Privacy Policy

Compliance. Security. Transparency.

Update Information

Last updated: 20/04/2025
Last revised: 20/04/2025

Owner and Data Controller

RedLibrary Consulting Limited
Registered in England and Wales.

Company number (CRN): 11095094
ICO Registration number: ZA923959
Address: Bartle House, Oxford Court,
M2 3WQ, Manchester, UK

Data Protection Officer email:
dpo@redlibrary.net

Definitions

We, Us: Refers to RedLibrary Consulting Limited, acting as the Data Controller and, where applicable, a Data Processor in accordance with applicable data protection law.

User: The individual using the website, considered the Data Subject unless otherwise stated.

Data Subject: The natural person to whom the Personal Data relates.

Data Processor: The entity processing Personal Data on behalf of the Controller.

Data Controller: The entity determining the purposes and methods of processing Personal Data, including security measures.

Website: https://redlibrary.net (primary website). Country-localised domains, such as https://redlibrary.co.uk, may be used solely as redirects and do not operate independent services.

Service: Services provided through the Website.

European Union and European Economic Area (EU/EEA): Includes all current EU member states and EEA countries.

Privacy Statement

This Privacy Policy explains how we collect, process, store, and protect your personal data when you:

  • Visit and use our website
  • Show interest in or utilize our services
  • Engage with us through our website forms, direct contact (email, phone), newsletter subscriptions, training course registrations, or participation in service delivery.
It is essential to read this policy to understand how we safeguard your data. This policy complies with EU Regulation 2016/679 (GDPR) and the UK Data Protection Act 2018.

We apply strict access controls, encrypted storage, secure system configurations, and regular vulnerability assessments in line with ISO/IEC 27001:2022 standards. Access is limited to authorized personnel only, and all employees receive data handling training.

Personal Data We Collect

Internet/network activity: Includes interactions with our website and systems via cookies and IP-related technologies.

Identity, contact, and payment data: Includes name, email, phone number, IP address, account data, and bank account details required for invoicing, accounting or refunds. We do not store credit/debit card data.

Professional information: Personal and / or business contact details collected for service delivery purposes.

Devices and Storage Media Submitted for Disposal

Some services involve the handling of devices or storage media that may contain personal or organisational data belonging to the client or third parties.

Our services are designed to securely process storage media without accessing, reviewing, or analysing the data stored on those devices. Processing is limited to secure overwrite procedures or physical destruction of storage media.

These procedures are intended to ensure that previously stored information cannot be recovered once the process has been completed.

How We Collect Personal Data

Automatically: IP address, device, browser, and geolocation details for analytics and security.

Provided by the Data Subject: Through email, phone, online forms, or in-person interactions.

Third parties: We may receive limited personal data from public sources or professional contacts where relevant to the services offered. Any such data is handled in accordance with this policy and applicable data protection law.

Devices and Storage Media Submitted for Disposal

Some services involve the handling of devices or storage media that may contain personal data belonging to the client or third parties.

Our services are designed to securely process storage media without accessing or reviewing the data stored on those devices. Processing is limited to secure overwrite procedures or physical destruction of storage media.

Where applicable, devices are processed under documented procedures designed to ensure that previously stored information cannot be recovered.

Lawful Basis of Processing Data

Contractual: To fulfill obligations such as communications, invoicing, and support.

Legitimate Interests: To respond to enquiries, maintain the security and integrity of our services, and communicate information relevant to our services where there is a reasonable expectation of contact. You may object or unsubscribe at any time. Legal Obligation: We may disclose data to meet financial, accounting, or statutory requirements.

Automated and Artificial Intelligence based Decision-Making & Profiling

We do not use any form of automated decision-making, including Artificial Intelligence (AI)-based profiling, that affects or produces legal effects for users.

Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable laws.

  • Data subject to legal or regulatory obligations (e.g. invoicing, transaction records) is retained for a minimum of 5 years and reviewed monthly.
  • Certification records (e.g. issued data destruction or training certificates) do not have a predefined maximum retention period, as they may be required for long-term verification. Records are retained only for as long as necessary and are deleted upon explicit request by the user, unless retention is required by law.
  • All other personal data is reviewed and deleted on a case-by-case basis when no longer necessary.
  • When deletion is performed, data is anonymized wherever possible, retaining only the minimum identifiers required to comply with legal or audit obligations.

Sharing Personal Data

We only share your data when legally or contractually required. We never share your personal data for profiling, marketing, or automated decision-making.

Cookies

We only use functional cookies to maintain language preferences, security sessions, and consent tracking:

  • language – stores your language choice (1 year)
  • session_id – identifies your session (1 day)
  • uid – enhances session security (1 day)
  • consent – stores cookie consent via Cookiebot (1 year)
No tracking or marketing cookies are used for profiling, analytics, advertising, or behavioural monitoring purposes.
In accordance with privacy regulations, our Cookiebot implementation actively prevents non-essential cookies from being set unless you have provided explicit consent. However, as we only use functional cookies, no personal tracking or analytics cookies are placed regardless of your consent settings.

Use of Third-Party Providers

Where necessary, we use carefully selected third-party service providers to support the operation of our services. All providers are subject to contractual obligations and appropriate technical and organisational measures in line with UK GDPR and EU GDPR requirements.

  • Fasthosts Internet Limited (UK): Website and server hosting services, including encrypted storage. Data is hosted within the UK/EEA and protected by access controls and encryption. Fasthosts is ISO/IEC 27001 certified and independently audited. Privacy Notice
  • Cookiebot (Denmark): Cookie consent management and compliance tooling. Cookiebot is ISO/IEC 27001 certified and independently audited. Privacy Policy
  • Wise Payments Limited (UK): Payment processing services (including SEPA transfers and card payments). Wise operates as an independent Data Controller for payment-related processing. Wise is ISO/IEC 27001 certified and independently audited. Privacy Policy

All personal data is stored and processed within the United Kingdom and the European Economic Area (EEA), as applicable. Personal data is not transferred outside these regions. Where future international transfers become necessary, appropriate safeguards, including Standard Contractual Clauses (SCCs), will be implemented in accordance with applicable data protection law.

Minors

Our services are not directed at individuals under the age of 18 years. If you are under the age of 18, please refrain from submitting any personal information. Parents or legal guardians may contact us at dpo@redlibrary.net to exercise their rights on behalf of the child.

Your Rights

You have the right to:

  • Be informed about how we use your data
  • Access your personal data
  • Rectify inaccurate data
  • Erase data (with limitations)
  • Object to certain uses of your data
  • Withdraw consent at any time
  • Request portability of your data
To exercise your rights, email dpo@redlibrary.net. ID verification may be required. Deleted data cannot be recovered and may include your training history, if applicable.

Supervisory Authority: If you are dissatisfied, you may contact the Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113
Address: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to This Policy

We may revise this Privacy Policy at any time to ensure compliance. Please refer to the "Last updated" section at the top for version tracking.

Aligned to the following standards and regulations:

 
National CyberSecurity Centre Information Commissioner`s Office UK GDPR EU GDPR NIS2 DoD 5220.22-M ISO:27001