Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

Privacy policy

  1. GDPR Compliance
  2. How To Make a Subject Access Request (SAR)
  3. What We Do When We Receive an Access Request(SAR)
  4. Fees and Timeframes (SAR)
  5. Exemptions and Refusals (SAR)
  6. Visitors to our websites
  7. Use of cookies by Firebrand
  8. Search engine
  9. E-newsletter
  10. Security and performance
  11. Blogs
  12. People who contact us via social media
  13. People who call Firebrand
  14. People who email us
  15. People who use our chat service
  16. Marketing messages
  17. Online Advertising
  18. Biometric Data
  19. Security
  20. Inaccuracies and corrections
  21. People who make a complaint to us
    1. Complaints or queries
    2. Access to personal information
  22. Disclosure of personal information
  23. Transfer of data
  24. Links to other websites
  25. How to contact us
  26. Supervisory Authority
  27. Changes to this privacy notice

Privacy & Cookie Policy

Firebrand takes the security and protection of personal data very seriously. We are committed to providing a compliant approach to data protection. We have always had a robust data protection program in place and we have reviewed this program to ensure that it meets the requirements of the General Data Protection Regulation (GDPR) which came into force on 25th May 2018. When we process any personal data, we will do so according to the data processing principles of the GDPR.

As part of the review of our program, we have carried out the following activities to ensure our GDPR compliance on 25 May 2018:

  • Information audit
  • Review and update of our policies and procedures, including information security, data retention, data breaches, international data transfers and subject access requests
  • Review and update of annual staff training and awareness to ensure our staff are familiar with the GDPR requirements
  • Review of our information systems to ensure that data subject rights, such as the right of erasure or rectification of data, can be exercised within the appropriate timescales
  • Development of a record of processing activities

How we use your information

This privacy notice tells you what to expect when Firebrand Training (Firebrand) collects personal information.

What information do we ask for, and why?

Firebrand respects your privacy and safeguards your data. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The personal data we collect, process or use is treated securely and in accordance with Firebrand's privacy policy, described below. Whenever you give us personal data, you are consenting to its collection and use in accordance with this policy, including our use of cookies explained below.

What personal data do we collect?

You will be asked for personal data such as your name, address and email address when you register to attend a course, make an enquiry or ask about services from us.

How do we use your personal data?

Where appropriate, we use your personal data:

  • to provide services to you or your organisation
  • for basic profiling purposes
  • to let you know about other services in which you may be interested
  • to inform you about changes and improvements to this website

If you leave your details or register for a course you will receive email communications alerting you to news and offers. You may choose not to receive these by requesting to unsubscribe from email communications.

To whom might we disclose your personal data?

Firebrand does not sell, trade or rent your personal information to others. Your details will be added to Firebrand’s database in order to process your request, and so that you can be kept up to date with relevant details of our training services.

From time to time Firebrand holds joint events with selected partners. If you book to attend one of these events your details may be made available to the event partner. You will be advised of this at the time of booking, to opt-out of receiving any communications from Firebrand and/or the event partner, please notify us.

Your personal data may be required to be passed to a third party if they need it in order to fulfil your order(s) for our services or to execute the communications we send to you. Except as set out above, we shall not disclose your personal information unless obliged to or allowed to do so by law, or where we need to in order to run our business (e.g. where other people process data for us). In such circumstances, we ask those people to give us confidentiality or non-disclosure undertakings.

GDPR Compliance

Firebrand takes the security and protection of personal data very seriously. We are committed to providing a compliant approach to data protection. We have always had a robust data protection program in place which complies with existing law and abides by the data protection principles. We have reviewed this program to ensure that it will meet the requirements of the EU General Data Protection Regulation (“GDPR”) which came into force on 25 May 2018. When we process any personal data, we will do so according to the data processing principles of the GDPR.

View our full GDPR compliance statement to read about all of the processes, policies and procedures we have in place to comply with GDPR.

How To Make a Subject Access Request (SAR)?

A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR (unless an exemption applies). The information that we provide is covered in section GDPR Compliance of this page.

You can submit your access request electronically via the address provided in the contact us section on this page. Where a request is received by electronic means, we will provide the requested information in a commonly used electronic form (unless otherwise requested by the data subject).

What We Do When We Receive an Access Request (SAR)?

Identity Verification

Subject Access Requests (SAR) are passed to the appointed person as soon as received and a record of the request is made. The person in charge will use all reasonable measures to verify the identity of the individual making the access request, especially where the request is made using online services.

We will utilise the request information to ensure that we can verify your identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.

Information Gathering

If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.

Information Provision

Once we have collated all the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.

Fees and Timeframes (SAR)?

We aim to complete all access requests within 30-days and provide the information free of charge. Where the request is made by electronic means, we provide the information in a commonly used electronic format, unless an alternative format is requested.

Whilst we provide the information requested without a fee, further copies requested by the individual may incur a charge to cover our administrative costs. The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.

Exemptions and Refusals (SAR)

The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request..

Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out in the Supervisory Authority section of this page.

Visitors to our websites

When someone visits Firebrand Training websites we use third party services, e.g. Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site, who they were referred to the website by, geographically where they are based and, if provided, the company registered to the IP address the visitor browsed the site from.

When we collect personally identifiable information through our website we will be upfront about this. We will use the information in the way described by this privacy policy or we will make it clear when we collect personal information what we intend to do with it.

Use of cookies by Firebrand

In order to provide you with the best, tailored experience our site will need to place small text files, or 'cookies', on your computer.

Most cookies that we use are 'session' cookies and only exist for the time that you are using our site. They perform functional tasks – such as remembering that you are logged in as you move from page to page or to pre-load your personal details into forms to save you time.

We also track cookies anonymously to fuel our site analytics and learn how to improve your experience and hone the relevance of our products and services.

We also use cookies in our emails to track open rates and other performance indicators – again, so that we can continually improve the relevance and experience of our offering to you.

You can set your browser to reject all cookies. Please note that if you do this then certain areas of this website will not be able to function for you. Choose a browser setting that rejects third-party cookies but allows the benign, functional ones that make the good stuff work. We've worked hard to make our website intuitive to your needs – why would you want to miss out?!

We also use technology that uses Internet Protocol (IP) information exchanges during the course of normal web activity combined with data-enhancement technology to get detailed analytics information. This doesn't allow us to spy on you – it just allows us to see how well our site is working.

You can learn more about cookies here

Search engine

Our website search is powered by a third party Microsoft’s Bing. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Firebrand or this third party unless disclosed by their privacy policy, for instance, because you are logged into their service.


We use third party providers to deliver our emails. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our emails.

Security and performance

Firebrand uses third-party services to help maintain the security and performance of the Firebrand website. To deliver this service it processes the IP addresses of visitors to the Firebrand website, blocking potentially harmful traffic.


We use third-party services, e.g. Blogger or Wordpress, to publish blogs. These sites are hosted by the provider. We use standard services provided by these platforms to collect anonymous information about users' activity on the site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Blogs require visitors that want to post a comment to enter a name and email address. For more information about how they process data, please see their privacy notices.

People who contact us via social media

We use third party providers to manage our social media interactions.

If you send us a private or direct message via social media the message will be stored by these platforms. It will not be shared with any other organisations.

People who call Firebrand

When you call Firebrand we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in transit to us. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected all the way to us.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

People who use our chat service

We use third-party providers to supply and support our chat service, which we use to handle customer enquiries in real time.

If you use the chat service we will collect your name, email address (optional) and the contents of your chat session. This information will be retained and will not be shared with any other organisations.

You can request a transcript of your chat session if you provide your email address at the start of your session or when prompted at the end.

Marketing messages

You can opt out of any marketing messages we send you at any time using the unsubscribe link in our emails.

Online Advertising

We use services such as Google AdWords Remarketing to advertise Firebrand across the Internet. Remarketing will display relevant ads tailored to you based on what parts of the Firebrand website you have viewed by placing a cookie on your internet browser. Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

How to Opt Out of Remarketing and Advertising - If you do not wish to participate in Remarketing, you can opt out by visiting the remarketing services preferences manager which is normally presented as a link on the advert.

You can also opt out of any third-party vendor's use of cookies by visiting

Biometric Data

To offer (ISC)2 exams we must comply with Pearson VUE Select Status requirements which include, where permitted by law, the use of biometric palm recognition. This is used to authenticate all delegates taking (ISC)2 exams. Neither Firebrand Training Ltd nor (ISC)2 collect or retain the raw biometric data. However, for a period of five years following the person's last contact with (ISC)2, data based upon an algorithm of the palm scan received when accessing an examination site is stored. This assists (ISC)2 in assuring the identity of those taking its exams but cannot be used to identify delegates outside of the (ISC)2 database. This data is destroyed after the five-year period and is used for no other purpose.

For more information on (ISC)2 and Firebrand Training's use of palm vein pattern recognition please see our blog post.


Unfortunately, no data transmission over the Internet is guaranteed 100% secure, but we do take appropriate steps to protect the security of your personal data, before it arrives, and certainly once we have it.

Inaccuracies and corrections

We endeavour to keep your personal data accurate and up to date. If you become aware of errors or inaccuracies, please email

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Complaints or queries

Firebrand tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Firebrand’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

If you want to make a complaint about the way we have processed your personal information, you can contact us via Alternatively you can contact the Information Commissioner - the statutory body which oversees data protection law – at

Access to personal information

Firebrand tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR Act 2018. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to the Firebrand for any personal information we may hold you need to put the request in writing addressing it to

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting us in writing at

Disclosure of personal information

In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.

You can also get further information on:

  • agreements we have with other organisations for sharing information;
  • our instructions to staff on how to collect, use and delete personal data; and
  • how we check that the information we hold is accurate and up to date.

Transfer of data

By the nature of the Internet, the personal data you supply through this website may be sent electronically to servers anywhere in the world. It may be used, stored and processed anywhere in the world, including countries outside the European Economic Area. If Firebrand transfers the data outside the EEA it will ensure that all reasonable security measures are taken and that any third party processors will be required to process the data in accordance with Firebrand’s instructions.

Links to other websites

This privacy notice does not cover the links within this site to other websites or the services they provide. We encourage you to read the privacy statements on the other websites you visit.

How to contact us

If you want to request further more detailed information about our privacy policy you can email

Supervisory Authority (ICO)

If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority. The Information Commissioner’s Office (ICO) can be contacted at: - Information Commissioner’s Office
Wycliffe House
Water Lane
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Fax: 01625 524 510

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 11 June 2021.

Press enter to see more results