Privacy Policy

This Privacy Policy applies to Meridian Concepts Performance Systems, a UK-based training provider ("we", "us", or "our").

We are the data controller for all personal data collected through our website, booking systems, and training operations. If you have any questions about how we handle your data, please contact us at enquiries@meridian-concepts.com.

This policy should be read alongside our Terms & Conditions and GDPR Statement.

Personal Information

• Full name, email address, phone number, and postal address
• Date of birth (for age verification purposes)
• Emergency contact name and number
• Photo identification (where required for age verification)

Booking & Payment Information

• Course booking details and history
• Payment transaction records (we do not store full card details)
• Invoices and receipts

Health & Medical Information

• Medical conditions disclosed prior to training that may affect your participation or the safety of others
• Medication requirements relevant to on-site emergencies

Training & Assessment Data

• Attendance records and course completion status
• Assessment scores and performance data
• Certificates issued and their expiry dates
• Instructor notes and feedback

Technical Data (Website)

• IP address, browser type and version
• Pages visited and time spent on the site
• Referring URLs
• Cookie identifiers (see our Cookie Policy)

Communications

• Emails and messages sent to us
• Contact form submissions
• Marketing preferences

• Directly from you — when you make a booking, complete a form, contact us, or register for an account.
• During training — attendance, assessment results, and instructor observations recorded throughout the course.
• From your device — automatically via cookies and similar technologies when you browse our website.
• From third parties — payment processors (e.g. Stripe), when processing transactions on our behalf.

To Deliver Training Services

• Process and manage your course booking
• Verify your eligibility and prerequisites
• Administer assessments and issue certificates
• Ensure the safety of all participants and instructors

Legal & Contractual Obligations

• Comply with financial record-keeping requirements
• Respond to regulatory or law enforcement requests
• Enforce our Terms & Conditions

Communication & Support

• Send booking confirmations, reminders, and pre-course information
• Respond to enquiries and support requests
• Send course updates or schedule changes

Marketing (With Your Consent)

• Send newsletters, course announcements, or promotional offers
• You may withdraw consent at any time by unsubscribing

Improving Our Services

• Analyse website usage to improve functionality and content
• Review training outcomes to improve curriculum and delivery

Under UK GDPR, we rely on the following legal bases:

• Contract — processing necessary to deliver the training service you have booked and paid for.
• Legal obligation — processing required to comply with UK law (e.g. financial records, age verification).
• Legitimate interests — processing for fraud prevention, security, and improving our services, where this does not override your rights.
• Consent — for marketing communications and non-essential cookies. You may withdraw consent at any time.
• Vital interests — processing medical information where necessary to protect the safety of you or others during training.

We retain your data only for as long as is necessary for the purposes described above, or as required by law.

After the relevant period, your data is securely deleted or anonymised so that it can no longer be linked to you.

We do not sell your personal data. We may share data with:

• Payment processors — Stripe processes card payments on our behalf and is subject to its own privacy policy and PCI-DSS compliance.
• Email service providers — used to send booking confirmations and communications.
• IT and hosting providers — for secure data storage and website operation.
• Regulatory or law enforcement bodies — where required by law or to protect the safety of individuals.
• Instructors and training staff — only the information necessary to deliver your training safely.

All third parties we work with are required to handle your data in accordance with UK GDPR.

Our website uses cookies — small text files stored on your device — to improve functionality and analyse usage. Cookies may be:

• Strictly necessary — required for the website to function (cannot be disabled).
• Analytics — help us understand how visitors use the site (e.g. Google Analytics). Disabled unless you consent.
• Marketing — used to personalise advertising. Disabled unless you consent.

You can manage your cookie preferences at any time using our cookie banner or your browser settings.

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

• SSL/TLS encryption for all data transmitted to and from our website
• Secure, access-controlled storage systems with restricted staff access
• Regular security reviews and staff data protection training
• PCI-DSS compliant payment processing via Stripe — we never store full card details

In the unlikely event of a data breach that poses a risk to your rights, we will notify the ICO within 72 hours and inform you without undue delay.

Under UK GDPR you have the right to:

• Access your personal data (Subject Access Request)
• Rectify inaccurate or incomplete data
• Erase your data (subject to legal retention requirements)
• Restrict how we process your data in certain circumstances
• Port your data to another organisation in a machine-readable format
• Object to processing, particularly for direct marketing
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email us at enquiries@meridian-concepts.com with the subject line "Privacy Request — [Type]". We will respond within 1 month, free of charge.

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page will reflect the most recent revision. Where changes are significant, we will notify existing students by email. Continued use of our services after the revised policy has been published constitutes your acceptance of the updated terms.