GOLDCREST HOPE LTD

Privacy Notice

How we collect, use and protect your personal data

Last Updated: May 2026

About this Privacy Notice Goldcrest Hope Ltd is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains who we are, what personal data we collect, why we collect it, how we use it, and what rights you have. This notice applies to clients, delegates, prospective clients, website visitors, and anyone else whose personal data we handle. Please read it carefully.

1. Who We Are (Data Controller)

Goldcrest Hope Ltd is the data controller responsible for your personal data.

Our DetailsCompany Name:  Goldcrest Hope LtdRegistered in:  England and WalesCompany Number: 16642962Email:  info@gh-ltd.co.ukTelephone:  01484 261293Website:  www.GoldcrestHope co.uk
 

We are registered with the Information Commissioner’s Office (ICO). Our ICO Registration Number is: 

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • Identity data: full name, job title, role.
  • Contact data: email address, telephone number, postal address.
  • Organisational data: employer or organisation name, department.
  • Booking and transaction data: course or service bookings, purchase history, invoice details.
  • Financial data: billing information (note: full payment card data is processed by our payment provider and not stored by us).
  • Communications: enquiries, feedback, correspondence, and messages you send us.
  • Training records: attendance, assessments, completion data, and certificates issued.

2.2 Data Collected Automatically

  • Technical data: IP address, browser type and version, device type, pages visited, time and date of visit.
  • Usage data: how you interact with our website, links clicked, content viewed.
  • Cookie data: information gathered via cookies and similar tracking technologies (see Section 9).

2.3 Data Received from Third Parties

  • Where a booking is made on your behalf by an employer or organisation, we may receive your name, contact details, and role from them.
  • Publicly available information such as LinkedIn profiles, where relevant to a consultancy engagement.

We do not knowingly collect personal data from children under the age of 16. We do not collect special category data (such as health data, ethnicity, or religious beliefs) unless you voluntarily provide it and we have a lawful basis for processing it.

3. How and Why We Use Your Personal Data

We only process personal data where we have a lawful basis to do so under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The table below sets out our processing purposes and the legal basis for each.

Purpose of ProcessingType of DataLegal Basis
Delivering training and consultancy servicesName, contact details, job role, organisationPerformance of a contract (Art. 6(1)(b) UK GDPR)
Processing bookings and paymentsName, contact details, financial/billing informationPerformance of a contract (Art. 6(1)(b) UK GDPR)
Sending course materials and resourcesName, email, organisationPerformance of a contract / Legitimate interests (Art. 6(1)(b)/(f))
Responding to enquiries and pre-sales contactName, email, telephone, message contentLegitimate interests (Art. 6(1)(f) UK GDPR)
Marketing and promotional communicationsName, email, preferencesConsent (Art. 6(1)(a)) or Legitimate interests for existing clients
Issuing certificates and maintaining training recordsName, completion data, organisationLegitimate interests (Art. 6(1)(f) UK GDPR)
Compliance with legal obligationsAny data required by lawLegal obligation (Art. 6(1)(c) UK GDPR)
Improving our services and website analyticsUsage data, feedback, cookiesLegitimate interests (Art. 6(1)(f) UK GDPR)

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests are not overridden by your rights and interests. You may request details of these assessments by contacting us.

Where we rely on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Marketing Communications

We may send you information about our training courses, events, and consultancy services by email or other means. We will only do this where:

  • You have given us your consent to do so; or
  • You are an existing client and we are marketing similar services to those you have previously purchased (soft opt-in), and you have not opted out.

You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email; or
  • Contacting us directly at [insert email].

Opting out of marketing will not affect the delivery of services you have booked or communications related to your bookings.

5. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of recipients where necessary:

5.1 Service Providers (Processors)

We use trusted third-party providers to help us operate our business. These may include:

  • Payment processing providers (e.g. Stripe, PayPal, or similar) — for processing bookings and invoices.
  • Email and CRM platforms — for managing communications and client records.
  • Website hosting and analytics providers.
  • Cloud storage and document management services.
  • Video conferencing platforms (e.g. Zoom, Microsoft Teams) — for online training delivery.

All processors are required to handle your data securely and only for the purposes we specify, under a data processing agreement.

5.2 Professional Advisers

We may share data with our accountants, lawyers, or insurers where necessary for the running of our business.

5.3 Legal and Regulatory Requirements

We may disclose personal data where required to do so by law, court order, or regulatory authority (such as HMRC).

5.4 Business Transfers

If Goldcrest Hope Ltd is sold or merges with another business, your personal data may be transferred to the new owner, who will be required to honour this Privacy Notice.

6. International Data Transfers

We primarily process your data within the UK. Where we use third-party platforms or providers that process data outside the UK or European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

  • The country has been granted an adequacy decision by the UK Secretary of State;
  • Standard contractual clauses approved for UK transfers are in place; or
  • The provider participates in a recognised transfer framework.

You may contact us for details of the safeguards in place for specific transfers.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with our data retention schedule. Our standard retention periods are:

Retention PeriodsClient and booking records:      6 years from end of contract (in line with limitation periods)Financial and invoicing records:  6 years (for HMRC compliance)Training records and certificates: 3 years after completion, unless longer retention requestedMarketing contact data:           Until you opt out or 2 years from last engagement (whichever is sooner)Enquiries and correspondence:     2 yearsWebsite analytics data:           13 months (standard analytics retention)

We may retain data for longer where required by law or where it is needed to defend a legal claim. At the end of the retention period, data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

Your Rights at a GlanceRight of access — to request a copy of your personal data (subject access request).Right to rectification — to ask us to correct inaccurate or incomplete data.Right to erasure — to ask us to delete your data (‘right to be forgotten’), subject to legal obligations.Right to restriction — to ask us to limit how we use your data in certain circumstances.Right to data portability — to receive your data in a structured, machine-readable format.Right to object — to object to processing based on legitimate interests or for direct marketing.Rights relating to automated decision-making — to request human review of automated decisions.Right to withdraw consent — at any time, where processing is based on consent.

To exercise any of these rights, please contact us at: [insert data protection email]

We will respond to all requests within one calendar month. We may ask for proof of identity before processing your request. There is no charge for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

9. Cookies

Our website uses cookies — small text files placed on your device — to improve functionality and analyse how the site is used. The types of cookies we may use include:

  • Strictly necessary cookies: essential for the website to function. No consent is required.
  • Performance and analytics cookies: help us understand how visitors use the site (e.g. Google Analytics). These require your consent.
  • Functionality cookies: remember your preferences to improve your experience.
  • Marketing cookies: may be used to deliver relevant content. These require your consent.

When you first visit our site, you will be presented with a cookie banner giving you the option to accept or decline non-essential cookies. You can adjust your preferences at any time via your browser settings or our cookie preference tool.

10. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These include:

  • Encryption of data in transit (SSL/TLS) and at rest where appropriate.
  • Access controls limiting data access to those with a legitimate business need.
  • Regular review of security practices and supplier data processing agreements.
  • Staff awareness and confidentiality obligations.

In the event of a personal data breach that is likely to pose a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly without undue delay.

11. Third-Party Links

Our website may contain links to third-party websites. This Privacy Notice does not apply to those sites. We encourage you to read the privacy notice of any site you visit. We have no responsibility or liability for third-party content or privacy practices.

12. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in law, our services, or our data practices. The date at the top of this notice will always reflect the most recent version. We will bring material changes to your attention where we are able to do so.

13. How to Raise a Concern or Complaint

If you have any questions or concerns about how we handle your personal data, please contact us in the first instance:

Email: info@gh-ltd.co.uk

If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)Website:   www.ico.org.ukHelpline:  0303 123 1113Post:      Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

© Goldcrest Hope Ltd 2026. All rights reserved.