Privacy Policy

(Last Updated June 12 2023)

At Change and Achieve, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect the information you provide when using our website and services. By accessing or using our website, you agree to the terms and practices described in this Privacy Policy. This Privacy Policy applies to your use of (the “Website”). It informs you (the customer) about the collection of personally identifiable information and outlines your rights regarding the information collected. This policy complies with the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) 2016.

We will only collect personally identifiable information when you use our Website, download any of our training materials or actively register for one of our trainings or courses. The security of your personally identifiable information is of utmost importance to us. This Privacy Policy is regularly reviewed to ensure that your privacy interests are protected, and we reserve the right to update it as necessary.

Please read this Privacy Policy carefully, in conjunction with the Change and Achieve Terms and Conditions. Unless otherwise defined, terms used here have the same meaning as in the Terms. If you have any questions, comments, or complaints about this Privacy Policy, please contact us using the details provided below.

In this Privacy Policy, references to “we” or “us” are to Change and Achieve Ltd, a Limited Liability Company incorporated in England and Wales (registered number 14950318) with its registered office at 197, Eggbuckland Rd, Plymouth PL3 6QB, Devon.

1. What information we collect

Registering with Change and Achieve

When you register on the Change and Achieve Website, create or update your profile, or purchase our training materials or courses, we may collect the following information:

  1. Name, email address, age (required);
  2. Home address, date of birth, telephone number;
  3. Other personal data if you choose to register for a Change and Achieve account via third-party sites such as Facebook and Google, and have provided your personal information on those platforms;
  4. Credit/debit card information;
  5. Data related to your use of our Website and enrolment in online products;
  6. Information provided by you when you communicate with us (including surveys);
  7. Other information you choose to provide about your interests, educational background, occupation and work experience, learning goals, and other general learning preferences for the purpose of tailoring course recommendations on our website or via email, if you’ve opted in.

Accessing the Website

Usage Information: We may collect certain non-personal information about your visit to our website, including your IP address, browser type, operating system, referring website, pages visited, and the date and time of your visit. This information is collected through the use of cookies and similar technologies.

2. How We Use Your Information

At Change and Achieve, we are committed to using your information responsibly and in compliance with applicable data protection laws. We collect, store, and use your personal information for the following purposes:

  1. Managing Your Account: We use your information to create and manage your account on our website.
  2. Providing Technical Support: We may use your information to provide technical support and assistance to you when needed.
  3. Sending Notifications and Updates: We will send you email notifications and updates about the courses you are enrolled in to keep you informed.
  4. Enrolment and Progress Tracking: If you are invited by a course provider or a third-party institution, such as your employer, to enrol in a course, we will use your information to facilitate the enrolment process and track your progress in the course. You understand and agree that we may be required to directly provide progress reports to your employers. 
  5. Customer Reviews and Ratings: With your consent, we may occasionally contact you to invite you to share your opinions and experiences with Change and Achieve. We may publish customer reviews and ratings of our courses on our website or other media channels.
  6. Marketing Communications: If you opt in to receive marketing communications, or our newsletters, we may use your information to send you information, news, and offers related to our courses and third-party offers.
  7. Prospective Customer Databases: We may create prospective customer databases by analysing demographic data from your de-identified information and matching it with the general public.
  8. Aggregated Data Analysis: We may use your information in an aggregated and anonymous format to identify trends on our website and in our customer database. With your consent, this information may be shared with third parties for analysis purposes.
  9. Personalization of Services: We may use your information to personalize our services, such as the website, email communications, and our associated platforms to better meet your needs and provide tailored course recommendations.

3. How we share your information

When we share personal data under GDPR with our partners, we will ensure compliance with GDPR by utilizing appropriate Data Processing Addendum or Data Sharing Agreements. The selection of the agreement will depend on the specific roles of the parties involved under GDPR, distinguishing between Data Controllers and Data Processors or co-Data Controllers.

  1. Third-Party Service Providers: We may share your personal information with trusted third-party service providers who assist us in operating our website, conducting our business, or providing services to you. These service providers are obligated to keep your information confidential and are prohibited from using your information for any other purpose.
    – Payment Service Providers: Our trusted payment service providers may receive your information to process payments.
    – Course Providers and Educational Institutions: We may share your information with universities, institutions, and organizations that provide courses on our website and award academic credit or professional recognition.
    – Assessment and Marking Services: If you participate in assessments or submit work for marking, we may share your information with providers of assessment and marking services.
    – Customer Relationship Management: We use customer relationship management service providers to send personalized email communications to you.
    – Employers and Educational Institutions: Your information may be shared with your employer, educational institution, or third parties who invite you to enroll in courses for training, education, or assessment purposes.
    – Business Transfers: If we sell or buy any business or assets, we may disclose your information to the prospective seller or buyer. In the event of a transfer of all or substantially all of our assets to a third party, your information may be one of the transferred assets. We will notify you before this information is shared.
    – Legal Obligations and Safety: We may disclose or share your information to comply with legal obligations, enforce our terms and conditions, and protect our rights, property, safety, our users, or others. This may include sharing information with companies and organizations for fraud protection and credit risk reduction purposes.
  2. Legal Requirements: We may disclose your information if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.
  3. Business Transfers: In the event of a merger, acquisition, or sale of our assets, your information may be transferred to the acquiring entity or merged with the acquiring entity’s database.

4.Third Party Links

Our Website may contain links to third-party websites or resources. These links are provided for your convenience, and we are not responsible for the privacy practices or content of such third-party websites. If you are redirected to third-party websites through embedded links within course materials or related emails, the collection of your information on those websites is not covered by this Privacy Policy. You should familiarize yourself with the terms, conditions, and privacy policy of the third-party website before submitting your information. 

5. Legal Basis for Processing Your Information

  1. Change and Achieve collects and uses your personal information based on several legal basis, including:
  2. Contractual Necessity: We may process your personal information when it is necessary to perform our obligations under any contract with you. This includes providing you with access to our online courses on the website for which you have registered or made a purchase.
  3. Consent: Where you have provided us with explicit consent, we may collect, store, and use your information for specific purposes, including receiving marketing and promotional communications for products on our website or third-party websites.
  4. Legitimate Interests: We may process your personal information when it is necessary for pursuing our legitimate interests or the legitimate interests of a third party, provided that these interests are not outweighed by your own interests, fundamental rights, or freedoms. Examples of such legitimate interests include:
    – Operating our website and offering online educational products.
    – Building relationships with our partners and clients.
    – Providing high-quality customer service through ongoing communications and responses to queries.
    – Investing in, testing, and rolling out new products for the benefit of our customers.
    – Tracking and ensuring completion of our contractual obligations.
    – Conducting market research and business development.
    – Considering employment applications, if applicable.
    – Complying with legal obligations to collect personal information.

6. Storage and Security of Information

All information collected by Change and Achieve is stored on secure servers. When you register, you will be asked to choose a password to access the online courses and content, and it is your responsibility to keep this password confidential. Additionally, we may store or process your information in countries outside the United Kingdom or the European Economic Area, which may have different data protection standards. We have implemented technical and organizational security measures to protect your personal information. However, while we strive to ensure the security of your data, it is your responsibility to make an informed decision regarding the use of our services and products based on your concerns about data handling.

7. Data Retention

Change and Achieve retains personal information as long as there is an ongoing legitimate business need to do so. When we no longer have a legitimate business need or if requested, we will either delete or anonymize your personal information. In some cases, if personal information is stored in backup archives, we will securely store it and isolate it from further processing until deletion is possible.

8. Your Rights as a Data Subject

  1. Change and Achieve complies with the GDPR by providing the following rights for individuals:
    – The right to be informed.
    – The right to access to a copy of their personal data.
    – The right of rectification.
    – The right of erasure (or right to be forgotten).
    – The right to restrict processing.
    – The right to data portability.
    – The right to object.
    – Rights in relation to automated decision making and profiling.
    – Your right to withdraw consent.
  2. The right to be informed encompasses Change and Achieve’s obligation to provide “fair processing information” typically through the privacy notice, and to be transparent in how personal data is used.
  3. With regard to the right of access Change and Achieve will provide confirmation that the data is being processed, and access to personal data free of charge if requested within 28 days of receiving the request.  (This can be extended by a further month if the request is complex or onerous).
  4. Under the right of rectification Change and Achieve will rectify any inaccurate or incomplete data within 28 days of notification.  Change and Achieve will also inform any third parties, if applicable, of these rectifications.  Change and Achieve will put into place procedures to ensure all personal data is kept up to date.
  5. An individual has the right to erasure and Change and Achieve will erase personal data under the following specific circumstances:
    – where personal data is no longer necessary in relation to the purpose for which it was originally collected/processed,
    – where an individual withdraws consent,
    – when the individual objects to the processing and there is no overriding legitimate interest for continuing processing,
    – the personal data was unlawfully processed,
    – the personal data has to be erased to comply with a legal obligation
  6. You also have a right to lodge a complaint with a data protection authority. We encourage you to notify us of any incident before proceeding to lodge a complaint. We will endeavour to investigate the incident and provide a resolution.
  7. We will ensure that in certain circumstances the processing of personal data will be restricted. This can include where data may be inaccurate, and where the individual has objected to the processing and we are considering whether our legitimate grounds override those of the individual.
  8. Under the GDPR there is a right to data portability whereby an individual can ask for their data in a form which can easily and securely be transferred from one IT environment to another.  We would ensure that data held can be securely transferred if a request is made.Under the right to object we will stop processing personal data where there is an objection unless there are compelling legitimate grounds to process, or if the processing is for the establishment, exercise or defence of legal claims. We will stop processing personal data for direct marketing purposes as soon as an objection is received.
  9. Change and Achieve will ensure that individuals will not be subject to a decision based on automated processing.  When processing personal data for profiling/targeting marketing communications we will:
    – Ensure processing is fair and transparent by providing meaningful information about the logic involved, as well as the significance and the envisaged consequences.
    – Use appropriate mathematical or statistical procedures for the profiling.
    – Implement appropriate technical and organisational measures to enable inaccuracies to be corrected and minimise the risk of errors.
    – Secure personal data in a way that is proportionate to the risk to the interests and rights of the individual and prevents discriminatory effects.
  10. If you have provided consent for the processing of your personal information or personal data, you have the right to withdraw your consent at any time. This includes the right to withdraw consent for us to use your personal information or personal data for marketing purposes.
  11. Should you wish to act upon one of the above rights, you can do so by contacting us via  On written request, we will supply details of what information is held, why it is held and to whom it may be disclosed.  A copy of the relevant data record may also be supplied. We aim to comply with requests for access within 28 days of notification.

 9. Marketing

Direct marketing activities that are undertaken by Change and Achieve include a wide range of promotional activities. The Privacy and Electronic Communication Regulations 2003 (PECR) provide rules about sending marketing and advertising by electronic means such as by telephone, email, text message and picture (including video) message. Read the full and complete ICO definition of legitimate interest here.

What is the ‘legitimate interests’ basis?

“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

This can be broken down into a three-part test:

Purpose test: are you pursuing a legitimate interest?
Necessity test: is the processing necessary for that purpose?
Balancing test: do the individual’s interests override the legitimate interest?

To comply with the first data protection principle, Change and Achieve will always tell individuals what their personal information will be used for. We will explain:

  • Who we are,
  • What we will use the information for,
  • Any other relevant details to ensure that we are using the information fairly i.e., passing our marketing lists to other organisations and how we contact people e.g., phone, post, email, etc.

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not pass your details to any third parties for marketing purposes unless you have expressly permitted us to. Additionally, each time an individual is contacted, we will give the individual an opportunity to decline future contact. Again, these requests will be noted on the Progress database and will take no longer than 28 days to take effect.

If we wish to share marketing lists with other organisations that have similar aims and objectives, express consent must be sought from each individual, and specific detail of the organisations with which Change and Achieve is planning to share the data.

10. Statements

The following privacy statement will be presented to or made available (depending on the context) to all Change and Achieve employees, trustees, associates, authors, or other partners. 

Telephone Marketing

Change and Achieve will not make unsolicited telephone calls to an individual or organisation that has told us they do not want our calls, unless those individuals or organisations that have informed us that they do not, for the time being, object to being contacted. We do not use telephone marketing to general members of the public or use telephone methods to promote our events and courses.

Automated Calls

At present Change and Achieve does not make automated calls as part of its business.

Electronic Mail

This refers to email, text, voice, picture and video messages. CHANGE AND ACHIEVE will not send any unsolicited electronic email to individuals, without obtaining consent, unless there is clear and demonstrable Legitimate Interest – in most cases this will be the basis for contact. When using electronic mail to contact corporate organisations, we will say who we are and provide a contact address.

As per our terms and conditions, if you purchase products from us we will process your order on a Contractual Basis. We will make contact about other relevant products on a Legitimate Interest basis. If at any time you no longer wish to hear from us simply email our Customer Service here:

11. Minors

Change and Achieve is committed to protecting the privacy of minors. We do not knowingly collect or maintain personal information from individuals under the age of 18. If you are under 18, please refrain from using or accessing our website. We will take appropriate steps to delete any personal information of individuals under 18 years of age. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us, and we will promptly delete the information.

12. Cookies

Our website uses cookies, which are small files stored on your computer’s hard drive to collect personal information. You can choose to refuse cookies, but this may affect the functionality of the website or online courses. For more information about cookies and how to manage them, please refer to our Cookies Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at

14. Changes to this Privacy Policy

We may update or amend this Privacy Policy from time to time to comply with the law, industry best practices, or our changing business requirements. Any updates or amendments will be posted on our website. By continuing to access and use our website, online courses, and content, you accept the Privacy Policy as amended at the time of your access and use.

This Privacy Policy was last updated on June 12 2023.