We process your personal information to fulfil legal, statutory, and contractual obligations, and to deliver our products and services effectively. We will never request more personal data than is necessary, and we will only process your information in ways that are consistent with this privacy notice.

All data collected will be for legitimate business interest.

The fullest extent of personal data we will collect from you is: 

• Name
• Date of Birth
• Home Address
• Personal Email
• Business Email
• Home Telephone Number
• Mobile Telephone Number
• Driver’s License Number
• Photographs (for the purpose of issuing skills cards or validating your identity)
• Curriculum Vitae (CV) and supporting competence evidence.
• Video evidence and photographs relating to assessment activity.

If you are under the age of 13, please do not provide Lantra with any personal data. If you are under the age of 16, please ensure you have your parent/guardian’s permission before you provide any personal information to Lantra.

We take your privacy very seriously and will only share your information with third parties where there is a legitimate business interest.

If you engage with Lantra as a user of our website, your data will not be shared with any third party.

If you are a learner on a Lantra course with a Training Provider, a Lantra Training Provider, Instructor, External Quality Assurer (EQA) or Assessor then we may need to share your data with Training Providers, EQA’s, Technical Verifiers (TV’s), and bulk mailing organisations.

If you participate in our online proctored assessments, we share relevant data with our software suppliers, Proctor Exam, Integrity Advocate and Coelrind, and our internal quality assurance teams and external suppliers of quality assurance services. Videos are stored for 90 days after which they are destroyed.

Proctor Exam’s Privacy Policy can be found at: https://proctorexam.com/privacy-and-data-security/

Integrity Advocate’s Privacy Policy can be found at: Privacy Policy - Integrity Advocate

Coelrind’s Privacy Policy can be found at: https://coelrind.co.uk/privacy-policy-2/

Learner data will be shared with our assessment processing partners:

Portico’s Privacy Policy can be found at: Privacy Policy | Portico Consulting | Quartz IT Solutions

ACE360’s Privacy Policy can be found at: Global Privacy Policy - ACE360

If you participate in a project funded by a third party, then we may share your data with the funder and bulk mailing organisations such as Dotdigital.

We will never disclose, share, or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice and other guidance provided by Lantra. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

To withdraw consent please contact Kris Swainston Data Protection Officer, telephone 02476 696996.

The purposes and reasons for processing your personal data are detailed below:  

• We collect your personal data in the performance of a contract or to provide a service and to ensure that orders are completed, quality assured and validated and can be sent out to your preferred address.
• We will process your personal data as part of verifying your identity for certification processes or skills cards.
• As part of our contractual terms and conditions approved training providers, EQA’s and TV’s will receive regular updates regarding Lantra products and services and items of interest pertinent to our industry.Such information will be non-intrusive.

• You have the right to be informed of any information Lantra processes and why we are processing this information.You have the right to access any personal information that Lantra holds about you.
• You have the right to rectification. If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so within 20 working days; unless there is a valid reason for not doing so, at which point you will be notified. Lantra will also advise any third parties holding your data to update as notified.
• You have the right to request the erasure of your personal data. While Lantra will make every effort to fulfil such requests promptly, please note that erasure may impact our ability to continue providing certain services. We aim to complete erasure within 20 working days, and in any case, within one calendar month as required under UK GDPR. In rare cases where a request is particularly complex or involves multiple requests, this period may be extended by up to two additional months. If an extension is needed, we will inform you within the initial one-month period and explain the reason for the delay
• You have the right to restrict the processing of your personal data when:
  • the accuracy of the data is contested (for a period to enable the controller to verify the accuracy)
  • The processing is unlawful and you object to the erasure of the data and request restrictions of its use instead.
  • You object to processing based on the grounds of legitimate business interests.
  • Where Lantra as the controller no longer requires the data but you do to exercise or defend a legal claim.

If you exercise this right, it may mean that Lantra will not be able to continue to provide the expected service delivery.

• You have the right to data portability allowing you to obtain and reuse your personal data for your own purpose across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
• You have the right to object to: 
  • Direct Marketing, which is absolute, you do not need to demonstrate grounds for your objection, there are no exceptions which will allow processing to continue.
  • processing based on legitimate interests or performance of a task in the public interest/ exercise of official authority.
  • processing for research or statistical purposes.

If we receive a request from you to exercise any of the above rights, we will ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

We will always advise:

• Why we require your data.
• With whom your personal data may be shared.
• How long we intend to hold your data for and means of storage and disposal.
• If we did not collect the data directly from you, information concerning the source.

In Scotland, Lantra processes personal data under the lawful basis of “public task” in accordance with Article 6(1)(e) of the UK GDPR. This processing is carried out on behalf of the Scottish Government and is necessary to fulfil statutory functions under the Small Landholders (Scotland) Act 1911

We use an electronic system to digitise and transfer marks from multiple-choice test papers into Quartz. While this process is partially automated, it includes human oversight and intervention and therefore does not constitute automated decision-making under UK GDPR. The system supports efficient and accurate result entry but does not independently determine outcomes without human review.

We may occasionally use profiling to support recruitment or training of staff. Any such profiling activity will be conducted with the individual's agreement, and the outcomes will be shared with relevant parties as appropriate. Importantly, Lantra does not use profiling in relation to Learners.

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Lantra uses dotdigital.com to provide the services below. However, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Dotdigital - formerly known as Dotmailer

We use Dotdigital for bulk e-mail delivery services. They function as a processor on our behalf. The only information we provided them with is your e-mail address.

For more information about Dotdigital, please read their Privacy Policy at: Dotdigital privacy policy

We take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:

• Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for email encryption and SSL for website encryption.
• Full live network protection through our firewall.
• Network level protection between the secured and unsecured networks with centralised user authentication on our wireless network.
• Full antivirus scanning across all systems.

Personal data within the European Union is protected under the General Data Protection Regulation (GDPR). However, not all countries outside the EU offer the same level of data protection.

Lantra may transfer personal data outside the EU for the following purpose:

Sharing email addresses with contracted providers or organisations to support legitimate business interests aligned with our charitable objectives.

Where such transfers occur, Lantra implements appropriate safeguards and mechanisms to ensure your personal data remains secure and protected in accordance with applicable data protection laws.

We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. Our policy is to keep your personal data for the duration of your membership after which point Lantra will retain the information indefinitely unless a request is made to erase the data.

If you have been issued a Lantra certificate or card, your personal data is retained indefinitely to support verification and reissuance. You may request the destruction of your data once your certificate has been issued; however, please note that doing so will prevent Lantra from confirming your achievement or reissuing lost certificates in the future.

We retain personal information only for as long as necessary to fulfil the purposes outlined in this privacy notice. Lantra has strict review and retention policies in place to ensure compliance with data protection obligations.

Personal data related to membership is retained for the duration of the membership. After this period, Lantra may retain the data indefinitely unless a request is made to erase or destroy it.

Video recordings used to validate assessment activities are retained only for the duration required to complete relevant quality assurance processes. This period typically does not exceed 12 months. Once the quality assurance process is complete, all video records are permanently deleted.

All End-Point Assessment (EPA) records and associated assessment documentation must be securely retained for a period of seven years, after which they will be confidentially destroyed.

We operate three membership schemes: Providers, Instructors, and Assessors. Learners participate through a subscription-based model. We send regular emails containing information we believe is relevant to each member or subscriber, including updates, opportunities, and scheme-related content.

We will only send marketing emails if you have explicitly consented to receive them. Where you have provided consent for direct marketing, we will retain your contact details for that purpose until you withdraw your consent or notify us otherwise.

We only process your personal information in accordance with this privacy notice and the relevant data protection laws. If you wish to raise a concern about how your personal data has been handled, or if you are dissatisfied with our response to a request, you have the right to lodge a complaint with the appropriate supervisory authority.

To make a complaint in relation to Data Handling, (UK) GDPR or Data Protection, in the first instance contact:

Kris Swainston – Data Protection Officer (Kris.Swainston@lantra.co.uk)

Lantra House, Stoneleigh Park, Coventry, CV8 2LG

Telephone: 02476 696996. 

Website: www.lantra.co.uk

Report a Concern:

Information Commissioners Office (ICO) – Supervisory Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SKP 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

A ‘cookie’ is a piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options.

Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.

Most web browsers allow some control to restrict or block cookies through the browser settings, however, if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies the Information Commissioners Office (ICO) provides detailed information on cookie usage, consent requirements, and user rights: Cookies | ICO

This Privacy Policy is reviewed annually and therefore you may wish to revisit each time you are requested to provide us with information.