation and Data Protection Act (2018) sets out rules for processing personal information we hold about you. This states that those who record and use personal information must ensure that it is handled properly. We are required to ensure that personal information is:

  • Processed in a lawful, fair and transparent way
  • Held only for the purposes we collected it for
  • Adequate, relevant and limited to what is necessary
  • Accurate
  • Held only for as long as we need it
  • Kept secure

The regulation also allows you to find out what personal information is held about you. The Information Commissioner’s Office (ICO) is responsible for regulating, enforcing and promoting good practice and transparency in the access and use of personal information.

Organisations must notify the ICO of all the purposes for which they will be processing information. We are happy to supply you with a copy of the notification upon request or you can contact the ICO by calling 0303 1231113, or writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

You can find more information online at

2. What personal information does The Learning Foundry collect?

We begin the process of collecting information about you when you or your employer enquire about training and apprenticeship opportunities.  Although the information we collect may vary, typically it may include:

  • Name and address
  • Contact details and contact preferences
  • Income details for you and others who live in your household
  • Eligibility for training and residency status
  • Educational information, including qualifications and support needs
  • Employment details and work experience
  • Next of kin details
  • DBS (Disclosure Barring Service) information, which may include details of criminal convictions
  • Bank account details (for bursary purposes)
  • Change of name documentation, i.e. marriage certificates
  • Performance on programme of study, individual achievements, attendance and results.

The Learning Foundry also collects diversity data, including:

  • Age
  • Gender
  • Race or ethnic origin
  • Health, disability and medical conditions
  • Religion
  • Sexual orientation.


3. How we collect information about you

We collect information in a variety of ways, including:

  • When learners contact us directly
  • When employers contact us on behalf of learners
  • At marketing and information events, i.e. school events and open days
  • When learners sign up for a training course or apprenticeship
  • Through ongoing contact with learners and employers
  • Post completion of qualifications.  


4. Why does The Learning Foundry collect this information?

The Learning Foundry needs to processes your personal data in order to manage your training or apprenticeship.

The Learning Foundry has signed learner agreements in place with all of its learners and employers and by signing the learner agreement, you give us permission to process your data.

The Learning Foundry collects this information for a number of reasons, including:

  • To manage the delivery of training and apprenticeship programmes
  • To support you in your learner journey and identify further learning or employment opportunities
  • To engage with learners and employers to get feedback on our services
  • To monitor diversity and equality which helps us to tailor services accordingly
  • For regulatory and contractual purposes
  • For legal requirements
  • To make bursary payments
  • For marketing and research purposes (opt in). 


5. Sharing your information

We will not share your personal information without your consent unless allowed by law.  Examples of organisations we may share your information with, where appropriate, include:

  • Your employer
  • Your work placement provider or delivery partner
  • Ofsted
  • Funding body (Education and Skills Funding Agency - ESFA)*
  • Awarding bodies
  • Liverpool City Council
  • Apprenticeship Services (ACE)
  • Auditors
  • Health Service Providers, including The National Health Service (NHS)

*For further information on how the ESFA uses your personal information, please see a copy of their Privacy Notice at

The Learning Foundry will ensure that all learners receive a copy of the ESFA privacy notice as part of their enrolment process.


6. What is the legal basis for our use of your personal information?

The Learning Foundry needs to process your personal data in order to manage your training or apprenticeship.

This includes but is not limited to the following set out within the GDPR

  • Article 6.1(a) – the data subject has given consent
  • Article 6.1(b) – processing is necessary for the performance of a contract
  • Article 6.1(c) – processing is necessary for compliance with a legal obligation
  • Article 6.1(d) – processing is necessary to protect the vital interests of individuals
  • Article 6.1(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

For the processing of “special category data” such as someone’s physical and mental health:

Article 9.2(g) of the GDPR

Processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

The processing of special category under Article 9 also requires the following conditions for processing from the UK Data Protection Act 2018 to be met:

  • Schedule 1, Part 2 section 6(a), processing is met under the exercise of a function conferred on a person by an enactment
  • Schedule 1, Part 1 section 2(1), this condition is met if the processing is necessary for health and social care purposes

7. How long do we keep your personal information?

All of your information, correspondence and notes about your learning will be held in our secure systems, and some information might be kept within our secure email and IT systems. 

We keep your information for up to seven years following the end of your training or apprenticeship.

All personal data is securely destroyed when no longer required. Electronic files are deleted in such a way that they cannot be retrieved and all paper records are disposed of in confidential shredding bins.


8. How do we take care of your personal information?

Information is held either in a digital format or as hard copies under lock and key. Not all members of staff are able to access this information, only those who need to. We use the information to deliver a service to you. There may be occasions when we have to share information with others (detailed in section 5) to enable us to deliver our services and fulfil our legal and contractual obligations. If information is shared with other organisations, we will ensure Information Sharing Agreements are in place.

We are legally required to share information in the following circumstances:

  • Safeguarding
  • Prevention or detection of crime
  • Apprehension or prosecution of offenders
  • In connection with legal proceedings
  • To comply with the law.
  • Public Health 


9. Importance of accuracy

During the course of your training or apprenticeship, your needs may change, so we will update our information to make sure we can provide services that meet your needs.  

If any of the information we send is incorrect or inaccurate, please tell us so we can make the necessary changes. Any new information will be protected in the ways already outlined.


10. What if someone is acting on your behalf?

If you have asked someone to act on your behalf (such as a careers advisor or a relative), you will be asked to supply or complete an authorisation form, which you can get from the agency acting on your behalf or from The Learning Foundry.


11. Marketing and Communication

11.1 The Marketing and Communication Team may collect the following types of personal data:

  •  Images
  •  Video footage including interviews

We may also collect:

  •  Your name, age, address and contact details (email, telephone number and/or postal address).
  •  Name of group/organisation or event.
  •  If it is for consent for a child aged 13 or under, or a vulnerable adult - the name of the consenter and their relationship to you.


11.2 We may collect your personal data in a number of ways:

  • Through a consent form
  • By an authorised representative e.g. employed photographer at organised events


11.3 What is our lawful basis to obtain and use this personal data?

When we collect and use your personal information we rely on the following lawful basis:

  •  Consent: You or a representative have given consent.
  •  Legitimate interest – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party


11.4 What does the communications and marketing team use your information for?

We use images to promote services across the Regenda Group.

Images and footage may be published on any of the following channels:

  • Press and media (including newspapers, magazines, websites)
  • On our websites (including Petrus and Regenda)
  • On our social media feeds including LinkedIn, Twitter, Facebook and other corporate social media accounts in the future
  • In our printed publications such as newsletters, brochures, flyers and display materials
  • In our electronic newsletters
  • Media releases

The images/footage will often be accompanied by the details of your story, however, we will not use personal details or full name of any individual in an article.

If you no longer wish for your image or personal information to be used, please contact us and ask us to remove them from the archive. Please note that we will be unable to remove any images or content in printed materials or video footage if it has already been produced or remove images and quotes that have already been published by the media.


12. CCTV

12.1 What information do we hold?

If you are in the field of vision of any of our CCTV systems, we may collect from you video recordings and still pictures.  This personal information may include your activities, your face, car registration details and other visual information about you which is recorded on our CCTV system.


12.2 What do we do with your personal information?

We collect this information for the following purposes:

  • For the prevention and detection of crime
  • For evidence in any civil or criminal legal proceedings
  • To assist in investigations
  • For safety and security
  • Dealing with any queries, complaints, or enquiries
  • Retaining records

As well as being the purposes for which we use your personal information, all of the above are also legitimate reasons for us to use and store personal information relating to you which is captured on our CCTV system and legitimate interests is our legal basis for processing your personal information.


12.3 Who we share your personal information with

We share your personal information with the following parties:

  • Suppliers and service providers: to manage and operate the CCTV system.
  • The police and other law enforcement agencies: to carry out policing, assist investigations, trace missing people, and investigate alleged criminal activities.
  • The security services: where relevant for matters of national security.
  • People who have been injured, attacked, or had property damaged or stolen and their insurance providers: to assist them with any criminal or civil investigations or legal proceedings.
  • People who have been involved in road traffic accidents and their insurance providers: to assist with insurance claims, legal claims, and investigations.
  • Any relevant regulators: where we are required to do so by law or to assist with their investigations or initiatives and this includes but is not limited to the Information Commissioner’s Office.

We do not disclose personal information to anyone else except as set out above unless we have your consent, or we are legally obliged to do so.  We do not sell your data.


12.4 How long do we keep your information for?

We will keep your personal information for up to approximately one month after the recording was made. After this time, the recording stored on the hard drive of our CCTV system will usually be overwritten. However, if we receive an enquiry about a particular recording on our CCTV, we will generally then retain that part of the recording until it is no longer required. This period can vary as it will depend upon the circumstances of the particular case. As soon as it is no longer required, we will then delete the personal information.


13. Visitors to our websites

When someone visits, we use third-party services, Google Analytics and Hotjar, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

You may prevent your data from being analysed by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Service, available at, and the Google Privacy Policy, available at To learn more about how Google collects and processes data in connection with Google Analytics, visit

You can opt-out of tracking by Hotjar here: and can learn about Hotjar’s ability to use and share information through the Hotjar Terms & Conditions of Use, available at, and the Hotjar Privacy Policy, available at

When you use our website, no user-specific data is collected by either The Learning Foundry or any third party. We use Google Analytics for trend reporting and visitor behaviour to help us improve our website and search functionality.


13.1 Security and performance of The Learning Foundry website

The Learning Foundry uses a third-party service to help maintain the security and performance of The Learning Foundry website. To deliver this service, it processes the IP addresses of visitors to The Learning Foundry website. This information is not used for identifying purposes, except for investigation if an intrusion occurs.


13.2 Use of cookies by The Learning Foundry

The Learning Foundry site uses cookies. Cookies are small text files placed on your computer by the websites you visit. They are used to help make websites work efficiently. You can control cookies through the settings of your web browser. To find out more, visit or

These are the cookies we use: 

  • Google Analytics - to monitor website use and the type of browser that is accessing the website
  • Hotjar – to monitor website and page usage.

14. People who contact us via social media

We use a third-party provider, Hootsuite, to manage our social media interactions.

If you send us a private or direct message via social media, the message will not be shared with any other organisations.

Social media messages are retained for three months. 


15. People who email us

The Learning Foundry email is encrypted at rest and in transit, using several strong encryption protocols and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES). If your email service does not support the same encryption, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.

The Learning Foundry uses web beacons on our websites and in our emails. When we send emails, we may track behavior, such as who opened the emails and who clicked the links. This allows us to measure the performance of our email campaigns and to improve our features for specific customers. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details.

Emails are retained for fifteen months. 


16. What are your rights

16.1 Right of access to your data

If we hold personal information about you, you have the right to ask us:

  • What we use the information for
  • To provide you with a copy of the information you are entitled to
  • To supply you with details of the purposes for which we use the information and who it is shared with
  • For incorrect information to be corrected.

This can be requested verbally. A third party (example relative, friends or solicitor) may make a request on your behalf, however, we require written authority from yourself stating that you give the third-party permission to make this request on your behalf. 

We have one month from the date we receive your request to provide you with the information.   


16.2 Right to rectification

If you think that The Learning Foundry is holding incorrect personal information about you, you have the right to have this personal information amended.

Once you have advised The Learning Foundry of the details of the incorrect data and the required amendments, your data will be updated within 30 days. If your personal data cannot be amended, The Learning Foundry will advise you in writing why this is the case. 


16.3 Right to be forgotten

You have the right to have your personal information erased if it is no longer required to manage your training, apprenticeship or your enquiry. 

16.4 Right to restriction of processing

You have the right to restrict the processing of your personal data if it is no longer required to manage your training, apprenticeship or to handle your enquiry. This means that The Learning Foundry cannot further process your data, for example, we cannot share your data with a third party.

16.5 Right to data portability

You have the right to have your personal data transferred to another data controller. For example, if you move employer and continue with your training, The Learning Foundry will transfer your data to your new employer.


16.6 Right to object

You have the right to object to the processing of your personal information if the data is not required to manage your training, apprenticeship or enquiry, or you have not given The Learning Foundry permission to process your data, for example, for direct marketing.


17. Job applicants

Regenda Homes is the data controller for the information you provide during the employment recruitment process. If you have any queries about the process or how we handle your information please contact us.


The following explains how Regenda uses the information you provide in your application, along with your rights, reasons for requesting it and who will have access to it.


17.1 What information does Regenda collect?

Regenda collects information the following information as part of the application process:

  • Name, address, email, telephone number
  • CV (if applicable)
  • Equal opportunities monitoring information (defined as special categories data) - this information is purely for statistical analysis and monitoring purposes
  • Answers to application questions
  • Any other information you wish to provide in support of your application.


17.2 Why do they collect this information and who do they share it with?

Regenda uses your details and information so that they can assess your suitability for employment with us and carry out statistical analysis. Information you provide as part of your job application will be:

  • Held on Regenda's computer systems and may be downloaded by us
  • Used to deal with your application
  • Made available to Regenda and their processors
  • Used for communication with you regarding the vacancy
  • Used to satisfy legal requirements
  • Used for statistical analysis
  • Held and may be used to contact you about other vacancies.

If you are successfully recruited, Regenda will upload your details to the HR system, Cascade.


17.3 How can you access the information we hold about you?

If you choose to register on our recruitment website, hosted by Networx recruitment, you may access your profile, correct and update your details, or withdraw your details at any time. To do this, you can access your personal profile by using the secure login.

You have the following rights in relation to the way in which we deal with your personal data:

  • The right of erasure or to be forgotten
  • The right to rectification if information is inaccurate or out of date
  • The right of data portability (to obtain and reuse your personal data)
  • The right to object to Regenda Homes processing your personal data
  • The right to withdraw your consent with regards to the handling of your personal data
  • You have the right to ask for a copy of the information we hold about you (Subject Access Request)
  • You have the right to lodge a complaint with a supervisory authority - the ICO

Where you exercise your right to object or withdraw your consent we may process your personal data without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so. In such a case, we will not process more personal data than is required under the circumstances.


17.4 Conditional offer

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

You will therefore be required to provide: 

  • Proof of your eligibility to work in the UK – you will be asked to attend our office with original documents, and we will take copies.
  • Proof of your qualifications, if required.
  • You may be asked to complete a DBS application to declare any unspent convictions, depending on the nature of the role you apply for.
  • We will contact your referees, using the details you provide in your application, directly to obtain references.
  • We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work and any adjustments we need to consider before you start. This is done through our current occupational health provider.
  • Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest. If you complete a declaration, the information will be held by our Business Assurance Team.

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments.
  • Emergency contact details – so we know who to contact in case you have an emergency at work.


17.5 Health management

Corazon provides our Occupational Health service. If we make you a conditional offer, we will ask that you complete a questionnaire which will help to determine if you are fit to undertake the work that you have been offered, or advise us if any adjustments are needed to the work environment or systems so that you may work effectively.

We will send you a form to complete and return directly to Corazon. The information you provide will be held by Corazon who will provide us with a fit to work certificate or a report with recommendations. You are able to request to see the report before it is sent to us. If you decline for us to see it, then this could affect your job offer. If an occupational health assessment is required, this is likely to be carried out by Corazon.


17.6 Fleet and mileage claims 

The organisation is required to undertake statutory checks to ensure vehicles that our staff drive on behalf of the company are road worthy.  To achieve this, we require staff to provide the following documents:

  •  Driving license details
  •  MOT (if applicable)
  •  V5 registration document (if applicable)
  •  Insurance details

This information is collected to ensure that any mileage payments paid to employees are done so in accordance with health and safety legislation, which requires us to ensure all travel undertaken for the business is compliant.

In addition, we carry out checks on all staff’s licenses through the DVLA to ensure they are legally able to drive both their own and company vehicles.  This information includes:

  •  Driving convictions i.e. drink driving, speeding etc.
  •  Number of penalty points

This information is used to ensure all drivers are legally entitled to drive.  In addition, we use this data to monitor staff who have a more than 6 penalty points on their driving license.


17.7 How long is the information retained for?

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for six months from the closure of the campaign.

Equal opportunities information is retained for six months following the closure of the campaign for unsuccessful candidates. Successful candidates’ data will be stored via the Cascade system.


18. Complaints or queries

Regenda tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Regenda’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you want to make a complaint about the way we have processed your personal information, you can contact us at


19. Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 16th February 2021. 


20. How to contact us

If you want to request information about our privacy policy, you can email us or write to:

Data Protection

Regenda Homes

The Foundry

42 Henry Street

L1 5AY

Telephone: 0151 703 3000