Skip to content

Privacy policy: training & consultancy

This policy describes the types of personal information that we may collect about you, the purposes for which we use the information, the circumstances in which we may share the information and the steps that we take to safeguard the information to protect your privacy.

This policy applies to NGA training and consultancy services only.

View the full NGA privacy policy

Controllers of personal information

Any personal information provided to or gathered by National Governance Association is controlled by National Governance Association, whose registered office is 36 Great
Charles Street, Birmingham, B3 3JY (the data controller).

What is the purpose of processing this data and the legal basis?

NGA processes this data in order to deliver Training and Consultancy services. NGA’s legal basis for processing data will fall under:

  • Processing is required for the performance of a contract with the Data Subject or to move towards entering into a contract.

What personal information does National Governance Association gather to deliver this contract?

The information we gather from you is required to deliver Training and Consultancy services. This personal information may include: your name, email address, phone number, name of school or academy which you govern at, your governor role (chair/vice-chair), preferred communication method, bank details and/or credit card details (if you are required to pay for training).

Contacting us via website or otherwise

When you use the website or contact us by post, telephone or email we collect, store and use certain personal information that you disclose to us. If you contact us, we may keep a record of that correspondence.

What do we do with personal information collected from you?

We use personal information to deliver Training and Consultancy services.

We use the personal information to deliver the programmes through: staff administration, to facilitate bookings, to send you joining information and information on the programmes and so your consultant/trainer can communicate with you
throughout the delivery of our training and consultancy services. We may also use the information to: process payments, to prevent crime and aid in the prosecution of offenders, and to administer and maintain programme records.

In addition, we use this information to improve our programmes, website and systems, prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf.

We also use your details to send you programme information or amendments or post any materials necessary for training. The address to which these are posted will be advised by the client and not by NGA. We will also use the information in the course of collecting any programme fee or any other payments that may be due to us from your organisation.

We will not share your personal information with third parties for marketing purposes.


Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser to enable our systems to recognise your browser. NGA uses authentication cookies, we do not use tracking cookies and will not gather any information relating to third party sites or search engines.

The “Help” menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing
the add-on's settings or visiting the website of its manufacturer.

If you do leave cookies turned on, be sure to sign off when you finish using a shared computer.

NGA uses cookies to:
• To estimate our audience size and usage pattern.
• To speed up your searches

Use of Data Processors

Information about our clients is important to NGA and we do not sell it to others. Data processors are third parties who provide elements of our service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Data Processors:

a) Spire Business Management Solutions Ltd (Spire BMS) – NGA uses Spire BMS as our CRM provider in order to deliver membership services. Through this database, NGA is
able to track memberships and renewals. Spire BMS’s privacy notice can be found here:

b) Surftech IT – Surftech IT provide NGA with IT support services. Surftech IT will have access to the following data to fulfil this contract: First name, last name and email address.

For those undertaking an External Review of Governance or purchasing the Evalu8 360 online tool from NGA:

a) Evalu8- Evalu8 provides the 360 diagnostic tool which governors will use as part of their external review or through purchasing the tool directly. Evalu8 will have access to the following data to fulfil this contract: First name, name last, email address and school.

Evalu8’s privacy policy can be found here.

How secure is information about me?

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable information. Our security procedures
mean that we may request proof of identity before we disclose personal information to you.

What rights do I have in relation to my personal information?

The Data Protection Act 1998 gives you the right to access personal information held about you. Your right of access can be exercised in accordance with the Act. If you would like to access your personal information, you can contact NGA by the following means:

1) Write to NGA and address the letter to “The Head of Operations” at National Governance Association, 36 Great Charles Street, Birmingham, B3 3JY.

2) Contact us at:
On May 25th 2018, the European Union General Data

On May 25th 2018, the European Union General Data Protection Regulation will come into force across all EU member state. This gives you the right to access personal information held about you from this date forward.


NGA holds the Cyber Essentials Certificate of Assurance. This Certificate certifies that NGA was assessed as meeting the Cyber Essentials implementation profile published in February 2017 and thus that, at the time of testing; the organisations ICT defences were assessed as satisfactory against commodity based cyber attack.


Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to the Office Manager, National Governance Association, 36 Great Charles Street, Birmingham, B3 3JY.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We
encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 11 December 2020.