Privacy Policy

Last updated February 2026

Staff Only Group

1. Purpose of this Privacy Policy

Staff Only Group (“we”, “us”, “our”) is committed to protecting the privacy and personal data of individuals who interact with our organisation, including website visitors, clients, participants, apprentices, and staff.

This Privacy Policy explains:

  • What personal data we collect
  • How and why we process it
  • Our lawful basis for processing
  • How we safeguard personal data
  • Your rights under UK data protection law

This policy should be read alongside our Cookie Policy, which explains how cookies and tracking technologies are used on our website.

We comply with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)

2. Data Controller

Staff Only Group is the Data Controller responsible for determining how personal data is processed.

Contact:
Staff Only Group
Email: [Insert email]
Address: [Insert address]

3. Categories of Personal Data We Collect

3.1 Information You Provide

  • Name and contact details
  • Organisation/company information
  • Booking and participation details
  • Training records and attendance information
  • Communications and enquiries

3.2 Automatically Collected Data

When you use our website:

  • IP address
  • Device and browser information
  • Pages visited and interaction data
  • Technical diagnostic information

These may be collected through cookies as described in our Cookie Policy.

3.3 Safeguarding and DBS-Related Information

Where required for safeguarding or working within educational environments, we may process:

  • Disclosure and Barring Service (DBS) status information
  • Safeguarding compliance records
  • Role eligibility confirmations

We do not retain DBS certificate details beyond what is necessary and handle such information in accordance with DBS Code of Practice and safeguarding legislation.

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contractual Necessity

  • Delivering training or experiences
  • Managing bookings and participation

Legitimate Interests

  • Improving services and operational effectiveness
  • Ensuring safety and safeguarding compliance
  • Website performance and analytics

Consent

  • Marketing communications
  • Non-essential cookies

Legal Obligation

  • Regulatory compliance
  • Safeguarding and duty of care requirements

5. Special Category Data and Safeguarding

Where safeguarding responsibilities apply, additional safeguards are implemented.

DBS-related data:

  • Is accessed only by authorised personnel
  • Is processed solely for safeguarding and suitability assessment
  • Is stored securely and retained only as long as necessary
  • Is never shared beyond lawful or safeguarding requirements

6. How We Use Personal Data

We may process personal data to:

  • Deliver training and Infrastructure Engineering Team Building Days
  • Manage participation and customer relationships
  • Maintain safety and safeguarding standards
  • Respond to enquiries
  • Improve website functionality
  • Comply with legal obligations

7. Cookies and Website Tracking

Our website uses cookies to improve functionality and analyse usage.

Non-essential cookies are only deployed following user consent.

Please refer to our Cookie Policy for detailed information.

8. Data Sharing

We do not sell personal data.

We may share information with:

  • IT service providers
  • Training administration platforms
  • Professional advisers
  • Regulatory authorities where legally required

All third parties are required to implement appropriate data protection measures.

9. International Transfers

We do not normally transfer personal data outside the UK.
Where this becomes necessary, appropriate safeguards will be implemented.

10. Data Retention

Personal data is retained only for as long as necessary to:

  • Deliver services
  • Maintain required records
  • Meet safeguarding and legal obligations

Retention periods are regularly reviewed.

11. Data Security

We maintain appropriate technical and organisational security measures, including:

  • Access controls
  • Secure storage
  • Staff training on data protection
  • Regular review of safeguarding practices

12. Your Rights

Under UK GDPR, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request erasure (where applicable)
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO: https://www.ico.org.uk

13. Third-Party Websites

Our website may contain links to external sites. We are not responsible for their privacy practices.

14. Updates to This Policy

We may update this policy periodically. The latest version will always be available on our website.

15. Contact Us

For privacy enquiries:

Staff Only Group
Email: [email protected]
Address: Unit 10, Alvaston Business Park, Middlewich Road, Nantwich Cheshire. CW5 6PF