Online Cookies/Privacy and GDPR Statement

As a Data Processor, Karen Blake Coaching Ltd also known as Karen Blake Academy (KBA) is committed to protecting and respecting the security and integrity of your personal data in line with GDPR (General Data Protection Regulation). We collect information only which we can justify as reasonable and justifiable for the provision and communication of KBC and KBA-related products and services as detailed on our marketing website.


The EU General Data Protection Regulation (GDPR) marks a step change for data protection and replaces the Data Protection Directive on 25 May 2018. GDPR simplifies and clarifies rules and strengthens citizens’ rights in relation to their personal data. The GDPR abolishes the single country data protection acts and combines data protection for all EU member states. When the UK leaves the EU, it will become an approved country, and GDPR will continue to form part of UK law.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide by filling out forms on our product websites. This includes information provided at the time of registering to use the Site, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you report a problem with the Site.
  • If you contact us, we will keep a record of that correspondence.
  • KBC and/or KBA may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to the Site and the resources that you access, including your IP address and internet browsing preferences,
  • We may also use the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve advertisements based on someone’s past visits to the KBC and KBA websites. Any data collected in this way will be used in accordance with Google’s privacy policy, and you can set preferences for how Google advertises to you using the Google Advertisements Preferences page.
  • We do not store credit/debit card details.

IP Addresses and Cookies

We may collect information about your computer, including (where available) your IP address, operating system, and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file that is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.

You may refuse to accept cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Site.

Please note that our advertisers may also use cookies, over which we have no control.

Where we store your personal data

KBC and KBA will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR.

Your personal data is stored within the EU, will not be transferred outside the EU. Your learners’ and users’ data are kept securely on your own password-protected database and will not be used for any purpose other than the delivery of online learning through your KBA account.

Where you have been given (or where you have chosen) a password that enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Uses made from the information

KBC will use personal information only to provide you with services relating to the Site. Personal information will not be passed on to third parties.

We use the information we have about you in the following ways:

  • To ensure that content from the Site is presented in the most effective manner for you and your computer.
  • To provide you with information, products, or services that you request from us or that we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.

Retention of your information

The personal data that we collect shall be kept for no longer than is necessary for the purposes for which it is being processed. Should your KBA account remain unused for a period of two years, or you request removal of your personal data without KBA having legal grounds to object, then your personal information will be scheduled for deletion.

Data scheduled for deletion will be moved to a secure, encrypted ‘vault’ for no more than three years, before being permanently removed from all KBA servers and backups.

Disclosure of your information

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of KBC, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

KBC Data Protection Policy

Karen Blake Coaching Ltd is committed to keeping your personal and educational information safe. To achieve this, we take great care to tell you what information we capture, why we capture it, how it is stored, and how long we keep it.  We comply with both the Data Protection Act 2018 and the European Union General Data Protection Regulation 2016, which was enforced on 25 May 2018.

Six Principles of the Data Protection Act 2018

  • processing must be lawful, transparent and fair;
  • purposes of processing must be specified, explicit and legitimate;
  • personal data must be adequate, relevant and not excessive;
  • personal data must be accurate and kept up-to-date;
  • personal data must be kept for no longer than is necessary; and
  • personal data must be processed in a secure manner.

Karen Blake Coaching Ltd holds learner enrolment and achievement data for the purposes of administering, verifying, and awarding credits and qualifications.

We only collect personal information that you give us when you enrol/submit work to us for assessment, internal quality assurance, and registration with an awarding body.


Data Purposes
First and surname and Date of Birth
  • ULN from the Learner Records Service
  • Register with the Awarding Body via secure file transfer
  • Stored in a database that is password protected.
Address and postcode
  • ULN from the Learner Records Service
  • Register with the Awarding Body via secure file transfer
  • Address to send you materials and certificates, and so that we can verify your identity for assessment purposes.
  • Stored in a database which is password protected.
ULN/ Karen Blake Coaching Ltd ID
  • Register with the Awarding Body via secure file transfer
  • Karen Blake Coaching Ltd ID generated by and stored in database which is password protected.
  • See Appendix One for Privacy Statement from the Learner Records Service.
Phone number and Email address
  • Stored in database which is password protected.
  • Register with the Awarding Body via secure file transfer
  • So that we can contact you if we need to regarding your learning.
Employer/Job Role
  • Register with the Awarding Body via secure file transfer if required.
Specific identification numbers like a passport or driving licence and other identifiers like a personal learning number
  • In the unlikely event that we request this information from you it is so that we act in accordance with the regulations for qualifications and in keeping with best practice in verifying learner identity


Details of your assignments and achievements with us.
  • So that we can ensure that your results are fair and accurate. We also have to keep these records in case there are any complaints or verifications. -See Karen Blake Coaching Ltd Limited Retention of Assessment Materials policy.
  • We will usually keep samples of learners work for quality assurance purposes but would not keep any learners work for more than 3 years.
  • In addition, see Awarding Bodies (Agored Cymru and CMI) Retention of Evidence policies on their websites.
Details of any correspondence between you and Karen Blake Coaching Ltd.
  • This becomes part of your record with us.




  • We always consider whether the content of the email should be encrypted, or password protected.
  • Where possible we verify email addresses
  • We do not share your email address with other learners or third parties unless you give us consent to.
  • We always check email addresses and content before sending an email.


  • Shred all our confidential paper waste.
  • Check the physical security of our premises.
  • Keep all personal data locked securely when not being used.
  • Ensure all doors are locked and windows shut when leaving the premises.
  • Do not reuse excel spreadsheets that have contained personal data.
  • Allow plenty of time to undertake work that involves personal data.
  • Check all envelopes before sending letters/certificates to ensure they only contain what they should.


We comply with:

  • The Data Protection Act 2018
  • The European Union General Data Protection Regulation 2016
  • The European Convention of Human Rights
  • The UK Human Rights Act 2000
  • PECR Regulations
  • Inspire Regulations
  • Freedom of Information Act
  • Access to Information Regulations

For information on these regulations and for information in how to understand your information rights visit the Information Commissioner’s Office:

Karen Blake Coaching Ltd is registered with the ICO.


For computer security we: 

  • Install a firewall and virus-checking our computers.
  • Make sure that our operating systems are set up to receive automatic updates.
  • Protect our computers by downloading the latest patches or security updates, which should cover vulnerabilities.
  • Only allow our staff access to the information they need to do their job and don’t let them share passwords.
  • Protect personal information held electronically that would cause damage or distress if it were lost or stolen.
  • Take regular back-ups of the information on our computer system and keep it in a secure separate place and password protected.
  • Securely remove all personal information before disposing of old computers.
  • Have anti-spyware tools in place. Spyware is the generic name given to programmes that are designed to secretly monitor activities on computers.

Procedures for data breaches

  1. Report data breaches to the Centre Manager at the earliest opportunity.
  2. Complete required paperwork within 24 hours.
  3. The Centre Manager will investigate and decide a course of action according to ICO regulations.
  4. Review breach and identify and implement any action points.

Learners Security

We review our data protection, confidentiality and security practices continually and update our policies accordingly. We encourage learners to contact us with any concerns and we pride ourselves in learning from feedback on any mistakes we make. Through our Privacy Notices we make clear to learners that we will only pass personal information onto the Awarding Body and no one else. We also advise learners that they can contact us to remove their personal data from our systems once they have completed their learning with us.


The Data Protection Act gives you the right to apply for a copy of personal information held about you. This is called a subject access request, (SAR). You can, if you wish, appoint someone to apply for you, for example a member of your family.

To make a SAR please put your request in writing and email to [email protected] or [email protected]. Please provide your name, your organisation, the course you attended and the date (s) of the training.

The fee for providing this information is £10.

We will:

  • Acknowledge receipt of your request within 10 working days.

How to recognise a subject access request.

  • We will use the Subject Access Request Checklist provided by the ICO, using the following link:

Other people’s information contained in the proposed request.

If other people’s information is contained in the proposed request, we will follow the guidance issued by the ICO using the following link:


If you wish to discuss any data protection, information security or data access matter, please email us at: [email protected]

Awarding Body Privacy Policies:

For the CMI Privacy Policy please follow the link:

For the Agored Cymru Privacy Policy please follow the link or see appendix two:

Appendix One: The Learner Records Service

The Learner Records Service (May 2018) and can be found at:

 Appendix Two

 Data Management Process

  1. The designated Centre Manager for each Awarding Body is responsible for uploading information on learner entries for units/qualifications and learners results from the Assessors and Internal Verifiers. Timescales and deadlines for this may vary according to the course, customer requirements and timescales agreed in any Memorandum of Understanding.
  2. The learner enrolment form ensures that all the information required for registration with and certification from, the Awarding Body, is collected from the learner. This form is usually kept in the learner’s portfolio/workbook.
  3. This information is put onto the Centre’s database and a centre learner ID number is allocated. If required, to register the learner for a qualification, the learners ULN is accessed from the Learner Records Service (LRS).
  4.  The Centre Manager registers all classes/individual learners with the Awarding Body using the format they provide and uploads this information via secure file transfer. The Awarding Body then issues a link to a “claim form” for each class.
  5. The results from the Assessor and Internal Verifier are also found in the learner’s portfolio/workbook. The Centre Manager completes and submits the Claim Form.
  6. All workbooks are stored in a locked cabinet.
  7. A Master Record is created, depending on awarding body requirements, for each year, with details of the learners who have achieved during that year. This is submitted, for example, to the Agored Cymru EQA prior to the annual EQA Visit and the EQA selects learners work to sample from this record.
  8. Assessors and IQA’s provide feedback throughout a learner’s workbook/portfolio and summative feedback at the end of the portfolio/workbook.
  9. Internal verification records not contained within the learner workbooks/portfolios will be kept for three years.