GDPR Policy

for Cambridge Professional Academy (trading as Professional Academy within the UK)

The following outlines the General Data Protection Regulation Policy for Cambridge Professional Academy (CPA).

The overarching principle is that

  • All data collected and/or stored by CPA is done so for the sole purposes of CPA business and an individual’s relationship with CPA. This will include; communications with students from CPA directly, communications between students and their respective support tutors, and communications with individuals and businesses who have expressed genuine and legitimate interest in CPA products or services. Individual’s personal data will not be shared with a third party without prior written consent.
  • No member of staff both at CPA head office or within the support tutor network will share any personal data with a third party without the prior consent of the individual. This includes, but is not limited to Name, address, email address and phone details.
  • All CPA Staff consent to their business email address, phone number and associated business contact details to be circulated for the sole purposes of CPA business.

Communications with interested parties

  • By submitting their contact details as part of a query to CPA, via website, phone call, webchat, SMS, social media platforms, face-to-face, or email, interested parties have expressed legitimate interest in CPA’s products and services.
  • Parties completing online webforms will be asked to opt-in to receive further information, if the interested party does not opt-in they will be removed from all bulk marketing, but CPA may contact them on an individual basis to investigate and confirm their legitimate interest.
  • Individuals who have submitted legitimate interest in a specific product or service will only receive information regarding that specific product or service.
  • An interested party has the right to rescind their legitimate interest at any time, removing them from all communications both individual or on mass.
  • Data for individuals who have expressed legitimate interest will not be stored for more than 3 years and will be removed from all systems once this period has elapsed.

Data Storage

  • CPA will not retain any paper files of personal data, including financial transactional data.
  • CPA are responsible for the maintenance of all online cloud data storage and will continue to review the security of each system which holds personal data in a timely manner, this includes Customer Relationship Management (CRM),  Learning Management System (LMS), backup reporting, file storage systems, accounting software and eCommerce platforms.
  • Financial information for online payments are not held by CPA and are all managed by Sagepay, CPA hold none of this payment information.
  • When processing financial information by telephone staff taking the call must not write down or record any of the information given to them except in the designated boxes in the Sagepay payment terminal. They must not repeat back any card details and if they require clarification they will ask the caller to repeat the details. The transaction should not be processed on speaker phone or via email.
  • No PC or workstation shall be left unmanned without a suitable password protected screen saver. All PCs and workstations should be closed, and password protected overnight.
  • All Staff should use only their own login to access PCs and membership databases and not share their login details with others.
  • To show compliance to the General Data Protection Regulations all staff will complete a training program and sign to agree that they understand the implications (log available on request) they will also sign this policy to show they have read and understand their responsibility to personal data.
  • From May 2018 the Managing Director, Operational Director, and Sales & Marketing Director will be responsible for quarterly GDPR audits to ensure full compliance.
  • All staff have signed as part of their contract of employment a confidentiality clause.

Learners with Cambridge Professional Academy

  • On registering to study with CPA individuals must be told that the CPA will not under any circumstances use their data for any other purpose than communication with CPA support services, their direct support tutor, and post-completion marketing information. The data will not be circulated to third parties unless learners give their prior written consent. This is made clear at the beginning of the registration process.
  • From time to time CPA may be approached to circulate relevant matters on behalf of third parties, such as studying institutes. Only information relevant to your studies or membership with the institute will be communicated. Data Rights.
  • The data held by CPA can only be as accurate as the information supplied to CPA. It is the responsibility of the individual to ensure their data is accurate.
  • Once an individual has commenced their studies with CPA their personal data, including a record of their studies, will be retained electronically for 7 years or 5 years from completion, whichever longer, before deletion.
  • An individual may at any time request the removal of their personal data by contacting for learners and associated parties both past and present and for those who have previously expressed interest. It should be noted that the removal of all personal data (including email contact details) will result in CPA no longer being able to carry out the processing of the learner support and would negate the 100% pass guarantee.

Cookie Policy for for Professional Academy

This is the Cookie Policy for Professional Academy, accessible from

What Are Cookies

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of the sites functionality.

For more general information on cookies see the Wikipedia article on HTTP Cookies.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

  • Forms related cookies

    When you submit data to through a form such as those found on contact pages or a prospectus download cookies may be set to remember your user details for future correspondence.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

  • This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

    For more information on Google Analytics cookies, see the official Google Analytics page.

  • From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.

  • As we sell products it's important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.

  • The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.

    For more information on Google AdSense see the official Google AdSense privacy FAQ.

More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. Professional Academy's cookies are managed by CIVIC and Google Tag Manager.

However if you are still looking for more information then you can contact us through one of our preferred contact methods:

  • Email: