Privacy Policy

TrainMeUK Ltd ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated compliance training platform and related services.

This policy applies to information we collect when you use our website, mobile applications, or services, or otherwise interact with us.

Personal Information

We may collect personal information that you provide directly to us, such as:

• Name and contact information (email address, phone number)
• Company information and job title
• Azure AD integration data
• Training completion records
• External certification records, including provider, issue and expiry dates, and uploaded supporting evidence
• Certification identifiers where required (for example CSCS card details, driving licence categories, and related evidence)
• Communication preferences

Learner Verify Data (When Enabled by Your Organisation)

For courses where your organisation enables Learner Verify, we collect additional verification data to confirm the assigned learner is completing the training:

• Camera-captured verification photos (baseline and checkpoints)
• Verification outcome data (for example confidence score, verification status, and review outcomes)
• Verification metadata (for example capture timestamps and technical file details)
• Reviewer decisions and decision reasons where manual review is required

Automatically Collected Information

When you use our services, we automatically collect certain information, including:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Log data (access times, error logs)
• Cookies and similar technologies

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments and questions
• Monitor and analyze trends, usage, and activities
• Verify learner identity for courses where Learner Verify is enabled by the customer organisation
• Support compliance evidence and audit readiness workflows
• Route uncertain AI verification outcomes to authorized reviewers within your organisation (for example, your managers or tenant admins), not third-party reviewers or TrainMeUK staff
• Detect, investigate, and prevent fraudulent or proxy course completion activity
• Comply with legal obligations

Legal Basis for Processing

We process personal data under one or more lawful bases, including:

• Contract Performance: Delivering training services and related compliance workflows requested by customer organisations
• Legitimate Interests: Protecting the integrity of training completion records, preventing misuse, and maintaining platform security
• Legal Obligations: Meeting applicable legal and regulatory requirements

Where Learner Verify applies, users are shown an explicit in-product notice before camera capture starts.

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• Service Providers: We may share information with trusted third-party service providers who assist us in operating our platform, such as cloud hosting/storage providers, AI verification services, and email delivery providers
• Within Your Organisation: Verification and certificate evidence may be visible to authorized managers/reviewers and tenant administrators based on role permissions
• Legal Requirements: We may disclose information if required by law or in response to valid legal process
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
• Consent: We may share information with your explicit consent

We do not sell personal data and we do not use Learner Verify photos or certification evidence for unrelated marketing purposes.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

Under the UK GDPR, you have the following rights regarding your personal information:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing of your data
• Rights in Relation to Automated Decision Making: Request human review of automated decisions

To exercise these rights, please contact us at privacy@trainmeuk.co.uk

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. The retention period depends on the type of data and the purpose for which it was collected:

• Account information: Retained while your account is active and for 7 years after deactivation
• Training records: Retained for 7 years for compliance purposes
• Learner Verify: We may retain one verification image for audit purposes until the related course validity ends or until the employee is deactivated, whichever occurs first
• External certificate evidence and metadata: Retained while required for active compliance tracking and deleted when no longer required under customer policy, legal obligations, or valid erasure requests
• Communication data: Retained for 3 years
• Log data: Retained for 12 months

Learner Verify may use AI-assisted facial comparison to help determine whether the same person is completing a course. This processing is used solely for training identity assurance and compliance evidence.

• If AI confidence is sufficiently high, the attempt may be auto-verified
• If AI confidence is low or AI is unavailable, the case is routed to authorized reviewers within your organisation (for example, your managers or tenant admins)
• Denial decisions are made by authorized reviewers within your organisation, not by AI alone, third-party reviewers, or TrainMeUK staff

We use cookies and similar technologies to enhance your experience on our website. These technologies help us:

• Remember your preferences and settings
• Analyze website usage and performance
• Provide personalized content
• Improve our services

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of our website.

Your personal information is primarily processed in the United Kingdom. However, some of our service providers (for example cloud, AI, and email infrastructure providers) may process data outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses
• Other appropriate safeguards as required by law

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a prominent notice on our platform

Your continued use of our services after any changes indicates your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal information appropriately.