Find financial support

Surrey cycle training - privacy notice

Your personal information and Surrey County Council

Surrey County Council is committed to protecting your privacy when you use our services. Our corporate privacy notice explains in general how we use information about you and how we protect your privacy.

The Cycle Training Team commissioned and uses the bespoke online booking and administration systems Surrey Cycle Training which is developed by an external company Weblaunch Ltd. The site is used when you make a booking. Below we explain how we use your personal information.

What personal information we collect from you

As you complete a booking, we request the following information:

  • Your name
  • The name of the child for whom you are booking training, if the training is for your child
  • Your email address
  • Information about the health of the person you are booking on to the training (yourself and / or another) that could be relevant to the training.
  • If you are paying online at the point of booking, you will be asked to enter your bank card details after being transferred to GOV.UK Pay
  • Gender and ethnicity - a 'prefer not to say' option is included
  • We also ask some questions relating to your and or your child's current level of skills, the condition of their cycle and confirmation they will wear a helmet unless there are circumstances preventing them from doing so
  • Name and phone number for emergency contact, except for training based at schools in term-time as we will contact the school in an emergency

Collection of your information

You enter your personal data in order to book training.

IP address, user agent, browser and operating system are collected automatically by the system and are viewable by system administrators.

The basis on which we collect the information

Your personal information enables us to contact you and provide the training requested.

The purposes for which your information is used

  • Name: to contact you.
  • Email: to contact you.
  • Phone number: to contact you.
  • Data concerning health: to adjust the training where necessary and for the Instructor to ensure any required medical aids are being carried.
  • Name and phone number for emergency contact: for the Instructor whilst training, unless the training is school-based in term-time.
  • Bank card details: to take payment for your training.
  • Gender and ethnicity: to monitor equality of access to the service.

Sharing of your information

The web developer has access to all information.

The consent details you entered when booking are viewable by the Instructors for the course when logged in to the cycle training system. Instructors cannot see any bank card details.

If you are participating in a Borrow A Cycle scheme, we will share your name and contact details with Active Surrey, who supply the cycles.

Payments are processed via GOV.UK Pay.

If your child is participating in Bikeability Level 1, Bikeability Level 2, Bikeability Level 3 or Learn to Ride, we will share some information with the Bikeability Trust.

Information shared with The Bikeability Trust for some courses

The Bikeability Trust is the national organisation supervising standards across all training providers. Surrey County Council is a training provider. The Bikeability Trust award grants that subsidise the cost of providing training and enable us to keep fees to the lowest level possible for us.

From April 2025, a condition of the grant is that training providers share information with the Bikeability Trust. This will enable the Trust to keep an up to date record of the number of people being trained.

This condition applies to courses where children are trained for:

  • Bikeability Level 1
  • Bikeability Level 2
  • Bikeability Level 3
  • Bikeability Learn to Ride

The Trust have also made it a condition of their grant that instead of training providers completing a certificate for each child showing their outcomes from the course, training providers will provide the outcomes electronically to the Bikeability Trust. The Trust will then email the outcomes to the parent. To enable this, Surrey County Council and other training providers must electronically supply the following information to the Trust:

  • Child name
  • Child date of birth
  • Child year group
  • Training outcomes for that child
  • Parent name
  • Parent email address
  • Training venue and dates of training
  • Gender, ethnicity, free school meal and SEND information will be sent as aggregated information rather than being linked to individual children.

Through a written agreement with Surrey County Council, the Bikeability Trust will "protect the Controller Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Controller Personal Data against the risks of a Security Breach".

Where your information is stored

The personal information you share with us is stored in a database on a live server. A list of pages you visit are stored on a live server in separate log files.

No credit card, bank details or any other personal financial information are stored on our servers.

Retention of your personal information

  • Financial information (including name of person making the payment) is deleted 7 years after order date in line with Surrey County Council's Banking and credit control team privacy notice.
  • Medical and other additional needs information (not including SEND) is deleted 1 day after the last day of training.
  • SEND information is deleted 6 months after the last day of training. SEND information is kept longer than medical information to allow us to report aggregated, anonymised SEND data.
  • Trainee name is deleted 2 years after the last day of training. This is to enable us to supply a replacement certificate if requested.
  • Emergency contact details are deleted one day after the last day of training.
  • The details of a person on a waiting list are deleted 1 day after they have been assigned to a public training course.

How information is protected against breaches

The servers are protected with two independent firewalls. All ports excepting those required for operation of a website are closed or access regulated by Internet Protocol (IP) address.

All communications with the servers are encrypted to prevent man-in-the-middle attacks.

The hosting is cloud-based so there is no single physical presence, however data centres are protected by 24 hour security. The data centres are located in the UK.

How information is protected against losses

Data are backed up daily and stored securely off-site for 1 month. After one month data are destroyed.

Cloud-base hosting ensures there is no single point of hardware failure.

Did you find this information helpful?

Rating Did you find the information helpful?

We aren't able to reply to individual comments, so please don't include any personal details.

Subscribe to our newsletters for latest news and events.