You may well be aware of the new General Data Protection Regulations (GDPR) that came into effect in May 2018.  This privacy notice is being given to you in order to comply with those regulations. The purpose is to explain:
– How and why we collect personal information about you
– what we will do with the information we collect about you
– How you can control what we do with your personal information

We will do this for each of the two main phases of your engagement with us:
– Marketing communications
– Employing an Apprentice

Marketing communications are primarily governed by the Privacy and Electronic Communications Regulations (PECR) rather than GDPR and this privacy notice also covers this aspect of the regulatory framework in which we operate.

How and why we collect information

Marketing communications

Our aim in sending information to employers is to inform them about financial support available from the government for the training and development of staff and, in particular, the benefits of the apprenticeship scheme for:
– Improving the skills and productivity of existing staff
– Introducing new, younger talent into the organisation

There are three main ways in which Boom Training acquires information about employers for the purposes of marketing communications.  They include:
– Researching company websites
– LinkedIn
– Bought lists (in all cases from a supplier that collects and resells information in accordance with GDPR regulations)

In doing so we collect (at most) the following information:
– Company name, address and telephone number
– Contact name, job title and email address

Under the PECR it is permissible to send marketing communications emails to ‘corporate subscribers’ (e.g. a business email address) without seeking active opt-in permission.  However, we will always offer a simple opt-out option and make this clear and transparent in all marketing communications. In order to avoid collecting and sending marketing communications to private individuals, we will never send an email to domains primarily used for this purpose, e.g. @hotmail, @outlook, @gmail, @aol etc..  We will also excludes domains ending with ‘.me’.

Under GDPR the legal gateway under which we justify our approach to marketing communications is ‘legitimate business interest’: we consider the purpose of disseminating information to employers about government support available for their organisation to be a justifiable reason for sending email communications.

If you are self-employed or a sole trader but your email address uses the domain name of your trading business, the PECR regulations do apply and it is possible you may receive a marketing communications email from us inadvertently.  In this case, we apologise in advance and will be happy to remove your information immediately on request. Please see below for contact details.

Training delivery

Where an organisation engages with Boom Training for the purpose of government-funded training delivery, our role changes from Data Controller, to Data Processor.  The Data Controller in this case is the Education & Skills Funding Agency (ESFA). The ESFA Privacy Notice can be found here.

Our justification for collecting data is therefore ‘legitimate interest’ in that we are required to do so as a condition of our funding agreement with the government.

Almost all of the information we collect for the purpose of training delivery relates to the corporate body of the employer and is therefore not subject to GDPR.  Personal information relating to individuals includes name, job title, email address and (in some cases) direct line or mobile telephone number.

Information we request from you will normally be collected on forms we send you to complete as part of the enrolment process.  These forms are normally sent electronically using a software platform called Docusign which is a secure means of enabling form completion and signing.

What we do with your information


We use your organisation/personal information to:
– Inform you about government support for training and associated services Boom Training can provide
– Comply with Government/ESFA rules and regulations (enrolled apprentices)
– Provide information to applicants about vacancies advertised by us on behalf of an employer
– Coordinate the delivery of training to your staff
– Secure your input into training programmes we are providing
– Provide feedback about candidate progress
– Seek your views about the quality of services we provide
– Analyse our performance in order to improve operational efficiency and performance

Storing, archiving, deleting and protecting

Marketing communications

Our justification for storing/retaining information about employers and staff they employ is ‘legitimate interest’ – we wish to continue to send information to your organisation concerning government support for training and related services (e.g. recruitment of apprentices) we can provide.

We will retain this information indefinitely.  In accordance with PECR, we will always offer an easy and transparent mechanism for employers to opt out of receiving such emails and/or have their records deleted.

Training delivery

As outlined above, our justification for storing/retaining information about employers and staff they employ is ‘legitimate interest’ – we are required to do so by our funding regulations.  

We are required to retain information concerning learners and employers until 31 December 2030.  After this date, all records pertaining to training delivery will be securely destroyed using a certificated service.

We use third parties (other companies) who provide us with storage facilities for our electronic data files and information (i.e. they act on our behalf as data processors).  All of these suppliers have updated their policies and procedures to ensure they are compliant with data protection laws and we have signed agreements in place with these organisations to confirm this.  All of our suppliers have security and backup systems in place that are compliant with UK Government and EU regulations.

In some cases we have printed copies of documentation and some of this may contain personal information.  All such documentation is kept in locked file storage at our offices in Southampton to ensure that this is also safe and secure.

More information concerning our ‘Policy and Procedures for Information Security and Data Protection’ are available on request (see below for contact details).


We share your information with the ESFA and intermediary funding partners through whom we access ESFA funding.  We may also occasionally be required to share it with Ofsted for quality monitoring purposes.

We will NEVER sell or share your information to any third party for commercial purposes.

How to control your personal information

Marketing communications

The information we hold about you belongs to you.  At any time you can ask us to:
– Send you the personal information we have on file that relates to you
– Ask us to delete your personal information

Training delivery

This information also belongs to you but in this case the data controller is the ESFA.  We can process your request to send you information held about you or delete your information. However, this request will be forwarded to the ESFA who will then instruct us on how to deal with the request.

How to find out more

If you have any queries about your personal information, please contact Andrew Hooper:

T: 023 8068 2060