Cenit College UK is committed to data security and the lawful, fair and transparent processing of personal data. This privacy notice sets out how we manage and protect your personal data in compliance with applicable data protection law, including the UK/EU General Data Protection Regulation (EU) 2016/679.
It explains how and why we collect, store, use and share (process) personal data, how to contact us and the supervisory authority should you need further information or wish to report a concern about the way in which we process your data.
We will never sell your personal data to third parties.
Company Details
Cenit College UK Ltd.
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
Company Registration No: 15635921
For the purposes of GDPR, Cenit College UK Ltd may act in the capacity of Controller or Processor when processing your personal data.
2.1 Visitors to our website
When visiting our website, you will be able to select and save your cookie preference when accessing the home page. We use essential cookies, which are necessary for the operation and security of our website, and optional performance and advertising cookies.
For details of the types and functionality of the cookies and the information we collect https://www.cenitcollege.co.uk/cookie-overview/
2.2 Enquiries
We collect your contact details, content and copies of your communications with us by email and telephone, or when you complete our Contact Us or Enquiry form.
We use your personal and contact information to respond to enquiries and to manage our relationship with you
2.3 Recruitment
When you apply for a vacancy we will obtain your name, address, email address, telephone number(s), employment history, details of your qualifications and your CV.
We will also retain details (and copies) of your communications and interactions with us via our recruitment team or otherwise, including by email, telephone and post.
We will record details of the documents you provide as proof of identity, such as driving licence and passport, required as part of the recruitment process, or where there is a legal reason to request this from you.
(Cenit College UK acts as a controller in respect of the personal data of our employees. Employee data is processed in compliance with employment laws to meet our legal obligations as an employer. Further information is provided in our Employee Privacy Notice).
2.4 Suppliers and Client Partners
We collect personal and contact information when you contact us online or apply to join our preferred supplier list. The information we collect will consist of the name of the company contact, their job title, company details, email address and telephone number(s).
Depending on the service you provide we may also collect; VAT registration number, bank details, UTR number (if applicable) and credit references.
Details (and copies) of communications and interactions between us, by email, telephone, post or via our website, including through our Shared Services teams (including Finance).
Information about how you use our website, and if applicable which websites you were redirected from.
We may receive personal data directly from you or from various third parties and public sources, including from social media channels (if you interact with us through those channels).
2.5 Commercial Activity
Cenit College UK also acts as a Controller for certain commercial activities. This includes, but is not limited to:
In these cases, Cenit College UK determines the purpose and means of processing personal data. We collect and process this data under the lawful bases of contract, legitimate interest, or consent, depending on the nature of the interaction.
2.6 Skills Bootcamp Courses
When delivering courses on behalf of commissioners, such as the Department for Education for our Skills Bootcamp courses, Cenit College UK will act as a processor. We process personal data according to their instructions.
2.6.1 Personal information we may collect
2.6.2 Special Category Data
We may collect special category data based on contractual requirements from our commissioners, which for Skills Bootcamp may include:
For further information, please refer to the DfE privacy notice. https://www.cenitcollege.co.uk/dfe-privacy-notice-for-skills-bootcamps
2.6.3 Why do we collect your personal information (Lawful Basis)
2.6.4 Video Conferencing and recording of online lessons
To enable video conferences and online lessons or meetings to take place in the context of increased flexible and remote working, Cenit College UK will use approved Microsoft Teams and Zoom, which have recording capabilities.
To enhance the learning experience, learners are encouraged to keep their cameras on during online training sessions. Sessions may be recorded for educational purposes, and learners will be notified before recording begins. Recorded sessions will be securely stored and only available to participants on the course through our learning platform (Moodle).
2.6.5 How do we collect your personal information
When you:
2.6.6 How will we use your data?
We will use your information to
We process personal data to provide administrative and support services to our learners. Additionally, we process personal data because it is necessary for the performance of a contract or to take steps at an individual’s request prior to entering a contract. For example, this may include interacting with individuals before they are enrolled as a learner as part of the onboarding process.
2.6.7 How do we store your data?
cenitcollege.co.uk, my.cenitcollege.co.uk and www.cenitsys.co.uk are hosted on a secure dedicated server with multiple hardware redundancy levels (RAID) within UK/EEA borders. This provides the best performance and server uptime for learners. We may need to undertake routine maintenance from time to time, resulting in our websites going offline for a period (typically a few minutes) or for more non-routine maintenance, where there is hardware failure (usually an hour).
In the event of a scheduled upgrade of the Moodle platform, a banner message will be posted on the Cenit College UK Moodle platform (my.cenitcollege.co.uk) advising of the date and time of the upgrade and its estimated duration. In the event of a full outage of the Moodle platform, a banner message will be posted on the Cenit College UK website advising of the estimated outage duration.
We follow industry standards on information security management and safeguarding sensitive information. Our information security systems apply to people, processes and information technology systems on a risk management basis. Our security controls are designed to maintain the Confidentiality, Integrity and Availability of personal information at all times.
We have technical measures such as password complexity requirements, anti-virus and anti-mailware software, firewalls, encryption, and multifactor authentication in place.
We perform regular audits and testing to ensure your information’s safety.
No method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot 100% guarantee your personal information’s absolute security. Although we take all the security measures, we ensure we are as proactive as possible.
Where necessary, we may transfer personal information outside of the UK, but it will remain within the boundaries of the EEA. When doing so, we comply with the UK GDPR and EU GDPR, ensuring appropriate safeguards are in place.
We will only keep your personal data for as long as necessary. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where Cenit College UK are the Processor, we will keep your data for the retention period specified by the Controller (e.g. 7 years for Skills Bootcamp courses as per DfE guidelines).
At the end of the retention period, personal data will be returned to the Controller (e.g. DfE) if requested, deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
In some circumstances you may be entitled to ask us to delete your data: see Data Subject Rights below for further information.
This will depend on our relationship with you
6.1 Learners:
We may share personal data in the following circumstances:
6.2 Applicants:
We may share personal data in the following circumstances:
6.3 Suppliers & Client Partners:
7.1 Automated Decision-Making and Profiling
Cenit College UK does not engage in automated decision-making or profiling as defined by Article 22 of the GDPR.
All learner enrolment, assessment, certification, or employment decisions are reviewed and processed by qualified personnel. Should this change in the future, data subjects will be notified, and additional protections will be applied under GDPR requirements.
7.2 Use of Artificial Intelligence (AI)
Cenit College UK may use AI-powered tools to support its educational and administrative functions. These tools assist with improving the learner experience, providing support, and enhancing operational efficiency. Where used, AI tools do not make final decisions that affect individuals without human oversight.
Examples include:
Cenit College UK do not currently use AI for:
Any use of AI is subject to human review and is regularly assessed to ensure fairness, accuracy, and compliance with data protection legislation. Where AI tools are used, they are configured to minimise bias and are not permitted to override human decision-making.
If the use of AI significantly impacts a learner’s rights or experience, Cenit College UK will provide prior notice and offer a human point of contact to review decisions or clarify the process.
Under data protection laws in the UK, you have the right:
If you submit a request, we will respond as soon as possible and within one month of receipt, or on receipt of proof of identity if requested. If the request is complex, we may extend this period by up to two additional months. In such cases we will inform you of the extension and the reasons for the delay within 30 days of receipt of your request.
If you require this notice in an alternative format, please get in touch with us at dataprotection@cenitcollege.co.uk.
If you have any queries or concerns relating to this Privacy Notice, the processing of your personal data, or you wish to exercise any of your data subject rights please contact the Data Protection Manager.
To help us process your request, please provide the following information:
Please note that verification of your identity may be required.
Requests should be sent to:
Data Protection Manager
Email: dataprotection@cenitcollege.co.uk
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commission (IC) (formerly the ICO). The IC contact details are available on their website: https://ico.org.uk/concerns/
Or by writing to: Information Commission, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF
Helpline: 03031231113
We periodically update our privacy notice, which is published on our website (https://www.cenitcollege.co.uk/). The last update was in August 2025.
The DPM will monitor this policy as part of their annual quality audit to ensure the currency and relevance of this policy.
In conjunction with the Board of Directors, the DPM will continuously monitor and approve this policy using the following mechanisms.
| Cookie | Duration | Description |
|---|---|---|
| __stripe_mid | Stripe sets this cookie to process payments. | |
| __stripe_sid | Stripe sets this cookie to process payments. | |
| cookielawinfo-checkbox-advertisement | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Advertisement". | |
| cookielawinfo-checkbox-analytics | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Analytics". | |
| cookielawinfo-checkbox-functional | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Functional". | |
| cookielawinfo-checkbox-necessary | Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category. | |
| cookielawinfo-checkbox-others | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Others". | |
| cookielawinfo-checkbox-performance | Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance". | |
| CookieLawInfoConsent | CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie. | |
| m | Stripe sets this cookie for fraud prevention purposes. It identifies the device used to access the website, allowing the website to be formatted accordingly. | |
| PHPSESSID | This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. | |
| rc::a | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. | |
| rc::c | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| Cookie | Duration | Description |
|---|---|---|
| _fbp | Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. | |
| _ga | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | |
| _ga_* | Google Analytics sets this cookie to store and count page views. | |
| _gat_UA-* | Google Analytics sets this cookie for user behaviour tracking.n | |
| _gcl_au | Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services. | |
| _gid | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. | |
| last_pys_landing_page | PixelYourSite plugin sets this cookie to manages the analytical services. | |
| last_pysTrafficSource | PixelYourSite plugin sets this cookie to manage the analytical services. | |
| pbid | PixelYourSite plugin sets this cookie to manage the analytical services. | |
| pys_first_visit | PixelYourSite plugin sets this cookie to manage the analytical services. | |
| pys_landing_page | PixelYourSite plugin sets this cookie to manages the analytical services. | |
| pys_session_limit | PixelYourSite plugin sets this cookie to manage the analytical services. | |
| pys_start_session | PixelYourSite plugin sets this cookie to manage the analytical services. | |
| pysTrafficSource | PixelYourSite plugin sets this cookie to manage the analytical services. | |
| vuid | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website. |
| Cookie | Duration | Description |
|---|---|---|
| __cf_bm | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | |
| _cfuvid | Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services | |
| li_gc | Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes. | |
| lidc | LinkedIn sets the lidc cookie to facilitate data center selection. | |
| wcml_client_currency | Description is currently not available. | |
| wcml_client_currency_language | Description is currently not available. | |
| wp-wpml_current_language | WordPress multilingual plugin sets this cookie to store the current language/language settings. | |
| wpEmojiSettingsSupports | WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly. |
| Cookie | Duration | Description |
|---|---|---|
| bcookie | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs. | |
| NID | Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads. |
