How we collect, use and protect your personal data · Version 1.0 · May 2026
CES Academy is the training and CPD platform of CES Medical Ltd (ICO Registration: ZB998269), a registered company operating surgical and clinical centres across Kent and the South East. CES Academy is registered with the General Optical Council (GOC) as a CPD provider.
CES Medical Ltd is the Data Controller for all personal data processed through CES Academy.
| Data Controller | CES Medical Ltd t/a CES Academy |
| Registered Address | Maidstone Innovation Centre, Gidds Pond Way, Weavering, Maidstone, ME14 5FY |
| ICO Registration Number | ZB998269 |
| ICO Registration Expires | 23 September 2026 |
| Data Protection Officer | Mrs Karolina Ker — [email protected] | 07795 744533 |
| General Contact | [email protected] |
| Website | cesacademy.co.uk |
When you complete a CES Academy CPD feedback form we collect:
When you register for a CES Academy CPD event we collect:
Our website uses essential cookies to ensure the site functions correctly, and analytics cookies (with your consent). See our Cookie Policy.
| Purpose | Data Used | Lawful Basis (UK GDPR) |
|---|---|---|
| Issue GOC CPD certificates of attendance | Name, GOC number, email | Legitimate Interests Art. 6(1)(f) — regulatory obligation as GOC provider |
| Maintain GOC audit records | Name, GOC number, attendance records | Legitimate Interests Art. 6(1)(f) — GOC provider compliance |
| Improve CPD content and delivery | Feedback ratings and comments | Legitimate Interests Art. 6(1)(f) — quality improvement |
| Send CPD certificates and event communications | Email address | Legitimate Interests Art. 6(1)(f) — direct benefit to data subject |
| Send marketing about future events | Email address | Consent Art. 6(1)(a) — opt-in only |
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
| Data type | Retention period |
|---|---|
| CPD attendance records and certificates | 6 years following the end of the CPD cycle (GOC requirement) |
| Event feedback responses | 6 years following the end of the CPD cycle |
| Marketing consent records | Until withdrawn or 3 years of inactivity |
| Website analytics | 26 months (rolling) |
After the applicable retention period, data is securely deleted or anonymised.
We do not sell your personal data. We may share data only in these limited circumstances:
All third-party processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.
| Right | What this means |
|---|---|
| Right to be informed | To know how your data is used — this policy fulfils that obligation |
| Right of access | To request a copy of personal data we hold about you |
| Right to rectification | To correct inaccurate personal data |
| Right to erasure | To request deletion — note: GOC obligations may limit this during the 6-year retention period |
| Right to object | To object to processing based on legitimate interests — we will respond within one month |
| Right to withdraw consent | Where processing is consent-based (e.g. marketing), to withdraw at any time |
To exercise any right, contact [email protected] or the DPO at [email protected]. We will respond within one month. If unsatisfied, you may complain to the ICO at ico.org.uk or 0303 123 1113.
We may update this policy from time to time. The version date above shows when it was last updated. We will notify registered attendees of material changes by email.
| Data Controller | CES Medical Ltd t/a CES Academy |
| Registered Address | Maidstone Innovation Centre, Gidds Pond Way, Weavering, Maidstone, ME14 5FY |
| ICO Registration | ZB998269 (expires 23 September 2026) |
| [email protected] | |
| Data Protection Officer | Mrs Karolina Ker — [email protected] | 07795 744533 |
| Website | cesacademy.co.uk |
For data protection queries, email [email protected] with subject line 'Data Protection'.