top of page

How we Collect

How we collect and use your information

You give us information when you use our websites, products and services, including when you: 

  • Submit one of our forms

  • Correspond with us by phone, email or otherwise

  • Register with us

  • Subscribe to our services

  • Search for a product

  • Participate in our discussion boards, chat or social media

  • Enter a competition or promotion

  • Respond to a survey.

We collect information about you when you visit our websites through the use of cookies (read Cookies section below for full details).

We may also get information from other sources, including:

  • Third parties, such as external training organisations

  • Those websites and services we help to operate or contribute to 

  • Closed circuit television (CCTV) (read CCTV section below for full details).

What we Collect

The information we collect from you could include your:

  • Name, address, email and phone number

  • Date of birth

  • National Insurance number

  • Financial and credit card information

  • Personal description

  • Family status

  • Lifestyle

  • Social circumstances

  • IP address

  • Geographical location

  • Browser type

  • Device type

  • Operating system

  • Browsing data, such as access times

  • Navigation history.

We may also have sensitive information, including about your:

  • Physical health

  • Mental health

  • Racial or ethnic origin

  • Religious or other beliefs.

How we use your information

We use your information for many purposes, including to:

  • Fulfil our statutory roles, duties and functions as an industrial training board

  • Administer our membership records and accounts, including for levy raising

  • Fundraise and promote our interests

  • Manage our employees and volunteers

  • Provide education, training, career awareness and advice services for our beneficiaries

  • Carry out charitable trading

  • Advertise, promote and market our services

  • Undertake research

  • Administer certification, qualification and card schemes

  • Perform our duties as a registered data controller and public authority

  • Confirm identities and prevent crime

  • Notify you about a change to our service

  • Carry out our contractual obligations

  • Provide and improve our services

  • Analyse your website behaviour

  • Improve the operation, security and presentation of our sites

  • Target our online advertising to your interests and preferences

  • Measure and understand the effectiveness of our online content and marketing

  • Enable you to participate in interactive features on our website.

How we keep it safe

We take the security of your personal information very seriously. 

We use technical measures, such as encryption, and carry out regular security reviews to keep our protections up to date. We also strictly control access and ensure staff who are authorised for access are adequately trained in keeping your information safe. 

Our procedures mean that we may ask you to prove your identity before we share your personal information with you.

Third-party websites you access through links on our websites will have their own privacy policies. We do not accept any responsibility or liability for them.

Sharing your information

We do not share your information with others unless you have consented or it is necessary to do so because:

  • Of our statutory role and duties as an industrial training board

  • The law requires us to

  • Of administrative or operational needs

  • It is part of our terms of use.


When we do have to share information, it is likely to be with:

  • Our service providers or agents

  • Your employer or prospective employers

  • Users of our card schemes and training registers

  • Training providers

  • Funding bodies

  • Law enforcement agencies.


Sharing your achievements

We may want to share your CITB-accredited achievements with newspapers, websites and other media. Contact us on 0344 994 4333 or if you would prefer us not to.

Data Transfer outside the EEA

Sometimes we may transfer your details to third parties outside of the European Economic Area (EEA). If this happens we will make sure the transfer and storage of your information still complies with UK or EEA laws and this privacy policy. 


When you visit CITB websites we place cookies on your device.

Cookies are small text files that help our websites to work and us to understand what information is most useful to our users. They also speed things when you come back to a site. We do not use them to identify you personally.

You can delete cookies stored on your device at any time.

What we collect

Cookies allow us to gather information about your visits to our site, including your:

  • IP address

  • Geographical location

  • Browser type

  • Device type

  • Operating system

  • Browsing data, such as access times

  • Navigation history

  • Preferences

How we use your information

Cookies enable us to use the tools and services of:

Google Analytics helps us measure and analyse how users are using our sites so that we can improve their experiences.

iAdvize provides online interaction and chat services with users, analyses user behaviour, and lets us observe your navigation in real time. iAdvize collects data and stores it on their servers. iAdvize may communicate this data to third parties in case of legal obligation or when these third parties deal with iAdvize’s data on its behalf. 

Who has access to your information

Our staff and Google can access information related to Google Analytics cookies.
Our staff and iAdvize can access information related to iAdvize cookies.

Other third-party cookies

When we use internet tools from other companies to enhance our website, these companies may also put cookies on your device. They include:

  • Facebook

  • Google Maps

  • Twitter

  • YouTube

For further information, read about the cookie names they use. 


We record some phone calls we make or receive for quality assurance or training purposes. We let you know if we are recording.


What we do

We identify recorded calls using the originating telephone number and the time and date.

A recorded call may contain your personal information relating to the products and services we offer. 

We use a ‘pause and resume’ function so we don’t record any part of your call that involves payment details, or other security methods to make sure that your information is secure.

We may ask you for some personal information over the phone to confirm your identity, depending on the nature of your enquiry to prevent fraud and protect your data.


Who has access to your information

We keep your recorded calls securely, and only specific CITB staff are authorised to review them.

We contract a company to maintain call recording and a ‘pause and resume’ function. The company is authorised to access recorded calls only for fault diagnosis, testing and administration purposes.


How long we keep it

We delete recorded calls after 24 months, unless they are part of an active investigation.

Email, Chat and social media

There are many ways you may communicate with us online, including by:

  • Chat and instant messaging (such as Skype for Business)

  • Email

  • Scial media (such as Facebook, Yammer or Twitter)

  • Video conferencing (such as GoToMeeting)

  • File sharing platforms (such as OneDrive and SharePoint)


What we do

When you use email, chat, social media and other online platforms, it is likely you know what information you are sharing with us.

How we use and process your information, who accesses it, and how long we keep it, depends on the context in which we collected it, but follows the terms of our privacy policy and UK law.

The information is normally handled by our authorised staff, but if we intend to share it with third parties, we will make every effort to let you know. 


Images from closed circuit television (CCTV) of a recognisable person are treated as personal data in data protection law.


How we use CCTV

We use CCTV to:

  • Maintain the safety and security of our property, premises, and people

  • Prevent and investigate crime

  • Monitor staff

  • To assist disciplinary procedures in cases of serious misconduct.


Who has access to your information

Our CCTV system is operated from a self-contained security control room, access to which is strictly limited to the security supervisor, contract security staff, CITB Estates and Facilities Manager, CITB Estates Contract Compliance Officer, and CITB Receptionist.

Where necessary we may share CCTV image information with:

  • The person in the image

  • Employees and agents

  • Services providers

  • Police forces

  • Security organisations

  • Individuals making an enquiry.


How long we keep it

Unless we need them for an active investigation, we keep recorded images for 30 days. After that, the images are automatically overwritten by the recording equipment.

We destroy recordings that are part of an active investigation as soon as they are no longer needed.


Your rights

You can ask for a copy of your information recorded by CCTV, except in certain circumstances described by applicable legislation. You do not have the right to instant access.

Your payment details

We use your payment details to process orders, collect levy payments and distribute funds, such as training grants.


How we use your information

We do not use your information for any purpose you have not authorised, or disclose it to third parties without your permission. We process credit and debit card transactions following the Payment Card Industry Data Security Standard (PCI DSS).

Who has access to your information

CITB staff and contracted data processors have access to your payment details to carry out your transaction. 


What we do

For bank and building society account transactions, we may make a record of your:

  • Name

  • Branch address

  • Sort code

  • Account number

  • Signature


Where possible, we only store the verification code of card transactions and other data needed to process the payment once the transaction is complete. Where this is not feasible, we use other security methods to keep your data secure. We may process data such as the:

  • Cardholder’s name

  • Card number

  • Card security code (CSC)

  • Validity and expiry dates

  • Issue number


How long we keep it

We keep your bank or building society details for as long as you authorise and delete them when they are no longer needed. We do not keep payment card information.


Our websites, services and products are not aimed at children and we do not knowingly collect any information from them.


We ask children not to register with us or give us any of their information.

Where we have inadvertently collected information from a child, we will delete it as soon as possible.

If you know that a child has given their information to us, please contact us at

bottom of page