Privacy Policy

The British Cycle & Scooter Association ("BCSA", "we", "us") is the data controller for personal data processed through this website and our certification programme. If you have questions about this policy, contact us at info@bcsatraining.org.

We collect the following categories of personal data:

• Contact information: name, email address, phone number, organisation, job title, and council area when you submit a form on our website.
• Programme data: when learners participate in our certification programme through a school, council, or organisation, we process limited data including a learner identifier, assessment results, and certificate details. For learners using our online learning platform, please see our Learner Privacy Notice which provides age-appropriate information about what data is collected and how it is used.
• Technical data: IP address, browser type, device information, and pages visited, collected automatically through cookies and similar technologies.
• Communication data: records of correspondence when you contact us.

We process personal data for the following purposes:

• Service delivery: to provide our certification programme, generate reports, and issue certificates.
• Enquiries and demos: to respond to your requests, arrange demonstrations, and provide information.
• Improvement: to analyse how our website and programme are used so we can improve them.
• Legal compliance: to meet our legal and regulatory obligations.
• Marketing: only with your explicit consent, to send information about our services. You can withdraw consent at any time.

We rely on the following lawful bases under UK GDPR:

• Legitimate interests: to operate our business and provide our services.
• Contract performance: to deliver services you or your organisation have engaged us to provide.
• Consent: for marketing communications and optional cookies.
• Legal obligation: where we are required to retain data by law.

We share data only in the following circumstances:

• With the council or organisation that engaged our services, in the form of aggregated reports and individual certification records.
• With our hosting and infrastructure providers, including TalentLMS (Epignosis LLC) who host our online learning platform on AWS infrastructure, under appropriate data processing agreements. TalentLMS hosts data in the United States with encryption at rest (AES-256) and in transit (TLS), covered by UK International Data Transfer Agreement safeguards.
• Where required by law or regulation.

We do not sell personal data to third parties. We do not transfer data outside the UK without appropriate safeguards.

We retain personal data only for as long as necessary:

• Enquiry data: 24 months from last contact, unless you become a customer.
• Programme data: for the duration of the contract with the commissioning organisation, plus 12 months.
• Assessment results: retained for 6 years from course completion (Limitation Act 1980 civil claims period).
• Certificate records: retained for verification purposes for 5 years from course completion.
• Website analytics: anonymised and aggregated data retained indefinitely; identifiable technical data retained for 26 months.

Under UK GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure: ask us to delete your data where there is no compelling reason to continue processing.
• Restriction: ask us to limit how we use your data.
• Portability: request your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.

To exercise any of these rights, email info@bcsatraining.org. We will respond within one month.

We use cookies to operate our website and understand how it is used. For full details, see our Cookie Policy.

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS) and at rest (AES-256), role-based access controls, and regular security reviews. Our website is hosted in the UK. Our learning platform is hosted by TalentLMS on AWS infrastructure in the United States, with appropriate international transfer safeguards in place.

We may update this policy from time to time. Significant changes will be communicated via our website. This policy was last updated in March 2026.

If you have concerns about how we handle your data, contact info@bcsatraining.org. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.