Information That Enters Our Systems

When you begin exploring our training programmes or enrol in courses, certain details become necessary for us to deliver what you're seeking. The scope of this information depends entirely on how you choose to interact with our services.

Account Creation and Enrollment

Registering for our courses requires your name, email address, and phone number. These three elements let us confirm your identity, communicate about your progress, and reach you when scheduling issues arise. If you're enrolling in specialised modules—historical interpretation or cultural heritage programmes, for instance—we might ask about your educational background to ensure proper placement.

Payment Processing

Course fees necessitate payment details. We capture billing addresses and transaction records, though actual card numbers pass through external payment processors rather than residing on our servers. What remains with us are confirmation numbers and payment dates—enough to track your enrolment status without holding sensitive financial credentials.

Learning Engagement

As you move through coursework, our systems record which modules you've completed, assessment scores, and time spent on various materials. This isn't surveillance—it's how we know whether you've met certification requirements and where you might need additional support.

Why These Details Matter to Us

Every piece of information serves a direct function in delivering tour guide education. We don't gather data speculatively or "just in case"—each element connects to something concrete.

Your contact details enable course delivery. Without an email address, we can't send module materials or notify you about schedule changes. Your phone number becomes critical when last-minute adjustments affect in-person training sessions at our Waterlooville location.

Learning records determine certification eligibility. When you complete the heritage site interpretation module, we need documentation of that completion to issue your certificate. Assessment scores tell us whether you've mastered the material or need another attempt.

Payment information confirms your enrolment status. We track who's paid for which courses, when renewals are due, and whether payment plans are current. This administrative necessity keeps your access active and prevents confusion about enrolment standing.

How We Handle What You Share

Information doesn't sit idle after collection. It moves through various operations, each serving a specific purpose in your training experience.

Course Administration

Our programme coordinators access your enrolment records when arranging training schedules, assigning instructors, and organising practical assessment sessions. This handling is manual rather than algorithmic—real people making decisions about course logistics based on who's enrolled and what they need.

Instructor Access

Teaching staff see your name, progress records, and assessment results for courses they're instructing. They need this visibility to provide feedback, grade assignments, and understand where students are struggling. Instructors don't access your payment details or contact information beyond what's necessary for course communication.

Technical Maintenance

Our systems administrator occasionally reviews account data when troubleshooting access issues or investigating technical problems. This happens reactively—when something breaks or you report a problem—rather than as routine surveillance.

When Information Leaves Our Organisation

Most data stays within Zroxelvoid systems, but certain operations require external involvement. These transfers follow strict limitations.

Payment Processors

When you pay course fees, transaction details pass to our payment service provider. They process the actual charge and return confirmation to us. We've selected processors that maintain UK data standards and don't repurpose transaction information for marketing or analytics.

Email Delivery Services

Course communications, module materials, and administrative notices reach you through an email service provider. This provider handles message delivery but doesn't access message content for their own purposes. Your email address exists in their system solely to facilitate our communications with you.

Certification Verification

Some employers or tourism organisations contact us to verify certifications you've claimed. In these instances, we confirm your completion status, graduation date, and specific certifications earned. We make no disclosures beyond these factual confirmations, and only when you've provided written authorisation or the verifying party demonstrates legitimate need.

Legal Requirements

Occasionally, legal obligations compel disclosure. If UK authorities present proper documentation requesting information about a specific individual, we comply within the bounds of what's legally required. This happens rarely—perhaps once every few years—and always through formal legal processes.

Security Measures in Place

Protection involves both technical systems and human practices. Our approach combines standard security protocols with organisational discipline.

All data transmissions use encryption—whether you're logging into your account or submitting an assignment. Our servers sit behind firewalls with restricted access. Only staff members with genuine operational needs can access student databases, and those access privileges are reviewed quarterly.

We maintain backup systems in case primary servers fail, but these backups follow the same access restrictions as live data. Physical security at our Waterlooville facility includes locked server rooms with entry logs. Staff receive regular training on data handling practices, though honestly, most security lapses come from human error rather than malice—something we address through clear procedures and regular reminders.

Despite these precautions, absolute security doesn't exist. Systems can be compromised, errors can occur, and determined attackers sometimes succeed. We maintain incident response procedures for when things go wrong, including direct notification to affected individuals and cooperation with relevant authorities.

What Control You Maintain

You're not powerless once information enters our systems. Several mechanisms let you influence what happens with your data.

Accessing Your Records

You can request copies of everything we hold about you—enrolment records, assessment scores, payment history, and communication logs. We provide this information within one month of your request, delivered as a PDF document or spreadsheet depending on the data type. There's no charge for this service unless you make repeated requests within a short timeframe, which would require disproportionate effort on our part.

Corrections and Updates

If details we hold are wrong—misspelled name, outdated phone number, incorrect completion dates—you can have them corrected. Contact us with the specific errors and proper information. We make changes within two weeks for simple corrections, longer for issues requiring verification against original documentation.

Deletion Requests

You can ask us to delete your information, though this comes with practical limitations. If you've completed courses and earned certifications, we must retain proof of those achievements indefinitely—otherwise we couldn't verify your credentials years later when an employer asks. Active enrolment records stay in our systems until course completion.

Once you've graduated and several years have passed, most of your information becomes eligible for deletion upon request. We'd remove contact details, assignment submissions, and internal notes while preserving the basic fact of your certification—name, course completed, date achieved. This minimal record lets us verify credentials without maintaining your full educational history.

Objecting to Specific Processing

If you believe we're handling your information inappropriately, you can object. Maybe you think we're retaining records longer than necessary, or sharing details beyond what you authorised. Lodge your objection in writing with specific concerns. We'll review the situation and either modify our practices or explain why the current handling is necessary and lawful.

Retention Periods and Deletion

We don't keep information forever, but different types of data have different lifespans based on practical and legal requirements.

Active student records—everything related to current enrolment—stay accessible throughout your time with us and for two years after course completion. This window allows for credential verification, continued education opportunities, and resolution of any post-graduation questions.

Financial records persist for seven years as required by UK tax authorities. After that period, payment histories are deleted unless they're tied to ongoing disputes or legal matters.

Basic certification records—confirming who completed which courses and when—remain permanently in our archives. This permanent retention serves your interests as much as ours; you might need proof of your 2025 tour guide training in 2040, and we should be able to provide that verification.

Communication logs and support tickets get purged after three years. Email correspondence with programme coordinators, technical support exchanges, and similar operational communications have limited long-term value and disappear once they've aged out.

Assessment materials and assignment submissions are deleted one year after course completion. Once your certification is issued and the immediate window for grade appeals has passed, we don't need copies of your essays or exam responses.

Legal Foundations for Processing

UK data protection law requires that we have legitimate grounds for handling personal information. Our processing rests on several legal bases depending on the specific activity.

Most of what we do falls under "contractual necessity"—when you enrol in our courses, we need your information to deliver the training you've purchased. This covers enrolment processing, course delivery, certification issuance, and related administrative functions.

Some processing relies on "legitimate interests"—our genuine operational needs that don't override your privacy rights. Preventing fraud, maintaining system security, and improving course content based on aggregate performance data fit this category.

Where neither contractual necessity nor legitimate interests apply, we seek your explicit consent. Optional communications about new programmes, invitations to alumni events, and similar non-essential contacts happen only with your permission, which you can withdraw anytime.

Legal compliance occasionally demands specific processing—maintaining financial records for tax purposes, for instance, or responding to properly authorised information requests from authorities.

Geographic Considerations

Zroxelvoid operates from the United Kingdom and our systems reside on UK servers. Your information doesn't routinely travel outside British jurisdiction.

The email service provider we use maintains servers in multiple European locations, meaning your contact details and course communications might physically reside in Ireland or Germany at any given moment. These transfers stay within regions offering equivalent data protection standards to the UK.

We don't transfer information to countries with weaker privacy frameworks. If operational needs ever required such transfers, we'd implement specific safeguards and notify you beforehand.

Changes to These Practices

Our handling of information evolves as our organisation grows and regulations change. When we modify these practices substantially, we'll notify enrolled students via email and post updated documentation on our website.

Minor clarifications and technical updates happen without individual notification. The effective date at the top of this document indicates when the current version took effect. Checking back periodically makes sense if you want to stay informed about our current practices.

Fundamental changes—like introducing entirely new categories of data collection or substantially different retention periods—would trigger direct communication to affected individuals with clear explanations of what's changing and why.