Home
Training Security Training Resilience & Communication First Aid & Trauma AI & Cyber Security All courses →
Services Security Consultancy Incident Management Security Intermediair AI Compliance & Certification Corporate & In-company
About Us Team Contact
🇳🇱 NL 🇬🇧 EN
Academy

Privacy Policy

Last updated: January 2026

1. Introduction

Melrose Academy ("we", "us", "our") attaches great importance to the protection of your personal data. This privacy policy describes how we collect, process, store and protect personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation.

This policy applies to all services of Melrose Academy, including training, consultancy, certification programmes and the use of our website melroseacademy.nl.

Data Controller: Melrose Academy Chamber of Commerce number: [to be completed] Email: info@melroseacademy.nl

2. What data we collect

We collect personal data in the following categories:

2.1 Data you provide to us

  • Contact details: name, email address, telephone number, company name and job title
  • Registration data: data required for participation in training programmes and courses
  • Communications: content of messages you send us via contact forms, email or telephone
  • Billing data: company name, address, VAT number and payment details

2.2 Data collected automatically

  • Website usage: IP address, browser type, pages visited, visit duration and referring website
  • Cookies: functional and analytical cookies (see our Cookie Policy)

2.3 Data from third parties

  • Data provided by your employer for corporate training registrations

3. Purposes of processing

We process your personal data for the following purposes:

  • Service delivery: conducting training, consultancy and certification programmes
  • Communication: answering questions and informing you about relevant developments
  • Administration: invoicing, accounting and contract management
  • Improvement: improving our website, training programmes and services
  • Legal obligations: complying with fiscal and other statutory retention requirements

4. Legal bases for processing

We process personal data on the basis of the following legal grounds:

  • Performance of a contract: where processing is necessary for the performance of a training or service for which you have registered
  • Legitimate interest: for improving our services and securing our systems
  • Consent: where you have given explicit consent, for example to receive newsletters
  • Legal obligation: where we are legally required to process or retain data

5. Retention periods

We do not retain personal data longer than necessary for the purpose for which it was collected:

  • Client and participant data: up to 2 years after the last interaction, unless a longer retention period applies
  • Billing data: 7 years in accordance with fiscal retention requirements
  • Certification data: 10 years for the purpose of verifying certificates obtained
  • Website analytics: maximum 26 months
  • Communication history: up to 1 year after resolution

6. Sharing with third parties

We only share your personal data with third parties where this is necessary for our service delivery or where we are legally required to do so:

  • Processors: parties that process data on our behalf, such as our hosting provider, email service provider and accounting software. We have entered into data processing agreements with these parties.
  • Certification bodies: for the application and registration of certificates
  • Government authorities: where we are legally required to do so

We do not sell your personal data to third parties and do not provide it for commercial purposes of third parties.

7. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These measures include:

  • Encrypted connections (SSL/TLS) on our website
  • Access control to systems and data
  • Regular backups
  • Awareness training for staff

8. Your rights

Under the GDPR, you have the following rights with regard to your personal data:

  • Right of access: you may request which data we process about you
  • Right to rectification: you may have incorrect or incomplete data corrected
  • Right to erasure: you may request the deletion of your data
  • Right to restriction: you may request the restriction of the processing of your data
  • Right to data portability: you may request to receive your data in a commonly used format
  • Right to object: you may object to the processing of your data
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

You can exercise your rights by contacting us at info@melroseacademy.nl. We will respond to your request within 30 days.

9. Cookies

For information about our use of cookies, please refer to our Cookie Policy.

10. Changes

We reserve the right to amend this privacy policy. The most recent version is always available on our website. In the event of substantial changes, we will inform you by email or by means of a notice on our website.

11. Complaints

If you have a complaint about the processing of your personal data, you may contact us at info@melroseacademy.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

12. Contact

For questions about this privacy policy or about the processing of your personal data, you may contact us:

Melrose Academy Email: info@melroseacademy.nl Chamber of Commerce number: [to be completed]