Rapid Formations Ltd Logo
 Email Us 020 7871 9990

Privacy Policy

Last Updated: 16/10/25

1. Purpose of this policy

  1. This website is owned and operated by Rapid Formations Limited (“we”, “us”, “our”, and “ourselves”). We are committed to protecting the privacy and security of your personal data.
  2. This Privacy Policy describes how we collect, use and store your personal data when you use our website (regardless of where you visit it from), including when you purchase a product or service or sign up to our newsletter. It also tells you about your rights and how the law protects you.

2. Important information

  1. Our website is not intended for children and we do not knowingly collect data relating to children.
  2. As we only provide services to corporate entities (companies and LLPs) rather than individuals, we treat all website users and customers who purchase services from us as “corporate subscribers” as defined in the Privacy and Electronic Communications (EC Directive) Regulations 2003.

3. Useful definitions

  1. It is important to us that you are able to clearly understand the purpose and content of this Privacy Policy. Some of the terms used throughout the policy have specific legal meanings under data protection legislation. To help you navigate and interpret these terms with ease, we have provided clear definitions below:
    1. aggregated data means information such as statistical or demographic data which may be derived from personal data, but which cannot by itself identify a data subject;
    2. data controller means a body that determines the purposes and means of processing personal data;
    3. data processor means a body that is responsible for processing personal data on behalf of a controller;
    4. data subject means an individual living person identified by personal data (which will generally be you);
    5. personal data means information capable of identifying a data subject from that data alone or with other data we may hold but it does not include anonymised or aggregated data;
    6. special categories of personal data means information about race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, health, genetic, biometric data, sex life, sexual orientation; and
    7. ICO means the Information Commissioner’s Office, the UK’s supervisory authority for data protection issues.

4. Who controls your data?

  1. Rapid Formations Limited is the data controller and is responsible for your personal data.
  2. We may also be the data controller in respect of personal information you provide to us relating to other individuals.
  3. We are registered with the Information Commissioner’s Office under registration no. ZA029449.

5. Our Obligations.

  1. The way in which we can use your personal data is governed primarily by the following legislation:
    1. Regulation (EU) 2016/679 of the European Parliament and of the Council, more commonly known as the United Kingdom General Data Protection Regulation or the “UK GDPR”;
    2. The Data Protection Act 2018; and
    3. The Privacy and Electronic Communications Regulations, often referred to as the “PECR”.

  2. In short, we must ensure that your personal data is:

    1. used fairly, lawfully and transparently;
    2. used for specified, explicit purposes;
    3. used in a way that is adequate, relevant and limited to only what is necessary;
    4. accurate and, where necessary, kept up to date;
    5. kept for no longer than is necessary; and
    6. handled in a way that ensures appropriate security.

6. Your Obligations

  1. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example, a new address or email address.
  2. Where you provide us with personal data relating to another individual, you are responsible for providing the individual with a copy of this privacy policy and ensuring that they understand how we will use their data and what data protection rights they have.

  3. You must provide the personal data we request where this is necessary for us to meet legal obligations and/or you are contractually obliged to do so under our terms and conditions. If you do not do so, we may be unable to provide the services to you.

7. Types of personal data we collect about you

  1. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

    1. Contact Data - Including your billing address, delivery address, email address and telephone number.
    2. Identity Data - Including first name, maiden name, last name, occupation, passport number or other similar identifier, username or similar identifier, title, date of birth, citizenship and gender.
    3. Financial Data - Including bank account and payment card details.
    4. Transaction Data - Including details about payments to and from you and other details of products and services you have purchased from us.
    5. Usage Data - Including information about which products and services we provide to you and how you interact with and use our website, products and services.
    6. Technical Data - Including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
    7. Marketing & Communication Data - Including your communications with us and your preferences in receiving marketing from us
    8. Profile Data - Including your username and password, purchase or orders made by you, preferences, feedback and survey responses.
    9. Public Data - Including data about you which is publicly available from third parties e,g, Companies House or the Electoral Register.
    10. External Data - Including data we receive about you from third parties which is not public e.g. results of Anti Money Laundering and Know Your Client checks from our third party service provider.
    11. Special Categories of Personal Data - Including numerical biometric data, e scans of face geometry and voiceprints which are required by our third party identity verification provider to carry out Anti Money Laundering and Know Your Client checks.

8. Other data we collect about you which is not personal data

  1. We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

9. Additional information about special categories of personal data

  1. As mentioned, we may process special categories of personal information. We do this in the following circumstances:
    1. Where it is required to carry out identity verification, Anti Money Laundering and/or Know Your Client checks.
    2. Where we need to process this information to exercise rights and perform obligations in connection with any services to be provided to you.
    3. Where it is needed in the public interest, such as in response to Companies House queries.
    4. Where we need to carry out our legal obligations or exercise our rights.
    5. Where it is necessary to protect you or another person from harm.
    6. Where it is needed in relation to legal claims.
    7. Where you have already made the information public.

  2. We do not need your consent if we use special categories of your personal data in accordance with this policy and/or to carry out our legal obligations or exercise specific rights.

10. How your personal data is collected.

We collect personal data in the following ways:

  1. Through your interactions with us.

    You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

    • apply for our products or services;
    • use our live chat service
    • create an account with us;
    • subscribe to our service or publications;
    • request marketing to be sent to you;
    • enter a competition, promotion or survey; or.
    • give us feedback or contact us.

  2. Using automated technology
    As you interact with our website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy.

  3. From publicly available sources. We may collect personal data from publicly available sources such as Companies House, the Electoral Register and credit reference agencies.

  4. From third parties.
    We may receive personal data about you from the following third parties:

    • Another member of our corporate group.
    • Any intermediary you use to interact with us
    • Analytics providers e.g. Google
    • Partners who refer you to us
    • Search information providers
    • Payment providers e.g. Stripe
    • Social media platforms
    • Identity Verification service providers e.g. Equifax, Credas, Creditserve and Onfido
    • Website support and maintenance providers
    • Other third party service providers that we use to provide the website and/or our services

  5. Recordings
    We may monitor, record, store, and use any telephone, email, or other communication with you, including those that contain personal data. We do this to check any instructions given to us, for training purposes, to prevent crime, and to improve the quality of our customer service.

11. How we use your personal data

  1. The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
    1. Performance of a contract with you
      Where we need to perform the contract we are about to enter into or have entered into with you.
    2. Legitimate interest
      We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
    3. Legal obligation
      We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
    4. Consent
      We rely on consent where we have obtained your active agreement to use your personal data for a specified purpose. We only rely on consent as a legal basis for processing your personal data when we share personal data with our third party partners in respect of referrals.
  2. Set out below are specific details of the processing activities we undertake with your personal data and the lawful basis for doing this.
    Purpose/ActivityType of dataLawful basis for processing

    to register you as a new customer

    identity & contact

    • to perform our contract with you

    to process and deliver your order, manage payments, fees and charges and debt recovery

    identity, contact, public, external, financial, technical, transaction and marketing & communications

    • to perform our contract with you
    • as necessary for our legitimate interest in recovering debts due to us

    to carry out mail forwarding

    identity, contact, public, external & financial

    • to perform our contract with you

    to manage our relationship with you, notifying you about changes to our Terms or Privacy policy and ask you to leave a review

    identity, contact, transaction, profile & marketing & communications

    • to perform our contract with you
    • as necessary to comply with a legal obligation
    • as necessary for our legitimate interests in keeping our records updated and analysing how customers use our products/services.

    to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    identity, contact & technical

    • as necessary for our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise
    • as necessary to comply with any legal obligations

    to deliver relevant website content/advertisements to you and measure or understand the effectiveness of our advertising

    identity, contact, profile, transaction, usage, marketing & communications & technical

    • as necessary for our legitimate interests in studying how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

    to use data analytics to improve our website, products/services, marketing, customer relationships and experiences

    transaction, technical & usage

    • as necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

    to make suggestions and recommendations to you about goods or services that may be of interest to you, including promotional offers

    identity, contact, transaction, technical, usage & profile

    • as necessary for our legitimate interests to develop our products/services and grow our business

    to share with our referral partners where you have requested this including requesting a service at checkout or clicking our referral partners' links

    identity, contact, profile, usage, marketing & communications & technical

    • to perform our contract with you
    • as necessary for our legitimate interests to develop our products/services and grow our business

    to enable you to partake in a prize draw, competition or complete a survey

    identity, contact, technical & profile

    • to perform our contract with you
    • as necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

    to conduct and keep a record of identity and address checks and verification in line with anti-money laundering and know your client requirements

    identity, contact, public, external, special categories of personal data

    • to perform our contract with you
    • as necessary to comply with a legal obligation
    • as necessary for our legitimate interests in keeping our records updated and prevention of unlawful or unethical activity
  3. We will only use your personal data for the purpose that we originally collected it for, unless we reasonably consider that we need to use it for another reason which is related to the original purpose.
  4. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to use your personal data in this manner.

12. Marketing

Direct Marketing

  1. We may analyse your personal data to form a view on what products and or services we think may be of interest to you.
  2. You will only receive marketing communications from us, if you have requested information from us or purchased services from us, you have not opted out or we have another legal basis to send you the marketing communications.
  3. Please note that as you are a “corporate subscriber” it is not necessary for us to obtain your consent to direct marketing. However, you will always have the option to opt out of receiving direct marketing messages.

Third Party Marketing

  1. We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

Opting out of Marketing

  1. You can opt out of email or SMS marketing by clicking the unsubscribe button within the particular marketing email or message. You can to opt out of direct marketing at any time by contacting us.
  2. Please note that if you opt out of receiving marketing communications:
    1. you will still receive service-related communications that are essential for administrative or customer service purposes; and
    2. We may still use your personal data for other purposes provided we have a lawful basis to do so.

13. Sharing your Personal Data

  1. We may share your personal data where necessary with the parties set out below:
    OrganisationRelationship with usPurpose for sharing personal data

    Various, including but not limited to BSG Group Ltd

    Members of our corporate group

    • Administrative and operational support
    • Business improvement
    • Marketing of related products and services (unless unsubscribed from marketing)

    Identity verification and credit search providers Including but not limited to:

    Equifax
    Equifax Credit Reference and Related Services Privacy Notice | Equifax UK

    Creditserve

    Credas
    Privacy Notice | Read | Credas

    Onfido
    product-privacy-notice-identity-verification-services.pdf

    Third party service provider of Identity verification, anti-money laundering and know your client checks

    • To verify identity and address to comply with AML/KYC requirements and prevent fraud

    Payment processors Including but not limited to:

    Trust Payments
    Privacy Policy | Trust Payments

    Stripe
    Privacy Policy

    Third party service provider of payment processing services

    • To facilitate payments in relation to the purchase of our services

    Companies House
    Personal information charter - Companies House - GOV.UK

    Government Agency

    • To perform the services you have requested
    • To assist with compliance and integrity investigations

    Business Data Group Limited

    Third party service provider of software

    • To help set up and/or amend accounts and services

    Customer support and communication platforms Including but not limited to:

    Zendesk
    DATA PROCESSING AGREEMENT

    Third party service provider of customer support platforms

    • To correspond with you and administer your account

    Digital marketing and CRM providers Including but not limited to:

    Spotler
    Data-Processing-Agreement-Spotler-v1.3-July-2025.pdf

    Mailjet
    Explore Data Processing Agreement - Sinch

    Customer.io
    Data Processing Addendum | Customer.io

    Twilio (SendGrid)
    Data Protection Addendum | Twilio

    Third party service provider of digital marketing services

    • To issue email, SMS and other marketing campaigns (unless unsubscribed from marketing)

    Hosting and domain providers Including but not limited to:

    DNSimple
    Privacy Policy | DNSimple

    Third party service provider of domain and web hosting solutions

    • To host our systems, store data securely, and support the operation of our web and online services
    • To enable us to provide you with domain registration services

    Digital marketing, SEO and website optimisation partners Including but not limited to:

    VWO
    Privacy Policy | VWO

    Third party service provider of digital marketing, SEO and website optimisation services

    • To test which versions of a page, feature, or layout performs better for specific audience segments
    • To show different content, offers, or layouts based on the customer’s profile or previous behaviour
    • To understand how specific customer groups interact with our site in order to improve usability and conversion rates

    Social media platforms Including but not limited to:

    Facebook

    LinkedIn

    TikTok

    Third party platforms

    • To assess the impact of our marketing activities, carry out targeted and retargeted promotions, launch broader campaigns, and collect insights about the market.

    Reviews and feedback platforms Including but not limited to:

    Trustpilot
    Trustpilot Legal - Privacy Policy

    Third party platforms

    • We invite our customers to provide a review of their buying experience using our website. We may temporarily share your information (name, email address and order number) with Trustpilot, to deliver an invite to share feedback; however their information will not be retained or shared with anyone else

    Delivery providers, including but not limited to:

    DHL
    Privacy Notice - DHL eCommerce - United Kingdom

    Royal Mail
    Royal Mail Group privacy notice│ Royal Mail Group Ltd

    Third party service providers of delivery and postal tracking services

    • To arrange and manage the delivery of post and mail forwarding and provide tracking services through third party providers

    Banking Partners

    As set out here

    Third party service providers with whom we have a referral relationship

    • To enable our referral partners to provide rewards, offers, or benefits you are eligible for, and to administer any related promotions or services

    Debt Recovery Agencies

    Third party service providers of collection and enforcement services

    • To recover debts owed to us

    Professional services

    Including but not limited to:

    • Accountants
    • Auditors
    • Lawyers
    • Professional advisors

    Third party service providers of professional services

    • To obtain accurate advice and services

    Government, law enforcement, regulators, investigators, and judicial authorities and bodies

    External authorities

    To comply with our legal obligations in relation to reporting, co-operation and the prevention of crime

    Other third parties

    Those whom we choose to sell, transfer, or merge parts of our business or our assets.

    Those whom we may seek to acquire or merge with.

    • To facilitate the sale, transfer, or merger of our business or assets; or to enable potential acquisitions or mergers with third parties
    • If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy
  2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Some of the third parties we share your personal data with will act as independent data controllers. This means they determine their own purposes and means of processing your personal data, and may use it in accordance with their own privacy notices. We share data with such parties only where it is necessary, lawful, and proportionate.
  3. Where these third parties are acting as controllers, you will need to contact them directly to exercise your data protection rights in relation to the information they hold about you.

14. Additional Information about Third Party Service Providers & Referrals

  1. Where we share personal data with our third party partners in respect of referrals, we will ask you to complete a form which will contain the personal data you consent to being provided to such partners. At the time you complete this form, the partner(s) with whom we will share your personal data will be expressly identified (e.g. the name of the bank if it relates to a referral to open a bank account).
  2. We will also ask you to consent expressly to this sharing of your personal data by ticking a tick-box. This will include a statement setting out that you consent to the partner contacting you directly.
  3. Whenever you have provided consent, you have the right to withdraw your consent at any time.
  4. Please note that these third party partners are independent service providers which means that they will be data controllers in respect of the personal data provided to them. We are not liable in respect of how these third party partners use your personal data and recommend that you review their privacy policies before consenting to share your data.

15. International Transfers of Data

  1. When we refer to international transfers, we mean a transfer of your personal data outside of the European Economic Area or the United Kingdom.
  2. If it is necessary to share your data with third parties outside the European Economic Area or the United Kingdom so that we are able to provide the goods or services you have requested, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
    1. the country to which we transfer your data is one of the countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
    2. we have used specific agreements and/or clauses approved for use in the United Kingdom which give personal data the same protection it has in the United Kingdom with our service providers.
  3. Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the European Economic Area or the United Kingdom.

16. Data Retention (how long we keep your personal data)

  1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
  2. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
  3. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
  4. By law we have to keep basic information about our customers and customer contacts (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers.
  5. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you as it will no longer be classed as personal data according to the law.

17. Keeping your data secure

  1. The security of your personal information is extremely important to us. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  2. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

18. Third Party Links displayed on our website

  1. Our website may include links to third-party websites, plug-ins and applications. By clicking on these links or enabling connections you may be allowing third parties to collect or share your personal data.
  2. We have no control or liability in respect of these third-party websites, plug in or applications and are not responsible for their privacy policies.

  3. We strongly encourage you to review their privacy policies to understand what personal data they collect about you and how they use it.

19. Your Rights

You have a number of rights under data protection laws in relation to your personal data. You have the right to:

  1. Request access to your personal data (commonly known as a "subject access request").
    This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal data that we hold about you.
    This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  3. Request erasure of your personal data in certain circumstances.
    This enables you to ask us to delete or remove personal data where:
    1. there is no good reason for us continuing to process it;
    2. you have successfully exercised your right to object to processing (see below);
    3. where we may have processed your information unlawfully; or
    4. where we are required to erase your personal data to comply with local law.
      Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. Object to processing of your personal data
    You can object where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests).
    In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  5. Absolute right to object any time to the processing of your personal data for direct marketing purposes
    (see paragraph 12.5 for details of how to object to receiving direct marketing communications).
  6. Request the transfer of your personal data to yourself or to a third party.
    We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
    Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Withdraw consent at any time where we are relying on consent to process your personal data
    We only rely on consent in relation to the sharing of personal data with our third party partners in respect of referrals. You may withdraw your consent, however, this will not affect the lawfulness of any processing carried out before your consent is withdrawn.
    If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  8. Request restriction of processing of your personal data.
    This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
    1. if you want us to establish the data's accuracy;
    2. where our use of the data is unlawful but you do not want us to erase it;
    3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    4. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  9. https://ico.org.uk/for-the-public/ sets out helpful information for the public about your rights and how to exercise them.

20. Exercising Your Rights

  1. If you wish to exercise any of the rights set out above, please contact us using the details set out in this policy.
  2. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
  3. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

  4. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

21. Contact Details

  1. We have appointed a data protection officer (DPO) who is responsible for overseeing questions and complaints in relation to this privacy policy.
  2. If you have any questions, requests or complaints about this privacy policy or how your data has been handled, including any requests to exercise your legal rights, please contact us:
    1. by email at: dataprotection@bsqgroup.co.uk
    2. by post addressed to: Rapid Formations, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ.

22. Complaints

  1. You have the right to make a complaint at any time to the ICO, the UK regulator for data protection issues. You can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.
  2. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

23. Updates to this Privacy Policy

  1. We may update this Privacy Policy when required by law or at any time we deem necessary to ensure that it remains accurate.
  2. We encourage you to periodically refer to this policy to ensure that you have the most up to date information.
  3. Upon your first visit to the website following any updates, you are deemed to have accepted the updated policy terms.