Privacy Policy – Circl Learning Limited

Last Updated: March 2025
Effective From: February 2021

Who we are

Circl Learning Limited ("Circl", "we", "us", or "our") is the data controller and is responsible for your personal data. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, how we use it, and your rights in relation to it.

When this policy applies

This policy applies whenever we collect or process personal data about:

  • Potential Clients

  • Clients

  • Course Participants

Please read this notice together with any additional privacy notices we may provide for specific circumstances.

How we collect personal data

We collect data in the following ways:

a. Direct interactions

You may provide data by:

  • Enquiring about or using our services

  • Creating an account on our website

  • Subscribing to newsletters or marketing

  • Filling in forms or surveys

  • Contacting us by phone, email, or in person

b. Automated technologies

When you visit our website, we may collect:

  • Technical Data (e.g. IP address, browser type)

  • Usage Data (pages visited, time on site)

This data is collected using cookies and similar technologies. See our Cookie Policy for more information.

c. Third parties or public sources

We may also receive data from:

  • Analytics and advertising providers

  • Payment and delivery service providers

  • Data aggregators or brokers

  • Public sources like Companies House or the Electoral Register

Types of data we collect

We may collect, use, store, and transfer the following personal data:

  • Identity Data: Name, title, date of birth, gender

  • Contact Data: Email, telephone number, postal address

  • Financial Data: Bank details, payment information

  • Transaction Data: Details of purchases or services used

  • Technical Data: IP address, device information, browser data

  • Profile Data: Usernames, preferences, survey responses

  • Usage Data: Website behaviour, navigation patterns

  • Marketing Data: Communication and marketing preferences

We may also collect aggregated data for statistical purposes. If this data can identify you, we will treat it as personal data.

How We Use Your Data

We only use your data when permitted by law. Typically, we use your personal data in the following circumstances:

  • To fulfil a contract with you

  • Where it is in our legitimate interests

  • To comply with legal or regulatory obligations

  • Where you have given us explicit consent (e.g. marketing emails)

We do not rely on consent as the sole lawful basis for processing your data except where legally required.

Specific data use by audience

a. Potential clients

We collect and store your contact details and communication history to follow up on your enquiry and send relevant information, including occasional newsletters. You can opt out at any time.

b. Clients

We use your personal data to manage our relationship and keep you informed about services. Communications are logged for service quality.

c. Course participants

We collect participant data (name, business contact details, etc.) to administer bookings and deliver training. Feedback may be shared with participants and/or clients as agreed.

Your data may be accessed by authorised contractors who assist in delivering our services under strict confidentiality agreements.

Marketing communications

We may send you marketing communications if:

  • You have requested information from us

  • You are an existing or past client

  • You have opted in via our website

You may opt out at any time by contacting us at hello@circl.org or using the unsubscribe link in our emails.

Data retention

We will only retain your personal data for as long as necessary, including:

  • Legal or tax obligations

  • Service-related requirements

  • Record-keeping and audit purposes

In some instances, we may anonymise your data for research or statistical analysis, in which case we may use it indefinitely.

Data security

We have implemented security measures to protect your personal data from loss, misuse, or unauthorised access. Only staff or partners with a business need can access your data, and they are bound by confidentiality agreements.

We also have procedures in place to deal with any data breach and will notify you where legally required.

International transfers

Some of our service providers may be located outside the UK or European Economic Area (EEA). Where your data is transferred internationally, we ensure adequate safeguards are in place, such as:

  • Transfers to countries with UK adequacy regulations

  • International Data Transfer Agreements (IDTAs)

  • Standard contractual clauses approved by the UK Government

Contact us if you would like further information on how your data is protected internationally.

Sharing your data

We may share your personal data with trusted third-party providers who help us deliver our services. These include IT support, payment processors, and training partners.

These providers:

  • Are only given access to necessary data

  • Must follow our instructions

  • Are not permitted to use your data for their own purposes

We never sell or lease your data to third parties.

Your legal rights

You have rights under the UK GDPR, including to:

  • Access your data

  • Correct inaccurate or incomplete data

  • Request erasure of your data

  • Object to or restrict processing

  • Request data portability

  • Withdraw consent where previously given

To exercise your rights, contact us at hello@circl.org. We may request ID to verify your identity.

Requests & Identity verification

If you request access to your data, we may ask for two forms of ID such as:

  • Passport or driving licence

  • Utility bill or bank statement (dated within 3 months)

We aim to respond within one month but will inform you if more time is needed.

14. Website analytics

We use Google Analytics to understand how visitors interact with our website. The data is anonymised and used solely to improve website performance. No identifiable personal data is collected via analytics unless explicitly provided by you.

15. Third-party links

Our website may contain links to third-party websites. We are not responsible for their privacy policies. We recommend reviewing each site’s privacy notice before providing personal information.

Changes to this policy

We may update this policy from time to time. The latest version will always be available on our website. Please let us know if your personal data changes during your relationship with us.

Contacting Us

Data Protection Contact
Name: Charlie Stainforth
Address: 321 Market Place, Cirencester, GL7 2NX
Email: hello@circl.org

You have the right to make a complaint to the Information Commissioner’s Office (ICO) at www.ico.org.uk. However, we’d appreciate the opportunity to resolve your concerns first — please contact us directly.

No Fee Required

You will not be charged to access your personal data. However, we may charge a reasonable fee if your request is excessive or repetitive.