GDPR Statement


GDPR Statement

Our General Data Protection Regulation (GDPR) (EU) 2016/679 Statement is detailed below.

Varsity Training is registered with the Information Commissioner’s Office for the purposes of processing personal data. The information you provide will be held and used in accordance with the requirements of UK and European data protection law. The information will form part of your Individual Personal Profile account, and held for 6 years after the start date of your programme. This is a requirement of City & Guilds and the ESFA.

Unless otherwise agreed with you, we will only collect the minimum personal data required to deliver the service, which includes:

  • Name & Address;
  • Date of Birth;
  • Contact details including, email (work and/or personal) and phone numbers;
  • Employer details;
  • Evidence of right to study in UK – ESFA requirement; and
  • Past qualifications.

The information will be used for the administration of your training and is part of our statutory duty under the ESFA funding rules for apprenticeships. (GDPR Article 6(1)(c))
We will not use your personal information in a way that may cause you unwarranted nuisance. Failure to provide the information could result in Varsity Training being unable to register you on your programme.
The information provided may/will be shared with the organisations listed below:

  • Swatpro – South West Association of Training Providers;
  • City & Guilds;
  • Institute of Leadership & Management;
  • Education & Skills Funding Agency; and

These organisations, who have demonstrated that they have a lawful and legitimate interest in the information, for the purposes of providing your training programme and related funding. At no point is your data shared or processed outside of the UK.

We may lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds under the Local Audit and Accountability Act 2014. Under the conditions of the Digital Economy Act 2017, we may also share personal data provided to us with other public authorities as defined in the Act, for the purposes of fraud or crime detection or prevention, to recover monies owed to us, to improve public service delivery, or for statistical research. We do not share the information with other organisations for commercial purposes.

You have the right to see the personal data we process about you, as well as the right of objection, rectification, restriction and erasure in some circumstances. For details of how to make such a request, please contact our Data Protection Officer can be contacted at

If you have any questions or concerns about the way we process your personal data, our Data Protection Officer can be contacted at

Contact Us FAQ

Complaints Policy

A link to our Complaints Policy is provided below.

Complaints Policy