Privacy Policy
How SIMFX® collects, uses, and protects your personal data under UK GDPR.
This privacy policy explains how SIMFX® LTD (Company No. 12666655), referred to below as “SIMFX®”, “we”, “us”, or “our”, collects, uses, stores, and protects your personal data when you use our website, book a course, or otherwise interact with us. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Last updated: April 2026
1. Data Controller
1.1 SIMFX® LTD is the data controller responsible for your personal data. If you have questions about how we handle your data or wish to exercise your rights, please contact us using the details in Section 12.
2. Information We Collect
2.1 We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity data | Full name, job title, employer or organisation name |
| Contact data | Email address, telephone number, postal address |
| Booking data | Course selections, preferred dates, dietary or access requirements, payment references |
| Health data | Allergies or skin sensitivities disclosed for course safety purposes |
| Technical data | IP address, browser type and version, device type, operating system, pages visited, time on site |
| Communication data | Correspondence via email, contact forms, or telephone |
2.2 We collect personal data when you submit a booking or contact form, correspond with us by email or telephone, browse our website, or interact with us on social media.
2.3 We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately.
3. How We Use Your Data
3.1 We process your personal data only where we have a lawful basis to do so. The table below sets out our purposes and the corresponding legal basis under UK GDPR:
| Purpose | Lawful Basis |
|---|---|
| Processing and managing your course booking | Performance of a contract (Article 6(1)(b)) |
| Issuing invoices and processing payments | Performance of a contract (Article 6(1)(b)) |
| Issuing CPD certificates upon course completion | Performance of a contract (Article 6(1)(b)) |
| Communicating course details, updates, and logistics | Performance of a contract (Article 6(1)(b)) |
| Responding to enquiries via contact forms or email | Legitimate interests (Article 6(1)(f)) |
| Accommodating health, access, or dietary requirements | Explicit consent (Article 9(2)(a)) |
| Improving our website and services | Legitimate interests (Article 6(1)(f)) |
| Complying with legal or regulatory obligations | Legal obligation (Article 6(1)(c)) |
3.2 Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your fundamental rights and freedoms.
4. Sharing Your Data
4.1 We do not sell, rent, or trade your personal data to third parties.
4.2 We may share your data with the following categories of recipients where necessary to deliver our services:
| Recipient | Purpose |
|---|---|
| The CPD Certification Service | Issuing independently certified CPD certificates |
| Payment processors | Processing course fee payments securely |
| Website hosting and analytics providers | Operating and improving our website |
| Form processing services (Zoho, Cal.com) | Handling booking and contact form submissions |
| Professional advisers | Legal, accounting, or insurance purposes |
| Law enforcement or regulators | Where required by law or to protect our legal rights |
4.3 All third-party processors are required to handle your data in accordance with UK GDPR and our instructions. We do not permit them to use your data for their own purposes.
5. International Transfers
5.1 Some of our third-party service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner’s Office (ICO), or transfers to countries with an adequacy decision.
5.2 You may request further details about the safeguards in place by contacting us.
6. Data Retention
6.1 We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our standard retention periods are:
| Data Type | Retention Period |
|---|---|
| Booking and payment records | 6 years from the date of the course (in line with HMRC requirements) |
| CPD certification records | 6 years from the date of issue |
| Contact form enquiries | 2 years from the date of the enquiry |
| Health and allergy information | Deleted within 30 days of course completion |
| Website analytics data | 26 months (anonymised) |
6.2 When personal data is no longer required, it is securely deleted or anonymised.
7. Data Security
7.1 We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted connections (HTTPS), access controls, and secure storage.
7.2 While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but will notify you and the ICO of any reportable data breach in accordance with our legal obligations.
8. Your Rights
8.1 Under UK GDPR, you have the following rights in relation to your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you (a “subject access request”) |
| Rectification | Request correction of inaccurate or incomplete personal data |
| Erasure | Request deletion of your personal data where there is no compelling reason for continued processing |
| Restriction | Request that we limit the processing of your data in certain circumstances |
| Portability | Request transfer of your data to another organisation in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing purposes |
| Withdraw consent | Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing |
8.2 To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within one calendar month. There is no fee for making a request unless it is manifestly unfounded or excessive.
8.3 If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.
9. Cookies
9.1 Our website uses cookies , small text files placed on your device, to help us improve your experience and understand how the site is used. For full details on the cookies we set and how to manage your preferences, please see our Cookie Policy.
9.2 You can control or delete cookies through your browser settings at any time. Disabling certain cookies may affect your experience of the website.
10. Third-Party Links
10.1 Our website may contain links to external websites, including social media platforms, booking services (Cal.com), and form providers (Zoho). We are not responsible for the privacy practices or content of these third-party sites.
10.2 We encourage you to read the privacy policy of any external website you visit via a link from our site.
11. Changes to This Policy
11.1 We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. Any changes will be posted on this page with an updated “Last updated” date.
11.2 Where changes are significant, we will take reasonable steps to notify you, such as by email or a notice on our website.
12. Contact
For questions about this privacy policy, to exercise your data rights, or to raise a concern about how we handle your personal data, please contact us:
- Email: mail@teamsimfx.com
- Phone: +44 (0)7833 57 09 15
- Post: SIMFX® LTD, Cheshire, UK