Privacy Policy

DUAA 2025 UPDATE: This policy has been updated from version 2.0 to reflect: (1) the correct legal entity name (RLB Safeguarding Ltd); (2) details of data collected via social media and website enquiries; (3) the Data (Use and Access) Act 2025, core provisions in force from 5 February 2026 and further provisions from 19 June 2026; (4) removal of the outdated reference to the Data Protection Act 1998. The previous reference to the EEA has been updated to reflect the post-Brexit UK framework.

1. Who We Are

RLB Safeguarding Ltd (trading as RLB Safeguarding Ltd) provides specialist safeguarding training, consultancy, audit, and supervision services to organisations and individuals across the UK.

We are the data controller for the personal data we collect and process. This means we are responsible for deciding how and why your personal data is used.

Data Controller: Rachael Bishop

Email: hello@rlbsafeguarding.co.uk

Website: https://www.rlbsafeguarding.co.uk

Registered in England and Wales as RLB Safeguarding Ltd. Company number: 14032530

2. What Personal Data We Collect

We collect and process the following categories of personal data:

•       Identity Data: first name, last name, username or job title

•       Contact Data: email address, telephone number, postal address

•       Professional Data: job role, organisation name, sector, relevant qualifications

•       Financial Data: invoicing details and payment transaction records

•       Technical Data: IP address, browser type and version, time zone and location settings, browser plug-in types, operating system and platform, and other technology on devices used to access our website

•       Usage Data: information about how you use our website, products, and services

•       Marketing and Communications Data: your preferences for receiving marketing from us and your communication preferences

•       Social Media Data: any information you provide when you post content to or interact with our social media pages on LinkedIn, Instagram, or other platforms

•       Organisational Data: company policies, procedures, or meeting minutes provided in the context of a consultancy or audit engagement

Where our services involve safeguarding consultancy, audit, or supervision, we may also process special category data — sensitive personal data including information relating to health, criminal convictions, or personal circumstances shared in the course of those services. We handle this data with additional care and will only process it where we have an appropriate lawful basis to do so.

3. How We Collect Your Personal Data

We collect personal data directly from you when you:

•       Enquire about RLB services or visit our website

•       Make a booking for training, consultancy, audit, or supervision

•       Sign up to receive updates or marketing from RLB

•       Attend a meeting with RLB and provide information about yourself or your organisation

•       Meet us at networking events, exhibitions, or through referrals

•       Post content to or interact with our social media pages

•       Correspond with us by email, telephone, or any other means

We also collect certain data automatically when you visit our website, including technical and usage data. Please see our Cookie Policy for further details.

4. How We Use Your Personal Data

We use your personal data to:

•       Respond to your enquiries and provide information about our services

•       Deliver training, consultancy, audit, and supervision services

•       Manage bookings and communicate with you about your booking

•       Issue certificates of attendance and maintain training records

•       Process invoicing and payments

•       Send you updates, newsletters, or marketing communications where you have consented or we have a legitimate interest in doing so

•       Improve our website, services, and communications

•       Meet our legal and safeguarding obligations

•       Respond to complaints and data protection rights requests

5. Lawful Basis for Processing

Under UK GDPR (as amended by the Data (Use and Access) Act 2025), we rely on the following lawful bases:

•       Consent: where you have given clear, informed agreement — for example, signing up for marketing communications. You can withdraw consent at any time by contacting us at hello@rlbsafeguarding.co.uk

•       Contract: where processing is necessary to deliver a service you or your organisation has booked or requested

•       Legal obligation: where we are required to process your data to comply with the law, including safeguarding legislation

•       Legitimate interests: where processing is necessary for our legitimate business purposes (such as improving our services or maintaining records), and these interests are not overridden by your rights

•       Recognised Legitimate Interests (new under DUAA 2025): for specific processing activities defined in UK GDPR Annex 1, including certain safeguarding activities, where no balancing test is required

•       Vital interests: in safeguarding emergencies where there is a risk to life

Where we process special category data, we additionally rely on an appropriate condition under Article 9 UK GDPR — most commonly the substantial public interest condition in the context of safeguarding work.

6. Sharing Your Data

We may share your personal data with:

•       Associates engaged to deliver services on our behalf — all associates are bound by confidentiality obligations and Data Processing Agreements

•       Statutory agencies, including local authorities, the police, or other bodies, where required by our safeguarding duties or by law

•       IT and platform providers used in the delivery of our services (such as our booking, email, and website platforms)

•       Your employer or the organisation that booked your training, where relevant to the delivery of that training

•       Professional advisors (legal or financial) under strict confidentiality

We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.

7. International Transfers

RLB Safeguarding Ltd is based in the UK and primarily processes personal data within the UK. Where any transfer of personal data outside the UK is necessary, we will ensure that appropriate safeguards are in place.

Under the Data (Use and Access) Act 2025, the standard for international transfers has changed from 'essentially equivalent' to 'not materially lower' than UK data protection standards. We will assess any transfer against this standard before proceeding.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Our full Data Retention Policy is available on request. Key retention periods include:

•       Training attendance records and certificates: 6 years

•       Supervision session notes: 7 years from end of arrangement

•       Consultancy and audit project records: 6 years from project completion

•       Financial and invoicing records: 7 years (HMRC requirement)

•       General enquiry and contact data: 2 years

•       Marketing consent records: until consent is withdrawn, plus 1 year

9. Data Security

RLB Safeguarding Ltd has appropriate technical and organisational security measures in place to protect your personal data against accidental loss, unauthorised access, misuse, alteration, or disclosure. These include password-protected and encrypted systems, access controls, and confidentiality obligations for all staff and associates.

We have procedures in place to deal with any suspected personal data breach. Where legally required, we will notify you and the Information Commissioner's Office (ICO) without undue delay.

10. Cookies

Our website uses cookies. Under the Data (Use and Access) Act 2025 (in force from 5 February 2026), certain low-risk cookies — including basic analytics — no longer require prior consent, provided we offer a clear opt-out. Marketing cookies continue to require your explicit consent.

For full details of the cookies we use and how to manage them, please see our Cookie Policy: https://www.rlbsafeguarding.co.uk.

11. Your Data Protection Rights

Under UK data protection law, you have the following rights:

•       Right of access: you can ask for copies of your personal data

•       Right to rectification: you can ask us to correct inaccurate or incomplete data

•       Right to erasure: you can ask us to delete your personal data in certain circumstances

•       Right to restriction of processing: you can ask us to restrict how we use your data in certain circumstances

•       Right to object to processing: you can object to our processing of your data in certain circumstances

•       Right to data portability: you can ask us to transfer your data to another organisation or to you directly, in certain circumstances

You are not required to pay a fee to exercise these rights. We will respond within one calendar month of receiving your request (with the ability to pause this period if we need clarification from you). To make a request, contact: hello@rlbsafeguarding.co.uk

12. How to Complain to Us

DUAA 2025 — NEW RIGHT: From 19 June 2026, the Data (Use and Access) Act 2025 gives you a statutory right to raise a data protection complaint directly with us before contacting the ICO.

If you have a concern about how we have handled your personal data, we encourage you to contact us in the first instance:

•       Email: hello@rlbsafeguarding.co.uk

•       Or use the complaints form on our website: https://www.rlbsafeguarding.co.uk

We will acknowledge your complaint within 30 days and respond with our findings and reasoning without undue delay. Full details of our complaints process are set out in our Complaints Policy, available on our website.

13. How to Complain to the ICO

You also have the right to complain to the Information Commissioner's Office (ICO) at any time if you are unhappy with how we have handled your personal data:

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

14. Changes to This Policy

We may update this Privacy Policy from time to time, including to reflect changes in legislation or our services. The current version will always be available on our website. We will notify you of any significant changes where we hold your contact details.

Last updated: June 2026