Data Protection Law controls what Phoenix Training Services (Midlands) Ltd does with the personal information provide by individuals who work for us, study with us or access services we provide.
Our Privacy Statement describes what we do with the personal information we are provided with. You may be asked to give us personal information to become a student, client or to use the services we offer.
If you provide us with information, it will only be used in the ways described in our Privacy Statement. Our statement will be updated from time to time and the latest version is always published here on the company website.
Phoenix Training Services (Midlands) Ltd is a Data Controller registered with the Information Commissioner’s Office (ICO) (Registration number Z2524147).
All written correspondence in relation to Data Protection should be addressed to:
Phoenix Training Services (Midlands) Ltd
The Data Protection Officer, appointed by the Board of Directors to provide independent assurance over the use of Information across the company can be contacted by e-mail at
Subject Access Requests
The General Data Protection Regulation (GDPR) 2016 and our Data Protection Policy, gives any individual the right to obtain confirmation that their data is being processed, and where this is the case, access to the personal data. The right of access to this information is referred to as Subject Access Request (SAR).
We will endeavour to provide access to personal data within one month of receipt of a subject access request. If a request is complex, an extension of up to a further two months may be requested from the individual making the request.
A copy of the information will be provided free of charge, however, a ‘reasonable fee’ may be charged if a request is unfounded or excessive, or where information is requested repeatedly.
Who can make a Subject Access Request?
Persons who are entitled to access personal data under this procedure are:
- The individual (also known as the data subject).
- A representative of the data subject who has written consent (e.g. solicitor; acourt appointed representative if the data subject could no longer manage his or her own affairs; a person with enduring Power of Attorney or quite simply anyone else the individual wants acting for them).
- The parent or guardian of a child under 16 years of age: In cases where the child agrees, or it was in the child’s best interest for access to the data to be granted.
How can I make a Subject Access Request?
Please note Phoenix Training Services (Midlands) Ltd will use reasonable means to verify the identity of the individual making the request, but may require individuals to visit one of our Training Centres in order to receive copies of information request responses.
Requests to delete personal data
One of the key principles which underpins UK Data Protection Law is the right of an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This is also known as the right to be forgotten.
Individuals may have a right to have personal data erased and to prevent processing in specific circumstances such as:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
- The personal data must be erased to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child
Please note that the right to erasure does not provide an absolute ‘right to be forgotten’. Under GDPR the Company can refuse to comply with a request for erasure where the personal data is processed for particular reasons. This will always be explained to you if your request cannot be carried out by our Data Protection Officer.
How can I make a request to have my personal data deleted?