KINGS RIVER EDUCATION LTD
Privacy Policy
Last updated: 7 May 2026
1. Introduction
Kings River Education Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy. We specialise in safeguarding training, audits and investigations, delivered to organisations and individuals across the UK.
This Privacy Policy explains how we collect, use, share and protect personal data we obtain through our services, our website, our online learning platform, and through enquiries, training registers and related communications.
This policy is issued on behalf of Kings River Education Ltd. When we mention “Kings River Education”, “the Company”, “we”, “us” or “our” in this policy, we are referring to the data controller responsible for your personal data.
2. Who We Are
Kings River Education Ltd is a company registered in England and Wales. Our registration details are publicly available at Companies House.
• Company name: Kings River Education Ltd
• Company number: 11510229
• Registered address: AMF Accountancy, Westerfield Business Centre, Main Road, Westerfield, Ipswich, IP6 9AB
• ICO registration number: ZA513606 / Reference ICO:00013606862
• Data Protection contact: adam@kings-river.co.uk
• Website: www.kings-river.co.uk
Kings River Education Ltd acts as the “data controller” for personal data we collect in connection with our services, except where we process data on behalf of a client organisation (for example when conducting an audit or investigation), in which case we may act as a “data processor” under that client’s instructions.
3. Scope of This Policy
This policy applies to personal data we process in connection with:
• Clients and prospective clients who engage, enquire about, or purchase our safeguarding training, audit, investigation, consultancy or related services.
• Learners and delegates who attend or are enrolled on our training courses, whether delivered in person, virtually, or via our online learning platform.
• Visitors to our website at www.kings-river.co.uk.
• Users of our online learning platform hosted by Thinkific (www.thinkific.com).
• Individuals who are the subject of, or who provide information for, a safeguarding audit or investigation that we carry out for a client.
• Suppliers, contractors and other third parties we deal with in the course of our business.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
4. Personal Data We Collect
Depending on how you interact with us, we may collect the following categories of personal data:
4.1 Identity and contact data
• Full name, job title and employer.
• Email address, postal address and telephone number.
• Professional registration or membership numbers where relevant to a course.
4.2 Training and learning data
• Course enrolments, attendance registers and signed attendance sheets.
• Assessment responses, quiz results, completion status and certificates issued.
• Progress, time spent on modules and other learning analytics generated within the online learning platform.
• Feedback and evaluation responses.
4.3 Enquiry, transaction and contractual data
• Details of services enquired about, quotes, proposals and contracts.
• Purchase orders, invoices and payment records (we do not store full card details — payments are handled by our payment providers).
• Correspondence between you and us.
4.4 Audit and investigation data
Where we are commissioned to carry out a safeguarding audit or investigation we may receive, on behalf of the commissioning client, personal data about employees, volunteers, service users, complainants, witnesses and other relevant individuals. This may include special category data such as information about health, religion, sex life or sexual orientation, racial or ethnic origin, and information about alleged or actual offences. This data is processed strictly under the instructions of the commissioning client and in accordance with our contract with them.
4.5 Technical data
• IP address, browser type and version, device identifiers, time-zone setting and operating system.
• Information about your visit to our website and your use of the online learning platform, including pages visited, links clicked, and resources downloaded.
4.6 Marketing and communications data
• Your preferences in receiving marketing from us and your communication preferences.
5. How We Collect Personal Data
We collect personal data through the following routes:
• Directly from you — when you enquire about, register for or purchase a course or service, complete a contact form, sign an attendance register, create an account on our online learning platform, or correspond with us.
• From your employer or course sponsor — where they book training on your behalf or supply attendance lists.
• From a commissioning client — where we are appointed to carry out an audit or investigation.
• Automatically — through cookies and similar technologies when you use our website or online learning platform (see Section 11).
• From third parties — such as professional networks, publicly available sources, regulators or referees, where this is relevant and lawful.
6. Our Lawful Bases for Processing
Under the UK GDPR we must have a lawful basis to process your personal data. The bases we rely on are summarised below:
Activity
Lawful basis
Responding to enquiries and providing quotes
Article 6(1)(b) — contract / Article 6(1)(f) — legitimate interests
Delivering training, including registers, assessments and certificates
Article 6(1)(b) — contract
Operating and securing the online learning platform
Article 6(1)(b) — contract / Article 6(1)(f) — legitimate interests
Conducting audits and investigations for clients
Article 6(1)(b) — contract / Article 6(1)(c) — legal obligation / Article 6(1)(f) —
legitimate interests
Processing special category data in audits and investigations
Article 9(2)(b), 9(2)(f) or 9(2)(g) plus DPA 2018 Schedule 1 conditions, including safeguarding of children and individuals at risk
Accounting, billing and statutory record-keeping
Article 6(1)(c) — legal obligation
Direct marketing to existing or prospective business clients
Article 6(1)(f) — legitimate interests, with opt-out / Article 6(1)(a) — consent where required (e.g. PECR)
Improving our services and website
Article 6(1)(f) — legitimate interests
Where we rely on legitimate interests we have carried out a balancing test to confirm that our interests are not overridden by your interests, rights and freedoms. Where we rely on consent (for example for non-essential cookies or specific marketing channels) you have the right to withdraw consent at any time.
7. How We Use Personal Data
We use personal data to:
• Provide, administer and deliver safeguarding training, audits, investigations, consultancy and related services.
• Maintain accurate training registers and issue certificates of completion.
• Manage your account on the online learning platform, including authentication, progress tracking and learner support.
• Process payments, manage invoicing and meet our financial and tax obligations.
• Communicate with you about bookings, course updates, policy changes and service changes.
• Carry out audits and investigations on behalf of commissioning clients, including drafting reports and recommendations.
• Comply with legal, regulatory and safeguarding obligations, including reporting to relevant authorities where required.
• Send relevant marketing communications, where lawful, and only on the basis described in Section 6.
• Improve, develop and protect our services, website and online learning platform.
8. Who We Share Personal Data With
We do not sell personal data. We share personal data only where necessary and on a lawful basis, including with:
• Commissioning clients — for example, where we deliver training, audits or investigations, we may share registers, certificates and reports with the relevant client organisation.
• Our online learning platform provider — Thinkific Labs Inc., which hosts our online learning platform at www.thinkific.com and acts as our processor.
• Professional advisers — such as accountants, insurers and lawyers, where reasonably required.
• IT and business service providers — including hosting, email, payment processing, video conferencing, secure file transfer and document management providers.
• Regulators and authorities — including the Information Commissioner’s Office, HMRC, the police and statutory safeguarding partners, where we are legally required or permitted to share information.
• Successors in title — in the event of a sale, merger or restructuring of our business.
We require all third parties who process personal data on our behalf to do so under a written contract that meets the requirements of the UK GDPR.
9. International Transfers
Some of our service providers, including our online learning platform provider, are located outside the UK. Where personal data is transferred outside the UK we ensure that an appropriate safeguard is in place, such as:
• Transfers to countries the UK has determined provide an adequate level of data protection.
• The use of the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
• Other lawful transfer mechanisms permitted under the UK GDPR.
You can request further information about the safeguards we use by contacting us at adam@kings-river.co.uk.
10. How Long We Keep Personal Data
We keep personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy any legal, accounting, regulatory or reporting requirements. The principal retention periods are:
Category of data
Retention period
Enquiry data where no contract is entered into
Up to 24 months from last contact
Client and contract records
7 years following the end of the contractual relationship (financial records)
Training registers, attendance records and certificates
Minimum of 6 years to support evidence of training, longer where required by client contract or statutory safeguarding obligations
Online learning platform account data
For the duration of the account plus 6 years, or as agreed with the relevant client
Audit and investigation files
In accordance with the commissioning client’s instructions and any statutory minimum retention period
Marketing data
Until you opt out, or 24 months of inactivity, whichever is sooner
Website analytics and cookie data
As set out in Section 11 / our cookie banner
Where we no longer need personal data we will securely delete it or anonymise it so that it can no longer be associated with you.
11. Cookies, Website and Online Learning Platform Tracking
Our website at www.kings-river.co.uk and our online learning platform (hosted at www.thinkific.com) use cookies and similar technologies to function correctly, to remember your preferences, and to help us understand how visitors and learners use them.
11.1 Categories of cookies we use
• Strictly necessary cookies — required for the website or learning platform to function (for example, account login, session management and security).
• Performance and analytics cookies — help us understand how visitors and learners interact with the site so that we can improve it.
• Functionality cookies — remember choices you make, such as your language or region.
• Online learning platform cookies — set by Thinkific to support authentication, course progression, video playback and learner analytics.
11.2 Your choices
Where required by law we will ask for your consent before placing non-essential cookies, via a cookie banner. You can change your preferences at any time using the cookie settings on the site, or by adjusting your browser settings to refuse or delete cookies. Disabling certain cookies may affect the functionality of the website or learning platform.
11.3 Learner activity within courses
When you complete a course on the online learning platform we record information such as your name, email address, course progress, time spent, quiz answers, completion status and the date a certificate was issued. This information is shared with the organisation that purchased the training where relevant (for example, your employer).
12. How We Protect Personal Data
We have appropriate technical and organisational measures in place to protect personal data against unauthorised access, accidental loss, alteration, disclosure or destruction. These include:
• Access controls and role-based permissions on systems holding personal data.
• Encryption in transit (TLS) for data exchanged with our website and online learning platform.
• Use of reputable, security-vetted suppliers for hosting and IT services.
• Secure storage of paper records and confidential disposal of documents that are no longer needed.
• Staff and associate training in confidentiality, safeguarding and data protection.
• Documented procedures for identifying, investigating and reporting personal data breaches, including notification to the Information Commissioner’s Office where required.
13. Your Rights
Under the UK GDPR you have the following rights in respect of personal data we hold about you:
• Right of access — to obtain a copy of personal data we hold about you.
• Right to rectification — to have inaccurate or incomplete personal data corrected.
• Right to erasure — to ask us to delete personal data in certain circumstances.
• Right to restrict processing — to ask us to limit how we use your personal data in certain circumstances.
• Right to data portability — to receive personal data you have provided to us in a structured, commonly used and machine-readable format.
• Right to object — including to direct marketing and to processing carried out on the basis of legitimate interests.
• Rights in relation to automated decision-making — we do not currently use automated decision-making or profiling to make decisions that produce legal or similarly significant effects.
• Right to withdraw consent — where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at adam@kings-river.co.uk. We may need to verify your identity before responding. We will respond within one month, although in some cases we may extend this period in line with the UK GDPR.
Where we are processing personal data on behalf of a client (for example as part of an audit or investigation), we will pass your request on to that client and assist them as required by our contract with them.
14. Marketing
We may send you information about our training, audit and investigation services where you have opted in or where we have a legitimate interest to do so (for example, where you are an existing business client). You can opt out of marketing at any time by following the unsubscribe link in any marketing email or by contacting us at adam@kings-river.co.uk.
15. Children’s Data
Our services and online learning platform are intended for adult learners and professional clients. We do not knowingly direct marketing to children. Where personal data about children or other individuals at risk forms part of an audit or investigation, that data is processed only on behalf of, and under the instructions of, the commissioning client and in line with safeguarding obligations.
16. Complaints and the ICO
If you have any concerns about how we handle your personal data, please contact us first at adam@kings-river.co.uk so that we can try to resolve the matter.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator. Our ICO registration reference is ICO:00013606862. The ICO can be contacted at ico.org.ukor on 0303 123 1113.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our services, technology, legal requirements or business practices. The “Last updated” date at the top of this policy will indicate when it was last revised. Material changes will be communicated through our website or, where appropriate, directly to affected individuals.
18. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact:
• Kings River Education Ltd
AMF Accountancy, Westerfield Business Centre, Main Road, Westerfield, Ipswich, IP6 9AB
Email: adam@kings-river.co.uk
Website: www.kings-river.co.uk
Company number: 11510229 ICO registration: ICO:00013606862