1. Introduction
SoftTrain Cloud Ltd respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, and protect personal information when providing our bespoke software-as-a-service (SaaS) solutions and when you interact with our website or services.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who We Are
SoftTrain Cloud Ltd is a UK-based limited company providing bespoke cloud software solutions to clients in the UK, EEA, USA, and Canada.
Registered office: 2 Cotton End Road, Exning, Newmarket, England, CB8 7NN
Email: james@softtrain.co.uk
We act as a Data Controller when determining how and why personal data is processed, and as a Data Processor when processing data on behalf of our clients.
Where we process personal data on behalf of clients, we do so in accordance with client instructions and applicable data processing agreements.
3. Personal Data We Collect
We may collect and process the following types of personal data:
We do not collect special category (sensitive) data unless explicitly required and agreed with the client.
4. How We Use Personal Data
We use personal data only for legitimate business purposes, including:
5. Lawful Basis for Processing
We rely on the following lawful bases for processing personal data:
6. Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined above, including legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymised. Retention periods are determined based on legal obligations, contractual requirements, and operational necessity.
7. Data Security
We implement appropriate technical and organisational measures to protect data, including:
We maintain procedures for identifying, reporting, and managing personal data breaches in accordance with applicable data protection laws.
8. International Data Transfers
Where data is transferred outside the UK or EEA (e.g., to clients in the USA or Canada), we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to Standard Contractual Clauses, adequacy regulations, or equivalent lawful transfer mechanisms.
9. Data Sharing
We do not sell or rent personal data.
We may share limited data with trusted third parties who assist in delivering our services (e.g., hosting, email, or accounting providers), under strict confidentiality and data protection agreements.
10. Data Subject Rights
Under UK GDPR, individuals have rights to:
Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their data has been handled improperly.
11. Cookies
Our website may use cookies for functionality and analytics. Users can control cookie preferences via browser settings. We do not use cookies for advertising or profiling.
Where required by law, users will be asked to provide consent before non-essential cookies are placed on their device.
12. Policy Review
This policy will be reviewed annually or sooner if required by law, technology, or business changes.
13. Approval
This Privacy Policy has been approved and adopted by the Directors of SoftTrain Cloud Ltd on 28th April 2026.
SoftTrain Cloud Ltd respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, and protect personal information when providing our bespoke software-as-a-service (SaaS) solutions and when you interact with our website or services.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who We Are
SoftTrain Cloud Ltd is a UK-based limited company providing bespoke cloud software solutions to clients in the UK, EEA, USA, and Canada.
Registered office: 2 Cotton End Road, Exning, Newmarket, England, CB8 7NN
Email: james@softtrain.co.uk
We act as a Data Controller when determining how and why personal data is processed, and as a Data Processor when processing data on behalf of our clients.
Where we process personal data on behalf of clients, we do so in accordance with client instructions and applicable data processing agreements.
3. Personal Data We Collect
We may collect and process the following types of personal data:
- Client contact details: name, business email, telephone number, company name, job title.
- Account and authentication data: login credentials, access permissions, or user profiles.
- Technical data: IP address, browser type, operating system, and usage statistics.
- Communications data: correspondence via email, contact forms, or support requests.
- Billing data: payment details, VAT or tax information.
We do not collect special category (sensitive) data unless explicitly required and agreed with the client.
4. How We Use Personal Data
We use personal data only for legitimate business purposes, including:
- Delivering and maintaining our SaaS services;
- Managing client accounts and billing;
- Providing customer support and responding to enquiries;
- Improving and securing our software and infrastructure;
- Meeting legal, tax, and contractual obligations;
- Sending service-related updates or notifications (never unsolicited marketing without consent).
5. Lawful Basis for Processing
We rely on the following lawful bases for processing personal data:
- Contractual necessity – to deliver our services to clients;
- Legal obligation – to comply with tax, accounting, or regulatory requirements;
- Legitimate interests – for security, quality assurance, and service improvement;
- Consent – for optional communications or marketing.
6. Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined above, including legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymised. Retention periods are determined based on legal obligations, contractual requirements, and operational necessity.
7. Data Security
We implement appropriate technical and organisational measures to protect data, including:
- Encryption and secure transmission of data;
- Restricted access controls and multi-factor authentication;
- Regular backups and data integrity checks;
- Hosting data with Microsoft Azure, which maintains strong sustainability and data protection commitments.
We maintain procedures for identifying, reporting, and managing personal data breaches in accordance with applicable data protection laws.
8. International Data Transfers
Where data is transferred outside the UK or EEA (e.g., to clients in the USA or Canada), we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to Standard Contractual Clauses, adequacy regulations, or equivalent lawful transfer mechanisms.
9. Data Sharing
We do not sell or rent personal data.
We may share limited data with trusted third parties who assist in delivering our services (e.g., hosting, email, or accounting providers), under strict confidentiality and data protection agreements.
10. Data Subject Rights
Under UK GDPR, individuals have rights to:
- Access their data;
- Request correction or deletion;
- Restrict or object to processing;
- Request data portability;
- Withdraw consent (where applicable).
Requests should be sent to: james@softtrain.co.uk
We aim to respond within one calendar month.
Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their data has been handled improperly.
11. Cookies
Our website may use cookies for functionality and analytics. Users can control cookie preferences via browser settings. We do not use cookies for advertising or profiling.
Where required by law, users will be asked to provide consent before non-essential cookies are placed on their device.
12. Policy Review
This policy will be reviewed annually or sooner if required by law, technology, or business changes.
13. Approval
This Privacy Policy has been approved and adopted by the Directors of SoftTrain Cloud Ltd on 28th April 2026.