GDPR Privacy Policy

Implementation Date 30/04/18

We value your privacy and want to be clear about the data we collect, how we use it and your rights to control that information, this is the reason we have made some changes to our Privacy Policy.

We have made these updates to reflect the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union and we believe all of our customers, suppliers and employees have the right to these standards of protection. We respect your data and have never or will ever sell this data to any third parties.

For more information about the Ashtree Privacy (GDPR) Policy please contact or visit our website at

Who we are:

We are Ashtree Management Services Ltd, registered in England & Wales No 3785886, Vat No 741022874 with our registered office at 13 Ruskin Close, Stowmarket, Suffolk. IP14 1TY.

Our nominated Data Controller is Jane Peel, Director.

You have the right to make a complaint about how we handle your data at any time to the Information Commissioner’s Office (ICO) but we would prefer you contact us first.

How we collect your data:

You may give us data by filling in forms, talking to us over the telephone, sending us information by post / email or by our social media pages, for example:

  • When you fill out our course registers, our Awarding Organisations (AO) registers and funding registers.
  • When contacting us via our online forms requesting course information.
  • When contacting us directly via email.
  • When calling us making a telephone enquiry.
  • When given to us from an Employer
  • If you are a prospective new Trainer, we may ask you to provide training evidence, CV, copy of certification and references.
  • Employees will provide personal data for payment, tax, NI, pension details.
  • We may receive data if you make an online payment to us.

You may be a person representing a customer, you may be a person representing a supplier, you may be a delegate on one of our training courses.

How we use your data:

We will only use your personal data when the law allows us to, and only where we believe we have a legitimate interest or legal obligation to do so, which includes:

  • If you are a person representing a new or existing customer of Ashtree Management Services Ltd.
  • If you are a person representing a new or existing supplier of Ashtree Management Services Ltd.
  • If you are a delegate on one of our training courses / learning programmes.
  • If you are an employee of Ashtree Management Services Ltd
  • If you are a trainer used by Ashtree on a sub contract basis to deliver our training courses.

If you are a Learner on our training courses we have Legitimate interests for you to provide personal data such as your name and the name of the company you work for, if at any time you need a replacement certificate we will also need your address.

If you are a Learner on our accredited courses then we will ask you to fill out our Awarding Organisations (AO) registration form, this form may require further detailed information from you to conform with the AO’s legal obligation. The information you provide is then scanned into our system and copied to the AO for them to process and then to award certificates.

If you are a Trainer / IQA used by Ashtree to deliver or audit our training courses we will have legitimate interests to ensure you are the right person to fulfil our requirement, we may then ask you for personal data such as name, address, telephone details, email address, copies of certificates, insurance details, training experience, sector references.

If you are a customer / supplier to Ashtree Management Services Ltd and / or a user of our services, we have a legitimate interest in storing your provided data, and also providing you with relevant information and marketing information on our products and services.

We, of course, respect your right to privacy and you can opt out at any time as detailed further in this policy.

Why and how we plan to use your personal data.

Why and how we plan to use your personal data.
Purpose / ActivityLawful basis for processing data
To register you with our businessPerformance of a contract with you
To perform any contract with you including:
a) Managing payments
b) Confirming training dates, times, venue addresses, contacts, costs.
c) Registering you with an AO
d) Addressing any breach
a) Performance of a contract with you
b) Necessary for our legitimate interests
c) Necessary to comply with a legal obligation
To manage our relationship with you which will include:
a) Notifying you about any changes to our terms or privacy policy
b) Notifying you about changes to our business which are relevant to you
a) Performance of a contract with you
b) Necessary to comply with a legal obligation
c) Necessary for our legitimate interests (to keep our records updated & to study how people use our business)
To administer & protect our business & our website including: troubleshooting, data analysis, testing, maintenance, support and reporting.a) Necessary for our legitimate interests (for running our business, provision of administration & IT services, network security, to prevent fraud).
b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing and relationships.a) Necessary for our legitimate interests to keep our website/social media up to date, to develop our business & to update our marketing strategy

Promotional Offers from us.

We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. We may then use your personal data to send you marketing communications from us if you have requested information from us or purchased services from us, in each case, you have not opted out of receiving that marketing.

Opting out.

You can ask us to stop sending you marketing messages at any time by contacting our Data Controller


Our website uses cookies to distinguish you from other users on our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve the site. By continuing to use our website, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or hard drive of your computer if you agree.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or use a shopping cart.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

 Change of purpose.

Please note that we may process your personal data without your knowledge or consent where this is required and permitted by law. However, if we need to use your personal data for a new purpose and the law allows us to do so, we will notify you and explain the legal basis for our actions.

Visitors to our website.

When someone visits our website we may use a third party service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things like the number of visitors to the various parts of the site. This information is processed in such a way which cannot identify anyone as an individual ie no names, addresses, email or telephone numbers are recorded.

Third – Party Links.

Our website may include links to third party websites, plug-ins and applications. Clicking on these links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

If you fail to provide Personal Data.

If for whatever reason you choose not to provide Personal Data to us this would prevent us from performing the contract we have or are trying to enter into with you, or place us in breach of the law, then we may have to cancel our contract. If this is the case then we will notify of the situation.

Disclosures of your Personal Data.

Disclosures of your Personal Data.
NameLawful basis for processing including basis of legitimate interest
Awarding Organisations (AO)Performance of a contract with you, in order to undertake training with us we need the basic contact details from you.

Necessary for our legitimate interests in order to provide accredited certification, our AO requires us to provide basic delegate information from you.

Professional Advisers including lawyers, accountants, bankers, auditors & insurers.
Necessary for our legitimate interests (complying with our legal obligations).
HM Revenue & Customs and other authorities.Necessary for our legitimate interests (complying with our legal obligations).
Website providers, IT maintenance providers and analytics
Necessary for our legitimate interests (gathering data to improve our services, the use of cookies).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers.

We do not operate anywhere outside of the United Kingdom. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data we cannot guarantee the security of your data transmitted to us electronically, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to try to prevent unauthorised access.

Data Security.

We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Telephone Calls.

Please note that when you make a telephone enquiry to Ashtree we may ask you details such as your name, which service / training course we may provide to you, the region where you need the training to be located, the approx. date for the training and contact details such as your company name, your name telephone number and/or email address. This information will be entered into our enquiries book and is secured within the office.


In some instances we make take group photographs of delegates attending our training sessions, these may be posted on our website and on social media. By signing our attendance register at the beginning of the training session you are acknowledging that a group or activity photo may be taken but you will always be asked if you wish to participate.