White Fire Technologies – Privacy Policy

 Rev Date: 16/10/2025
Registered Office: Courtyard Offices, Apsley House, Waterloo Lane, Chelmsford, CM1 1BD
Website: https://whitefiretechnologies.com

1. Introduction

White Fire Technologies (“Company”, “we”, “our”, “us”) is committed to protecting and respecting your privacy.

This Privacy Policy explains:

• What personal information we collect about you
  
  
• How and why we use your personal information
  
  
• How we keep your data safe and secure
  
  
• Your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
  
  
• How you can exercise those rights
  
  

By using our website or Services, you agree to the practices described in this Privacy Policy.

2. Legal Framework

This Policy is designed in compliance with:

• UK GDPR (as retained in UK law following Brexit)
  
  
• Data Protection Act 2018
  
  
• Privacy and Electronic Communications Regulations (PECR) 2003
  
  
• Guidance issued by the Information Commissioner’s Office (ICO)
  
  

White Fire Technologies acts as a Data Controller for the purposes of data protection law.

3. What Information We Collect

We may collect and process the following types of personal data:

3.1 Personal Identification Data

• Full name
  
  
• Date of birth (where legally required)
  
  
• Gender (optional, for diversity monitoring)
  
  

3.2 Contact Data

• Email address
  
  
• Phone number
  
  
• Postal address
  
  

3.3 Education & Career Data

• Academic background
  
  
• CVs, applications, or professional history submitted to us
  
  
• Career aspirations (for tailored learning)
  
  

3.4 Payment & Financial Data

• Card or bank details (processed securely via third-party gateways, never stored by us directly)
  
  
• Transaction history
  
  

3.5 Technical Data

• IP address
  
  
• Browser type and version
  
  
• Device identifiers
  
  
• Cookies and tracking data (see Section 11 on Cookies)
  
  

3.6 Usage Data

• Courses you have enrolled in
  
  
• Progress tracking (e.g., completed modules, assessment results)
  
  
• Engagement with digital content
  
  

3.7 Special Category Data (if required)

We do not routinely collect sensitive data (such as health or ethnicity). If collected (e.g., for accessibility or diversity monitoring), we will obtain explicit consent.

4. How We Collect Your Data

We collect personal data in the following ways:

• Directly from you: When you register, apply, pay, or contact us.
  
  
• Automatically: Through cookies, analytics, and system logs.
  
  
• From third parties: Such as payment providers, partner institutions, or reference providers (if applicable).
  
  

5. How We Use Your Data

We process your personal data under the lawful bases defined in Article 6 UK GDPR.

5.1 To Deliver Services (Contractual Necessity)

• Managing your course enrolment
  
  
• Providing learning materials
  
  
• Assessing progress and issuing certificates
  
  

5.2 To Communicate With You (Legitimate Interest / Consent)

• Sending updates, reminders, and notices
  
  
• Providing technical support
  
  
• Marketing communications (with your explicit consent)
  
  

5.3 To Process Payments (Contractual Necessity)

• Verifying transactions
  
  
• Preventing fraud
  
  

5.4 To Improve Services (Legitimate Interest)

• Analysing engagement statistics
  
  
• Personalising course recommendations
  
  

5.5 To Comply With Legal Obligations

• Maintaining financial records
  
  
• Responding to law enforcement or regulators
  
  

6. Lawful Basis for Processing

We rely on the following lawful bases:

• Consent: e.g., marketing communications
  
  
• Contract: e.g., delivering your purchased course
  
  
• Legal obligation: e.g., tax and regulatory requirements
  
  
• Legitimate interest: e.g., monitoring website performance
  
  

7. Data Sharing & Disclosure

We only share data with trusted third parties when necessary:

• Payment Processors (e.g., Stripe, PayPal)
  
  
• Learning Platforms/Hosting Providers (e.g., LMS systems, cloud storage)
  
  
• Partner Institutions (for joint programmes)
  
  
• Regulatory Authorities (if legally required)
  
  

We ensure all third parties are GDPR-compliant and provide contracts or Data Processing Agreements (DPAs).

8. International Transfers

Where data is transferred outside the UK/EEA, we ensure safeguards are in place:

• Adequacy Decisions recognised by the UK Government
  
  
• Standard Contractual Clauses (SCCs)
  
  
• Appropriate technical and organisational safeguards
  
  

9. Data Retention

We retain personal data only as long as necessary:

• Course records: 6 years after completion (for certification verification)
  
  
• Financial data: 7 years (for HMRC compliance)
  
  
• Marketing data: Until you withdraw consent
  
  
• General enquiries: 12 months
  
  

Data no longer required will be securely deleted or anonymised.

10. Security of Your Data

We use industry-standard safeguards, including:

• Encryption of personal data in transit and at rest
  
  
• Secure data centres within the UK/EU
  
  
• Role-based access control (only authorised staff access personal data)
  
  
• Regular security audits and staff training
  
  

11. Cookies & Tracking

Our website uses cookies for:

• Essential functionality (login, security, navigation)
  
  
• Performance monitoring (Google Analytics, engagement tracking)
  
  
• Marketing (only with your consent)
  
  

You can control cookies through your browser settings. See our Cookie Policy for full details.

12. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Right to Access – Obtain a copy of your personal data.
  
  
• Right to Rectification – Correct inaccurate or incomplete data.
  
  
• Right to Erasure (“Right to be Forgotten”) – Request deletion in certain circumstances.
  
  
• Right to Restrict Processing – Request limitation of processing.
  
  
• Right to Data Portability – Receive your data in a structured, machine-readable format.
  
  
• Right to Object – Object to processing, including marketing.
  
  
• Right to Withdraw Consent – Withdraw at any time, without affecting lawfulness of prior processing.
  
  

Requests can be made by contacting us at [Insert Contact Email]. We will respond within one month as required by law.

13. Data Breach Notification

In the event of a data breach:

• We will assess the risk and notify the Information Commissioner’s Office (ICO) within 72 hours, if required.
  
  
• Where there is a high risk to your rights and freedoms, we will notify you directly without undue delay.
  
  

14. Children’s Data

Our Services are aimed at individuals aged 16+.

For users under 18, we require parental consent. We do not knowingly collect data from children under 16.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website, with the “Last Updated” date clearly indicated.

16. Contact Information

For questions or to exercise your rights, please contact:

Data Protection Officer (DPO)
White Fire Technologies
Courtyard Offices, Apsley House, Waterloo Lane, Chelmsford, CM1 1BD
Email: [Insert Email]

If you are not satisfied, you have the right to lodge a complaint with the ICO (Information Commissioner’s Office) at https://ico.org.uk.