My Account
Tel: 01978 660 000

Have an enquiry? Fill out our online form...

Privacy Policy

Your privacy is important to you and us at Atrium.  We understand that you care about how your personal data is used and stored.  Atrium, as both the Data Controller1 and the Data processor 2 of your data are committed to protecting your individual rights to privacy.  The term “processing” covers virtually everything that can be done with data, including collection, recording, storage, disclosure by transmission, erasure and destruction.  Your data will be processed in accordance with the Data Protection Act (DPA) 2018 and the new General Data Protection Regulations (GDPR) 2018.


Contacting Us

If you have any questions about this Privacy Notice, please contact us by emailing or by telephone on 01978 660  000


What Data may be collected?

The following data may be collected, held and shared by Atrium

•        Information about you that may include name, address, e-mail, contact details, bank details, photographs and sensitive (or special category) information.


Who will it be collected from?

•        You (the data subject)

•        Your employer, e.g. Human Resources, Management

•        A third party3  course organiser or facilitator

How will it be collected?

• Websites- online form

• Telephone

• Paper forms

• E-mail

• Face to face

• Texts


Who will have access?

•        Atrium’s core admin staff4  and your employers/course organisers/facilitators

Why is it collected?  I.e. what is the “lawful basis” for processing the data?

        We may process your personal information to comply with our legal requirements (for example, to contact you if there is an urgent safety or product recall notice and we need to tell you about it).

•        If we are under a duty to disclose or share your personal data in order to comply with any legal obligation to our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

•        We may process your data to send direct marketing of similar products including prompt letters. We will not do this without your prior consent. You are able to opt out at any point by informing us of your preferences via email or phone (information stated on the Contact Us section of Website) or by replying to any of our emails.

Other grounds for processing

Vital interest

        Sometimes we will need to process your personal information if, for example, there is an urgent safety or product recall notice and we or the manufacturer of the product needs to tell you about it, or for life saving medical diagnosis and treatment purposes.

Change of purpose

        We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose for example a change in the law. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Sharing Your Data

Your data will not be shared with any third party without your prior consent.


The information will be used to:

  • ·         Give you the services, information or products you have requested or required.

  • ·         Keep you in touch with our work, for example by sending you updates of when your certificate is due to expire. You will have an option to opt in to this communication when you attend your course.

How long will data be held for?

We retain personal data relating to payments, VAT, tax and accounts for the minimum statutory periods required by UK law.

We retain personal data relating to training records and consultancy work for the minimum required to fulfil our legal requirements and those of awarding bodies (e.g. British Safety Council, First Aid Industry Body).

We retain historic information relating to bookings, consultancy, events and purchases to enable us to analyse the performance of the business over time and plan for the future success of the company.

We only keep this information for as long as is necessary to perform this task.

How will the data be stored?

Our data and the data we collect are stored on a secure server based in the United Kingdom. Although transmission of information over the Internet cannot be guaranteed as one hundred per cent safe, once we have received your data we will use strict security procedures, data protection tools and anti-virus/hacking technology to prevent data loss or unauthorised access.

Hard copies of personal data are retained for legal purposes. These are stored in suitable locked cabinets for fire and theft. Our unit is always staffed when open and locked at all other times. The building that consists of Atrium’s unit (Redwither Tower) is staffed 24 hours.

The use of Cookies

We do not currently use cookies5 on our website. If we decide to change our policy in the future, you will be notified and you will be able to choose to accept or decline their usage.

Erasure and Destruction of data

Personal data will be destroyed by secure electronic file deletion and/or cross shredding at prescribed interval.


Your rights

You are guaranteed certain rights under UK and EU data protection law which Atrium will make every effort to meet. Not all of these rights are absolute – for example where there is a statutory obligation to retain data. The rights conferred to you are as follows.

  • Request a copy of the personal information held about you
  • Rectify information that is not correct
  • Delete information held about you that is no longer necessary for another legitimate purpose
  • Restrict your personal data from being processed by in some way by Atrium
  • Have a copy of your personal data supplied in a portable format
  • Object to your information being processed in any way by Atrium

In the event of a data breach or serious complaint you can contact the ICO (Information Commissioner’s Office) directly via their website:

We are registered with the ICO. Our registration number is Z2259934


  1. Data Controller - means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed 
  2. Data Processor - in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
  3. Third Party - a person or group besides the two primarily involved in a situation. For example an organisation who co-ordinates courses for carers. In this contract, “Third Parties” are also Atrium non-employees.
  4. Core Admin Staff – Atrium staff who work in the office day-to-day. Currently, Atrium has 6 core admin staff.
  5. Cookies - a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information about you, similar to a preference file created by a software application. Cookies are also used to store user preferences for a specific site.


This policy will be reviewed and/or revised as necessary in order to meet any changes in statutory duty or best practice.