BCSABritish Cycle & Scooter Association

Trust & Safety

Safeguarding

How we protect young people and vulnerable learners who use our programme.

Our approach

The British Cycle & Scooter Association recognises that many learners using our programme are children and young people. We take our responsibility to safeguard them seriously, even though our role is that of a platform and content provider rather than a direct educator.

School-Controlled Access

BCSA staff have no direct contact with learners. All interactions with young people are managed by the school, council, or organisation that commissions the programme. Access to the learner platform is controlled entirely by the commissioning body.

Minimal Personal Data

We collect only the minimum data necessary: first name, last initial, and organisation. No email addresses, dates of birth, photographs, or other personally identifiable information is required from under-18 learners.

Privacy by Default

No third-party analytics, advertising, or behavioural tracking. No cookies beyond the essential session cookie. No social features or user-generated content. The learner interface contains no external links.

UK GDPR Alignment

Our website is hosted in the UK and our learning platform is hosted by TalentLMS on AWS infrastructure in the United States with appropriate international transfer safeguards in place. Processing is lawful under UK GDPR Article 6(1)(f) for legitimate interests, with a completed Legitimate Interest Assessment available on request. Learners, parents, and schools can request access to, correction of, or deletion of personal data at any time. Technical and organisational measures protect data in transit and at rest.

Organisational Responsibility

The commissioning organisation retains full responsibility for safeguarding in their setting. BCSA provides the platform and content; the organisation manages learner access, supervision, and safeguarding disclosures.

Age-Appropriate Content

All programme content is reviewed for age-appropriateness and designed for learners from Year 5 upwards. Content avoids graphic imagery, distressing material, and dark patterns. The interface follows ICO Age Appropriate Design Code principles.

ICO Children's Code (Age Appropriate Design Code)

The learner-facing platform is designed with reference to the 15 standards of the ICO Age Appropriate Design Code. Key measures include: data minimisation as the default, no profiling or behavioural nudges, high privacy settings by default, no detrimental use of collected data, and transparency appropriate to the age of the user. A full mapping of our compliance against each standard is available on request.

Keeping Children Safe in Education (KCSIE) 2025

Our safeguarding approach aligns with the requirements of Keeping Children Safe in Education (KCSIE) 2025, the statutory guidance for schools and colleges in England. Specifically: BCSA staff who may attend school settings hold current DBS checks; our platform design ensures no unsupervised adult access to children through our systems; data handling follows the principle of minimal collection as recommended in Part 2 of KCSIE; and our safeguarding statement is reviewed annually by BCSA leadership.

Data Protection Impact Assessment (DPIA)

We provide a DPIA starter template for any school or council deploying the programme. This template covers the specific data flows within the BCSA platform and can be completed in conjunction with your Data Protection Officer. For council-wide deployments, we will work directly with your DPO to complete the DPIA for your specific configuration.

Hosting & Data Retention

Our website is hosted in the UK. The learning platform is hosted by TalentLMS on AWS infrastructure in the United States with appropriate international transfer safeguards in place. Learner data is retained for the duration of the commissioning organisation's contract plus 12 months, after which it is securely deleted. Assessment results may be retained for 6 years from course completion, and certificate records may be retained for 5 years from course completion for verification purposes. Full details are available in our Privacy Policy.

Reporting concerns

If you have a safeguarding concern related to the use of our programme, please contact the designated safeguarding lead at the school or organisation where the programme is being delivered. If you need to raise a concern with BCSA directly, please email info@bcsatraining.org.

Staff and contractors

BCSA staff do not have unsupervised access to children. Where any BCSA staff or contractors interact with settings where young people are present (such as during onboarding visits), appropriate DBS checks are in place in line with KCSIE 2025 requirements.

Review

This safeguarding statement is reviewed annually by BCSA leadership. It was last reviewed in February 2026.

Need to report a concern?

Contact your organisation's safeguarding lead, or email BCSA at info@bcsatraining.org.