Privacy Policy

Symbia Partners Privacy Notice

Last updated: 13th June 2023


Symbia Partners ('us', 'we', or 'our') is committed to protecting the privacy and security of personal information. This privacy notice describes how we collect, use, and process personal data for our services, specifically for those who participate in our courses and programmes ('Participants') and for our client and prospect contacts ('Client/Prospect Contacts') (collectively referred to as 'you' in this notice). It also explains your rights under data protection law.


This privacy notice is based on the prevailing data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

What personal data do we collect?

We collect various types of personal data about you, including:


For Participants:

  • Basic information (e.g., name, title, reference number)
  • Contact details (work and personal)
  • Work information (e.g., position/role and employer)
  • Education history
  • Data captured in communications between us and you
  • Attendance and progress data in our courses and programmes
  • Data captured in meeting recordings
  • Images (e.g., for marketing and advertisement)
  • Opinions, views, and feedback information
  • Health data (e.g., for accessibility requirements or dietary requirements)

For Client/Prospect Contacts:

  • Basic information (e.g., name, title, reference number)
  • Contact details (work and personal)
  • Position
  • Work information (e.g., position/role and employer)
  • Data captured in communications between us and you

How do we collect your personal data?

We collect personal data from various sources, including:

  1. Directly or from our client: We may collect your information directly from you when you interact with our company, such as when you register for a course, sign up for our newsletter, contact us for inquiries, or complete forms or surveys. We may also collect your data from your employer when providing services that involve your participation.
  2. Public sources and professional networking platforms: We may obtain Client/Prospect Contacts information from public sources, events, or professional networking platforms such as LinkedIn.
  3. Facilitators and researchers: During our business operations, we may receive personal data from our facilitators and researchers, who contribute to the delivery of our services.
  4. Cookies and tracking technologies: We use cookies, web beacons, and other tracking technologies on our website and platforms to collect information about your visit, such as your IP address, browser type, and the pages you view.

How do we use your personal data and what is the legal basis for processing?

We process your personal data for various purposes, based on specific legal grounds under data protection law, as shown in the table below:


Purpose Type of Data Needed Lawful Basis
Marketing & advertisement Email Address, Name, Position Legitimate Interest, Consent
Improving our business Feedback, Opinions Legitimate Interest
Reporting and managing our business Work Information, Contact Details Legitimate Interest
Protecting our business IP Address, Usage Data Legitimate Interest
Defending and establishing legal claims Contact Details, Communications Legal Obligation, Legitimate Interest
Client account management Contact Details, Work Information Performance of a Contract, Legitimate Interest
Customer support Contact Details, Communications Performance of a Contract, Legitimate Interest
Contract fulfilment Work Information, Payment Details Performance of a Contract
Billing and payments Payment Details, Work Information Performance of a Contract, Legal Obligation
Compliance with legal and regulatory obligations Personal Data as required by laws/regulations Legal Obligation
Quality assurance Feedback, Opinions, Work Information Legitimate Interest
Network and information security IP Address, Usage Data Legal Obligation, Legitimate Interest
Data analysis and enrichment Usage Data, Contact Details Legitimate Interest
Personalising experiences Name, Position, Preferences Legitimate Interest, Consent
Event registration and management Contact Details, Attendee Information Performance of a Contract, Consent
Employee and supplier management Personal Data of Employees/Suppliers Performance of a Contract, Legal Obligation
Assessing participant progress Attendance, Progress Data Performance of a Contract
Communicating updates and news Contact Details, Email Address Legitimate Interest, Consent
Gathering feedback and testimonials Opinions, Views, Testimonials Legitimate Interest, Consent
Health and safety Health Data, Dietary Requirements Legal Obligation, Vital Interests
Growing our business (Prospecting, networking, tendering) Contact Details, Company Information Legitimate Interest
Debt recovery Payment Details, Contact Information Legal Obligation, Legitimate Interest


Recording of Training Sessions and Meetings

Please be aware that we routinely record training sessions and meetings for various purposes. These recordings serve as a valuable resource for quality assurance, record-keeping, reviewing participant progress, improving our services, and staff training. They may also be used to address any technical issues, provide post-session feedback, and foster ongoing development of our programme content.

We understand that some participants may have concerns or queries regarding the recording of sessions and meetings. If you have any concerns or would like further clarification on the session and meeting recordings processing, please don't hesitate to contact us. We are committed to addressing your concerns and providing transparent information on how these recordings are used and managed.


Third Parties and Data Transfers

We may share your personal data with various third parties, both within and outside the European Economic Area (EEA), in order to efficiently and securely provide and improve our services. Examples of these third-party service providers include: video conferencing software providers, transcription services, productivity suites, email and collaboration tools, survey tools, file storage and sharing services, legal service providers, accounting service providers, consultants, insurance providers, customer relationship management (CRM) systems, online course and membership platforms, event venues, catering service providers, researchers, and training partners.

Data transfers outside the EEA are carried out in accordance with GDPR requirements using appropriate safeguards, such as Standard Contractual Clauses or adequacy agreements, to ensure secure and compliant data processing.

In addition to these service providers, we may also share personal data with course and program facilitators who are contractors based internationally and have access to our cloud-based systems. This is done to effectively deliver our services and ensure an optimized learning experience for our participants.

Any third-party service providers and contractors we engage only have access to the personal data necessary for them to perform their functions, and they are obliged to protect the data and maintain GDPR-compliant practices.

How long do we keep your personal data?

We retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, as outlined in this privacy notice, or as required by law. When we no longer need your personal data, we will securely dispose of or anonymize the information in accordance with our data retention policies and applicable regulations.

Personal Data Security

We take all necessary technical and organisational measures to ensure the security of your personal data. In the unlikely event of a data breach, we will contact you in accordance with our legal obligations. Access to your personal data will be limited to individuals who need it for legitimate legal and business purposes.

We adhere to various industry best practices to ensure the protection of your personal data is effective and implement appropriate technical and organisational measures that align with our security and data protection policies.

All of our employees and contractors undergo mandatory information security and data protection training upon joining the company and then at least annually to ensure they are familiar with the security policies and understand their specific information security responsibilities. Our training equips them with the knowledge needed to perform their duties while maintaining our security posture.

Exercising Your Data Protection Rights

The UK GDPR grants you, as the data subject, several rights concerning your personal data. We will make all efforts to fulfil the obligations under the applicable data protection laws upon receipt of a valid request to exercise your rights.

Access: You have the right to request a copy of the personal data we hold about you. This right has certain exceptions; for instance, access may be denied if revealing the information would expose personal data about another person or if we are legally prohibited from disclosing such information.

Accuracy: We strive to keep your personal data up to date, accurate, and complete. We welcome you to inform us of any inaccuracies or changes in your personal data to ensure your information remains current.

Objection: You have the absolute right to object to the processing of your personal data for direct marketing. Opting out of marketing communications does not affect our processing of personal data for providing our services.

In other cases where the right to object is applicable, the right is not absolute and may apply only under certain circumstances.

Restriction: You can request that we block or restrict the usage of your personal data. The right is not absolute and applies only in specific circumstances.

Portability: You have the right to request the transfer, copying, or moving of your personal data from one IT environment to another safely and securely without affecting its usability.

Erasure: You can request that we delete the personal data we hold about you. The right is not absolute and applies only in specific circumstances.

Right to withdraw consent: If you have given your consent to the collection, processing, and transfer of your personal data, you have the right to withdraw your consent fully or partially. Once we receive notification that you have withdrawn your consent, we will cease processing your information for the purpose(s) you initially consented to unless there is another legal ground for the processing. Withdrawing your consent will not impact the lawfulness of any processing carried out based on consent before you withdrew it.

Data Protection Complaints: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner’s Office or seek legal redress through the courts. This includes information on how to make a data protection rights request, address queries, or opt out of marketing communications.

To exercise these rights or for more information about your rights, please get in touch with us using the details provided below.

Contact Information

If you have any questions, concerns, or requests related to your personal data, please get in touch with us at:

Symbia Ltd, Mercury House 19-21, Chapel Street, Marlow, SL7 3HN, UK

Data Protection Officer: Jodie Rogers +34 673 45 29 76

We are not required to have a Data Protection Officer under GDPR as our core activities do not involve processing operations that require regular and systematic monitoring of data subjects on a large scale or processing on a large scale of special categories of data.

Changes to our privacy notice

We may update this privacy notice occasionally to reflect changes in our data processing practices or comply with applicable laws and regulations. We encourage you to review this notice periodically to stay informed about our privacy practices.