COVID Update

This statement describes how CAT Driver Training Ltd. (“We”) collects and uses personal information. The terms of this statement may change, so please check it from time to time.

Under the Data Protection Act 1998, we have a legal duty to protect any information we collect from you. We use appropriate technologies to safeguard your details, and keep to strict security standards to prevent unauthorised access to it.

CAT Driver Training Ltd. is committed to protecting and respecting your privacy. is a site operated by CAT Driver Training Ltd.  We are registered in England and Wales under company number 4974797 and have our registered office at 50 Lincroft, Cranfield, Beds. MK43 0HT. Our VAT number is GB 933478109.

We are a limited company.

If you have any queries about this privacy statement, please contact Jo Hoad at: or by post to Jo Hoad, 50 Lincroft, Cranfield, Beds. MK43 0HT.

What information do we collect and how do we use it?

The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.

We will immediately stop processing your data if a basis on which we process your personal information is no longer relevant.  If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website or directly.

Information requests we process with your consent

We use contact information from web forms, emails, mail and telephone to send you information or materials that you have requested or to provide you a service.  Your contact information is also used to contact you when necessary, for example, to fulfil a query or to provide a service.  At this stage there is no contractual relationship between us, but in order to fulfil your request, you are providing your consent to us to process information that may be personal information.

Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to the terms and conditions of purchase in your booking form and if you wish to receive our newsletters.  Sometimes you might give your consent implicitly, such as when you send us an email to which you would reasonably expect us to reply.

We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.  You may withdraw your consent at any time by instructing us by email to However, if you do so, you may not be able to use our services further.

Training requests we process because of a contractual obligation with you

When you buy a service from us or otherwise agree to our terms and conditions, a contract is formed between you and us.  In order to carry out our obligations under that contract we must process the personal information you give us in order to:

  • Verify your identity for security purposes
  • Verify your eligibility to drive
  • Sell products to you
  • Provide you with our services
  • Provide you with suggestions and advice on services
  • Receive payment for our services

Information is processed on the basis there is a contract between us, or that you have requested we use information before we enter into a legal contract.  We may also aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide.  If we use it for this purpose, you as an individual will not be personally identifiable.

Information we process because we have a legal obligation

We are all subject to the law with the requirement to process your information at times in order to comply with a statutory obligation.  An example could be where we are required to give information to legal authorities if so requested or if they have the proper authorisation such as a search warrant or court order.  This could include your personal information.

Information provided on the understanding that it will be shared with a third party

When booking our training services you will be required to disclose personal data for any or all of the following purposes:

  • DVLA driving licence validity check
  • Insurer approval to use our vehicles on the public highway
  • Indemnity & Disclaimer forms for participating in potentially dangerous activities
  • Invoicing
  • Course payment
  • Training venue access
  • Post training experience feedback
  • Periodic newsletter

Information collected is not used for marketing purposes with the exception of the training review facility which is a publicly viewable facility, or if you have given prior consent for materials such as case studies and/or social media activities.

Driving licence details are shared with the training facility in order to meet the authority check for using the facility.  DVLA validity checks, insurer approvals, indemnity and disclaimer forms may be passed on to the training venue, insurance company or lawyers in the event of an incident during participation.  They are kept for a period of seven years before being securely destroyed.  However, once this information is passed onto a third party it falls outside our control.

Our accounting software (Xero) is cloud based.  Data may be transferred outside of the EEA. Where personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where Xero have approved transfer mechanisms in place to protect personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).  A Data Processing Agreement is in place between our companies.

We utilise the Microsoft suite of cloud based products for administration of your booking.  Microsoft complies with both EU-U.S. Privacy Shield and EU Model Clauses.

We use the services of Trustpilot to assist with the collection of transparent feedback from you following your training experience.  The personal data shared is limited to your name, email address and certificate number as a validation reference.  You as the writer are in control of how you wish your name to appear at the time of writing the review and if you choose to complete one.  A Data Processing Agreement is in place between our companies.

We use the services of JC Peters Ltd, through its trading name: Email Blaster to produce & distribute our periodic newsletter.  They securely hold all customer data in their ISO 27001 compliant Tier 4 data centre in Milton Keynes, England.  Registered with the Information Commissioners Office (ICO registration number: ZA090776) Email Blaster is fully compliant with the GDPR 2016/679 in all regards and pertaining to the holding and processing of data held for and on behalf of its customers.

We use the services of Lucy Hoad Marketing to organise our marketing activities.  Google Cloud is utilised.  Google provides confirmation that their certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks includes G Suite and Google Cloud Platform.  They have also gained confirmation of compliance from European Data Protection Authorities for their model contract clauses, affirming that their current contractual commitments for G Suite and Google Cloud Platform fully meet the requirements under the Data Protection Directive to legally frame transfers of personal data from the EU to the rest of the world. A Data Processing Agreement is in place between Lucy Hoad Marketing & ourselves.

Information relating to your method of payment

For transactions where the card holder is not present, personal details are never written down and are processed via the Secure World Pay website.  We are PCI DSS compliant.

Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.  Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

To further protect your personal data when making a booking, the secure upload link within our website should be used to send your booking form to the support team.


The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it based on the above.  Following that period, we’ll make sure it’s deleted or anonymised.

Sending a message to our support team

When you contact us, whether by telephone, through our website, by email or by social media, we collect the data you have given to us in order to reply with the information you need.  We record your request and our reply in order to increase the efficiency of our business – this can sometimes be done in the form of an internal customer relationship management system.  We keep personally identifiable information associated with your message, such as your name and email address, so as to be able to track our communications with you to provide high quality levels of customer service.


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that may enable you to log into secure areas of our website.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our website more relevant to your interests.

Please note that third parties (such as external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.  However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

What happens when you link to another site?

Our website contains links to other websites. This privacy policy applies only to our website, so you should always be aware when you are moving to another site and read the privacy statement of any site which collects personal information.

We do not pass on any personal information about you to any other site when you link to another website.

Your Rights & Access to your information

It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to

You also have rights to:

  • know what personal data we hold about you, and to make sure it’s correct and up to date
  • request a copy of your personal data, or ask us to restrict processing your personal data or delete it
  • object to our continued processing of your personal data

You can exercise these rights at any time by sending an email to or writing to Jo Hoad, 50 Lincroft, Cranfield, Beds. MK43 0HT.

Removal of your information

To remove yourself from receiving marketing emails from us click ‘unsubscribe’ when you receive one of our newsletters.  When unsubscribing from our newsletter your personal data is not removed from your training history, but marketing material is no longer communicated to you.

Verification of your information

When receiving any request to access, edit or delete personal identifiable information we shall take reasonable steps to verify your identity before granting you access or otherwise taking any action.  This is to safeguard your information.

Users 17 and under

We do not provide services for purchase by children, nor do we market to children.  If you are under 18, you may use our website only with consent from a parent or guardian.

Your consent

By providing us with your personal data, including sensitive personal data such as on your health, you consent to the collection and use of this information in accordance with the purposes described above and this privacy statement, and you agree to allow us to share your details with other organisations that may fulfil your order or query on our behalf.

Changes to this privacy policy

We may update this privacy policy statement from time to time as necessary.  The terms that apply to you are those posted here on our website on the day you use our services.  We advise you to print a copy for your records.  If you have any questions regarding this privacy policy, please contact us.

What if I do not agree with this privacy policy?

If you do not agree to our processing of your data in the manner outlined in the policy, please do not submit any personal data to us.

You can unsubscribe at any time by emailing us at or writing to Jo Hoad, 50 Lincroft, Cranfield, Beds. MK43 0HT.

How you can complain

To exercise all relevant rights, queries or complaints please in the first instance contact us by emailing or writing to Jo Hoad, 50 Lincroft, Cranfield, Beds. MK43 0HT.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.


We've trained 5,846 customers