Privacy Policy

Privacy Policy

This policy applies to any use of this website:

Optimal Risk Training Limited, are committed to respecting the rights of the public and operating in absolute compliance with data protection laws.  We are registered as a personal data processor with the ICO under registration number ZA478839.

Data Controller

Optimal Risk Training Limited are the controller for any information provided via our contact us facilities, or otherwise obtained and processed by us for a purpose that we determine. The initial legal basis for this processing are:

    • our legitimate interest (Article 6 (1) (f) of the UK GPDR), specifically to understand and respond to queries or improve the performance of our website.

    • to enter into a contract (Article 6 (1) (b) of the UK GPDR), specifically to assist in taking steps to enter into a contract with you.

Should you go on to attend a course with us, we will require further information, which may include special category information such a medical conditions or allergies so that we may provide reasonable adjustments to assist you.

Data Processor 

Optimal Risk Training Limited also process personal information as a data processor acting on the written instructions of other data controllers.   In each case, there is a contract in place with each Controller that governs what we may or may not do on their behalf.

How do we obtain ‘Personal Data’?

    • We collect information from you directly if you contact us.

What we do with personal data (purpose of the processing)?

Our Legitimate Interests

    • We may use the information you provide to contact you about other products and services that may be of interest you.  We will always ask you permission before we do so and will cease doing so if you ask us to stop.

Taking steps to enter into a contract with you

    • We use the information you provide to respond to your contact us query.

    • If you register interest for one of our courses, we will use the information you provide to assist in the preparation of or performance of a contract with you.

Having entered into a contract with you

    • If you attend one of our courses, we will use the information you provide to administer your progress through that training course and any subsequent certifications.


Our premises are protected by CCTV for security reasons, specifically to deter, delay, prevent or detect crime. If you attend our premises, you will be recorded.  Rest assured the recordings are protected from unauthorised access and are only reviewed if a security incident has occurred.  The footage will otherwise we deleted without ever being viewed by a human within 35 days.

Do we share this personal data?

Not routinely.

There may be instances where we must share information we process with our insurers, law enforcement, HMRC and other governmental organisations, but we will only do so if we are legally required to do so.

Do we use data processors?

Yes, we use data processors who are third parties who provide administrative services to us.   We have contracts in place with each of our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Do we set cookies on user devices?

We use only necessary cookies to make our site work.  Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

We’d like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how visitors interact with the website. Google Analytics collect information in a way that does not directly identify anyone. For more information on how these cookies work and a comprehensive list of them, please see our ‘Cookies page’.

How long do we retain personal data?

We aim to retain information obtained via this website for no more than 7 years.  After which, any information is automatically deleted.

Your rights as a data subject

    • Right of access – you have the right to request a copy of the information that we hold about you.

    • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

    • Right to be forgotten – you can ask for the data we hold about you to be erased from our records.

    • Right to restriction of processing – you can ask that we restrict the processing.

    • Right of portability – you can ask us to transfer your information to another organisation.

    • Right to object – you can inform us that you object to the processing.

How you can exercise these rights

The easiest way for you to exercise these rights is to write to us or email us at:

Fountain House, Queens Walk
Reading, Berkshire
RG1 7QF        


Your right to complain

If you are concerned or dissatisfied with how we process your personal data, and you have not had a response from us within 1 month, you can complain to the UK Data Protection Regulator at:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire

Telephone 0303 123 1113

Or visit website

Changes to our policy

We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on our website.