Your Privacy Matters

Here at BISMA we are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations.

This Privacy Policy sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.

If your company enlists our services, your company and our services may enter into a separate agreement that will govern the processing of all information and data collected in connection with the service, including some data collected through our websites. Such agreement takes precedence over any conflicting provision in this policy.

What is personalised data

Personalised data means any information or pieces of information that could identify you either directly (eg. your name) or indirectly (eg. through pseudonymised data).

What type of information is collected?

We will collect a range of personal information including: name, postal address, email address, date of birth, gender, specific learning difficulties, disabilities and IP address depending on the type of enquiry or service. We collect information if you:

  • submit an enquiry on one of our website forms, one of our events, on in person at our venues
  • register for a course
  • request certification from one of our courses or qualifications
  • deliver our qualifications
  • apply for job vacancies
  • engage with us on social media

Why we collect personal information

BISMA collects and processes your personal data to:

  • contact you while you are a student
  • provide you with access to our services
  • provide access to our assessments, learning materials and qualifications
  • improve our websites and services
  • ensure the security of our websites
  • better market relevant content using anonymous or pseudonymised personal data
  • Beyond these purposes, we process your data only if you have granted express consent for its stated purposes.

    As it can take up to 9 months to get from enquiry to enrollment, membership or booking a course, we may continue to communicate with you with the legal basis under GDPR of legitimate interest for this period of time.

    You can request for us to stop these forms of communication at any time.

    Who has access to your information

    Under no circumstance do we sell any of your personal information to third parties. Your information is also never shared with third parties for marketing purposes without your explicit prior consent.

    Your information may be disclosed to third-party product and service providers working on our behalf, for example to process payments or delivering email newsletters. These service providers, subcontractors and other associated organisations only have access to the information necessary to deliver the service we have hired them to provide.

    Data processing agreements are in place to ensure all of our third-party providers and suppliers do their utmost to keep your information safe and secure and do not use it for their own marketing purposes.

    Some of our suppliers run their operations outside the European Economic Area (EEA) – this may include a country which may not be subject to the same data protection laws as companies based in the UK. In these circumstances, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law, and appropriate safeguards are in place.

    Payment details are processed by a third-party provider who specialise in securely capturing and processing this type of information. This information is encrypted and is not stored by us on any of our systems or networks.

    Legal and safety reasons

    We may disclose your personal information if required by law, or other legal subpoena or warrant. We may also disclose your personal information to a regulatory or law enforcement agency if we believe it to be necessary to protect the rights, property, or personal safety of the Central YMCA Group, its customers or any third party.

    Advertising and remarketing

    As you browse our websites, advertising cookies might be placed on your computer so that we can understand what you are interested in. Our display advertising partners, Google and Facebook enables us to present you with re-targeting advertising on other sites based on your previous interaction with us.

    The techniques our partners employ do not collect personal information such as your name, email address, postal address or telephone number.

    We are also using Facebook to track conversions. This doesn’t track people’s personal data and is only used to inform marketing.


    Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. Please visit our Cookie Policy page for more detailed information.

    Technical and organisational data protection

    BISMA implements commercially reasonable technical and organisational measures to protect your personal data against abuse and loss. We store such data in secure environments. We provide training to our employees on data protection best practices and require them to enter into a confidentiality agreement.

    While we take use reasonable precautions to protect your personal information, we cannot guarantee the absolute security of your data submitted through our websites.


    Upon request, our Information Systems Manager will provide you with information as to whether and what personal data we store about you. If your personal data is incorrect, you may have it rectified. You may also revoke your consent for us to use your personal data in the future, in whole or in parts, or request deletion of your personal data.

    How can you contact us?

    If you have questions about this Privacy Policy and/or our processing of your personal data, you can get in touch using:

    Data Protection Notification
    The Information Commissioner’s Office (ICO) maintains a public register of organisations that use personal data.
    Each organisation is obliged to notify the ICO with details of the types and purposes of personal data it processes.

    Policy review
    This policy is subject to review. Last updated January 2024.