Privacy Policy

Last updated: 9 April 2026

Introduction

Sparkling Labyrinth Ltd ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This privacy policy explains how we collect, use, store, and share information about individuals who interact with our business, including website visitors, clients, and training participants.

We are registered as a data controller with the Information Commissioner's Office under registration number ZB247851. Our registered office is at 15 Queensway House, Redcliffe Way, Bristol, BS1 6NL, United Kingdom.

Information We Collect

We collect and process various types of personal information depending on your relationship with us:

Information You Provide Directly

When you contact us, register for a programme, or engage our services, you may provide:

  • Name and job title
  • Email address and postal address
  • Organisation name and details
  • Training requirements and preferences
  • Payment and billing information
  • Dietary requirements or accessibility needs for in-person training
  • Professional qualifications and experience relevant to training programmes

Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and general location
  • Browser type and version
  • Pages visited and time spent on site
  • Referring website addresses
  • Device type and operating system

Information from Training Delivery

During and after training programmes, we collect:

  • Attendance records
  • Assessment results and skill evaluations
  • Feedback and evaluation responses
  • Progress tracking data for multi-session programmes

How We Use Your Information

We process personal information for specific, legitimate purposes:

Service Delivery

We use your information to deliver training services, including programme administration, materials distribution, attendance tracking, and certification provision. This processing is necessary for the performance of our contract with you or your organisation.

Communication

We contact you regarding enquiries, bookings, programme updates, and administrative matters related to our services. Where we send marketing communications about other programmes, we rely on legitimate interest or consent depending on the circumstances.

Programme Improvement

We analyse feedback, assessment data, and evaluation responses to enhance our training content and delivery methods. This processing serves our legitimate interest in maintaining service quality.

Legal Obligations

We maintain records necessary for financial compliance, regulatory requirements, and professional standards. This includes attendance records for CPD accreditation and financial documentation for tax purposes.

Business Operations

We use aggregated, anonymised data to understand service demand, plan resource allocation, and make strategic decisions about programme development.

Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

  • Contractual necessity: Processing required to deliver training services and fulfil our obligations to clients
  • Legitimate interests: Business operations, service improvement, and client relationship management where not overridden by individual rights
  • Legal obligations: Compliance with financial regulations, professional body requirements, and tax law
  • Consent: Marketing communications where contractual or legitimate interest basis does not apply

Information Sharing and Disclosure

We do not sell personal information. We share information only in specific circumstances:

Service Providers

We work with carefully selected third parties who provide services including IT infrastructure, payment processing, email delivery, and virtual training platforms. These providers process data only on our instructions and under contractual obligations ensuring appropriate security.

Professional Bodies

Where training leads to professional certification, we share relevant information with accrediting organisations such as CIPD, ILM, or APM as required for qualification registration.

Client Organisations

When we deliver training commissioned by an organisation for its employees, we share attendance records, assessment results, and evaluation data with the commissioning organisation as appropriate for their HR and development purposes.

Legal Requirements

We may disclose information when required by law, court order, regulatory request, or to protect our legal rights and interests.

Data Retention

We retain personal information for different periods depending on its purpose:

  • Enquiry data: Retained for two years if no engagement results
  • Client records: Maintained for seven years after final engagement for financial and legal compliance
  • Training participant data: Kept for seven years to support CPD verification and certification queries
  • Marketing communications: Retained until consent is withdrawn or legitimate interest no longer applies
  • Website analytics: Typically retained for 26 months in anonymised form

After retention periods expire, we securely delete or anonymise information so individuals can no longer be identified.

Your Rights

Under data protection law, you have several rights regarding your personal information:

Access

You can request a copy of the personal information we hold about you, along with details of how we use it.

Correction

You may request that we correct inaccurate or incomplete information.

Erasure

In certain circumstances, you can ask us to delete your personal information. This right is not absolute and may not apply where we have legal obligations to retain data.

Restriction

You may request that we limit how we use your information while investigating a dispute about its accuracy or our processing.

Objection

Where we process information based on legitimate interests, you can object to this processing. We will cease unless we demonstrate compelling legitimate grounds that override your interests.

Portability

For information you have provided under contract or consent, you can request a copy in a structured, commonly used format for transfer to another controller.

Withdrawal of Consent

Where processing is based on consent, you can withdraw that consent at any time, though this does not affect the lawfulness of processing before withdrawal.

To exercise these rights, contact us at [email protected]. We will respond within one month, though complex requests may require up to three months with explanation.

Data Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls limiting who can view personal information
  • Regular security assessments and updates
  • Staff training on data protection obligations
  • Secure deletion procedures for data no longer required

While we maintain robust security, no transmission over the internet can be guaranteed completely secure. You provide information at your own risk, though we will notify you and relevant authorities of any breach affecting your rights and freedoms.

International Transfers

We primarily store and process data within the United Kingdom. Where we use service providers located outside the UK, we ensure appropriate safeguards are in place, including standard contractual clauses approved by UK authorities or transfers to countries with adequacy decisions.

Children's Privacy

Our services are directed at organisations and professional adults. We do not knowingly collect information from individuals under sixteen without appropriate parental or guardian consent.

Changes to This Policy

We review this privacy policy periodically and update it as necessary to reflect changes in our practices or legal requirements. The date at the top indicates when the policy was last revised. Significant changes will be communicated through our website or direct notification where appropriate.

Contact and Complaints

For questions about this privacy policy or how we handle your information, contact our data protection officer at [email protected] or write to:

Data Protection Officer
Sparkling Labyrinth Ltd
15 Queensway House
Redcliffe Way
Bristol BS1 6NL
United Kingdom

If you are dissatisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office at sparkling-labyrinth.com or by telephone on 0303 123 1113.