Privacy Policy

Last updated: 8 April 2026

1. Who We Are

Pronto Systems Ltd ("we", "us", "our") is the data controller for the personal data processed through our training management platform and corporate website. We are registered in England and Wales.

2. Data We Collect

We collect and process the following categories of personal data:

  • Account data: name, email address, company name, role, and login credentials.
  • Delegate data: names, contact details, dietary and accessibility requirements, certificate records, and assessment results uploaded by training providers.
  • Transaction data: payment information processed via Stripe, invoice records, and booking history.
  • Usage data: pages visited, features used, device information, and IP addresses for analytics and security.
  • Contact form data: name, email, company, and message content submitted through our website.

3. How We Use Your Data

  • To provide and maintain the platform and your account.
  • To process bookings, payments, and generate invoices and certificates.
  • To send transactional communications (booking confirmations, joining instructions, reminders).
  • To respond to your enquiries and support requests.
  • To monitor and improve the security and performance of the Service.
  • To comply with legal obligations.

4. Legal Basis for Processing

We process your data under the following lawful bases: (a) performance of a contract — to deliver the Service you have subscribed to; (b) legitimate interests — to maintain security, improve the platform, and communicate with you; (c) legal obligation — to comply with regulatory requirements; (d) consent — where you have explicitly opted in to optional communications.

5. Data Sharing

We do not sell your personal data. We share data only with: (a) Stripe for payment processing; (b) Resend for transactional email delivery; (c) infrastructure providers for hosting and security; (d) as required by law or to protect our legal rights. All third-party processors are bound by data processing agreements.

6. Data Isolation

The Pronto platform enforces strict multi-tenant data isolation. Each training provider's data is logically separated at the database level using query filters and tenant identifiers. No tenant can access another tenant's data under any circumstances.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination, data is retained for 30 days to allow for export, then permanently deleted. Financial records may be retained longer to comply with tax and accounting obligations.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict processing of your data.
  • Request data portability in a machine-readable format.
  • Withdraw consent at any time for consent-based processing.

The platform provides built-in tools for data export and account erasure. For other requests, contact us at [email protected].

9. Cookies

Our corporate website uses essential cookies required for the site to function (theme preference, session state). We do not use advertising or tracking cookies. Analytics, where used, rely on privacy-respecting, cookieless solutions.

10. Security

We implement industry-standard security measures including HTTPS encryption, secure authentication, role-based access control, and comprehensive audit logging. For more details, see our Security page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. The "last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related enquiries, contact us at [email protected].