Privacy Policy

Introduction

BrightPeak ("BrightPeak", "we", "our", "us") is committed to protecting the privacy and security of personal data. This privacy policy explains how we collect, use, store, and share personal information in line with UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

BrightPeak is the trading name of Coniston Peak (WP) Limited.

This policy applies to all individuals whose data we process, including:

• Learners (government-funded and commercial)
• Employers and clients
• Staff and contractors
• Website users and visitors

Types of Personal Data We Collect

We may collect and process the following categories of personal data:

• Personal identification details (name, address, date of birth, contact details)
• Employment and education history
• Qualification and assessment records
• Funding and eligibility information (e.g. residency, prior attainment)
• Safeguarding and support needs (where applicable)
• Attendance, progress, and achievement data
• Financial information (for commercial learners or employers)
• Technical data (e.g. IP address, website usage)

Where necessary, we may also process special category data (e.g. health information or ethnicity) in accordance with legal requirements.

How We Collect Your Data

We collect personal data through:

• Enrolment forms and applications
• Direct interactions (meetings, emails, phone calls)
• Employer or referral organisations
• Awarding organisations
• Government bodies and funding agencies
• Our website and digital platforms

Purposes of Processing

We process personal data to:

• Deliver training, assessment, and support services
• Manage learner progress, achievement, and certification
• Confirm eligibility for government-funded programmes
• Meet contractual obligations with employers and learners
• Process payments and manage commercial services
• Safeguard learners and staff
• Monitor quality and improve services
• Comply with legal and regulatory requirements

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contract — to deliver training and related services
• Legal obligation — to meet requirements set by government and regulators
• Legitimate interests — to manage and improve our services
• Consent — where required, particularly for marketing or certain special category data

Sharing Your Information

We may share personal data with trusted third parties where necessary, including:

• Education and Skills Funding Agency (ESFA) for government-funded learners
• Awarding organisations (e.g. City & Guilds, NCFE) for certification
• Ofsted and other regulatory bodies
• Employers (where training is employer-linked)
• Subcontractors and delivery partners
• IT service providers and data processors

All data sharing is carried out securely and in accordance with data protection law. We do not sell personal data to third parties.

International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations
• Standard contractual clauses

Data Retention

We retain personal data only for as long as necessary. This includes:

• Government-funded learner data — typically retained for up to 6 years in line with funding rules
• Commercial learner data — retained in line with contractual and legal requirements
• Financial records — retained in accordance with HMRC requirements

Data is securely deleted or anonymised when no longer required.

Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data (where applicable)
• Restrict or object to processing
• Request transfer of your data (data portability)
• Withdraw consent (where applicable)

To exercise your rights, please contact us using the details below.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure IT systems and encryption
• Access controls and staff training
• Policies and procedures to prevent unauthorised access or data breaches

Cookies and Website Data

Our website uses cookies to:

• Improve user experience
• Analyse website performance
• Support essential functionality

You can manage cookie preferences through your browser settings.

CCTV

CCTV may be in operation at our premises for:

• Safety and security
• Crime prevention and detection

Clear signage is displayed. Footage is retained only as long as necessary and accessed only by authorised personnel.

Complaints

If you have concerns about how your data is handled, please contact us first.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Contact

For all data protection queries, please contact:

Policy Review

This policy is reviewed annually and updated in line with legal, regulatory, and operational changes.

Last reviewed: April 2026
Next review: March 2027