Data Security Policy


Informed Training treat your information with respect and care. We hope that the details below may help you get a better understanding of what steps we take to protect your data.


Informed Training use several of SaaS and Software applications as outlined in our separate Private Policy Document.


We have also noted for you below, a link to our providers Security and Privacy information, to give an understanding of how these providers also take the protection of data recorded within. Please be aware that in some circumstances, data will go outside of the EU. However, based on our research, we understand that our data providers have demonstrated that they make every possible step to ensure the security of data. We have attached a link to their policies outlined below for your reference.


These links are also available on our Private Policy

Zoho Security, Practices, Policies & Infrastructures

Zoho Private policy


We may also be granted permission to access data or upload data from various different platforms, for example: –

  • Back Office System or CRM
  • Cloud based filing
  • Within an email account at their domain
  • Within the Client’s own server or hosted desktop (i.e. Citrix, Terminal server)


As intermediaries, our Clients (mainly regulated financial services firms, but not exclusively), are classed as ‘data controllers’ and this places them firmly within the scope of GDPR.  However, when we use their data (with their permission) we have a duty of care in terms of how we handle that data, and to ensure that security and confidentiality is maintained.  We are effectively the data processors.


We access and use data owned by firms with their permission, during the period of engagement only. The firm retains ownership of their data, and control in terms of access rights, to all third-party platforms. The Companies often dictate to us where their data resides, and they remain responsible for completing their own due diligence on their own third-party platforms security and GDPR compliance.


During business to business, data is often received by email. This data is segmented, and access is given based on security roles with relevant permissions, which ensures only authorised persons who need access can do so.


Furthermore, access is password controlled, and are protected using additional security protocols either under encryption or pseudonym.


Updating our Policies

Please note that our policies may change. We therefore request you to check back here on our website from time to time, to refer to our latest updates.


Our policy has been last updated 3rd March 2018


How to Contact Us

Please do not hesitate to contact us should you have any questions, queries, comments or requests.


We can be contacted on [email protected]