Privacy Policy

Who we are:

The Council on Training in Architectural Conservation (COTAC) is a UK Registered Educational Charity (No 1162750) and its charitable purposes are as follows:
It shall be the object of the Council to advance the education and training of all those involved in the protection, preservation, and sustainability of the historic environment, and to provide knowledge in support of training and education in the arts and skills required to protect and preserve it.
This Privacy Notice has been designed to explain how and why we collect, use, store and delete data as well as how long it is kept for and if any third parties are involved. Your rights will also be clarified. This Privacy Policy applies to use of all our data processing and websites (and web-based services) on which a link to this policy appears (the "Sites") that process and store data for analysis.

For the purpose of the Data Protection Legislation, the Data Controller is COTAC, Care of the Building Crafts College, Kennard Road, Stratford, London E15 1AH. The data subject is the individual whose data is being processed. The Data Controller of the Charity can be contacted at

We are committed to keeping your information secure and take the privacy of all data extremely seriously.

By providing us with any information about yourself (including via the COTAC websites), you consent to our processing of your personal information in accordance with this Privacy Policy.

This Privacy Policy covers:
  1. How we collect your personal data
  2. What personal data we collect
  3. Our legal basis for processing
  4. How we use this personal data
  5. How we store it
  6. How long we keep it
  7. Who it is shared with
  8. Data Transfers
  9. How we delete it
  10. Your rights as a data subject
  11. Complaints
  12. Subject Access Request
  13. Links to other websites
  14. Changes to our Privacy Notice
  15. Contact Information

1. How we collect your personal data:

We can collect your personal data through the following communication channels;

  • Booking Forms, Contact Forms, Online Chats, Surveys
    The data collected through the Booking Forms, Contact Forms, Online Chats and Surveys will be provided by the data subject with consent.

  • Telephone, Email, Social Media, Postal
    The data collected through Telephone, Email, Social Media, Postal contacts will be placed into our system through our booking form. The data subject will be informed upon processing data as well as sent an email or letter to identify the storing and processing of data as well as their rights.

2. What personal data we collect:

COTAC may collect the following data:
  • Title
  • Name
  • Job Title
  • Organisation
  • Contact Telephone Number
  • Contact Email Address
  • How you heard about us (for Marketing Analysis Purposes)
  • Other information relevant to surveys and/or offers

Please note, personal data is defined as any data that can identify an individual. The personal data we may hold would include the data subject’s name, job title and/or email address.

The information we collect is to follow up on interest in our conferences, seminars, and websites, to ensure account set-up and the security of the account including any data importing within it.

3. Our legal basis for processing:

We will only process data for the purpose of providing an individual with the most relevant information, products or services. Our organisation’s legal basis for processing data is when it has been obtained voluntarily or through consent. Should our purpose for processing your data change, you will be notified.

All information collected and processed will be relevant to your interest/booking or to supply you with the right information regarding new products, services or documentation.

4. How we use this personal data:

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
  • Internal record keeping
  • To improve our products and services
  • To ensure the you receive information regarding the most relevant products and services
  • To ensure delegates receive all information and reminders regarding their purchases and updates on our legal obligations when necessary
  • Contacting you from time to time for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise our websites according to your interests.
  • To build up marketing profiles, to aid strategic development,
  • We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so. We may use your personal information to send you promotional information about third parties that we think you may find interesting if you tell us that you wish this to happen.
  • The personal data about the user will be used to create and secure the account, they may also be contacted about new features and relevant training and consultancy support.
  • The data imported into the software is only used for making subjects aware of COTAC’s developing information, events and services and is not used for any comparison across further software users or shared with any third parties.

5. How we store it:

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

  • Firewall and Antivirus across all PC’s
All data stored in COTAC’s Office and the server is backed up regularly with a further back-up on to two external hard drives retained in secure and separate locations.

Details from a form or website are downloaded, they are all stored in one place in our system and dated the download date.

Email Addresses:

All emails, both those who have consented to receive emails and those who have not (or those who have unsubscribed) are stored in an external mailing software and our internal system.

Email addresses are kept on our email marketing database so that we can keep a track of the status of the email as well as send emails to those who have consented to receive emails i.e. by subscribing to our mailing list. If you no longer wish to receive our emails, your email address will be kept in our systems in the form of a blacklist so that we do not contact you in the future.

6. How long we keep it:

We will keep your personal data on our records for an ongoing period for the reasons mentioned above, as long as you (the data subject) give consent for us to do so. If you no longer want us to keep your personal data, it is your right to request for its removal at any time.

7. Who it is shared with:

Your personal data will never be shared with any third parties or internationally, nor will it be accessible to any unauthorised persons as we have secure encryption and password controls in place to limit access to personal records.

8. Data Transfers:

All of our data is only processed and stored in the UK and no transfers to further countries will occur. Should this change, you will be updated immediately.

9. How we delete it:

In certain circumstances, you have the right to have your data deleted or ‘forgotten’. In order to delete your personal data from our records, you must request either verbally or in writing. All data will be deleted within this request excluding the email address. This will be placed in a blacklist for our records.

Data is deleted manually from all databases at the stated time. Our back-up servers are updated automatically and this is when the back-up servers will too have the data deleted.

10. Your rights as a data subject:

The GDPR provides the following rights for individuals:

  • The right to be informed
You have the right to be given information on how and why your personal data is being processed, such as this Privacy Notice. You are entitled to request this information both before and after providing consent to us, free of charge.
  • The right of access
You have the right to access your personal data at any time (this is called a Subject Access Request). You are entitled to receive confirmation that your data is being processed, have access to your personal data and information on how and why your data is processed. This right allows you to be aware of and confirm that we are processing your data legitimately.
  • The right to rectification
You have the right to have your personal data amended if it is inaccurate or incomplete. It is your right to have your request for rectification responded to within a month.
  • The right to erasure (the right to be forgotten)
You have the right to request the deletion or removal of your personal data. For example, you may request to have your data deleted/removed if your personal data is no longer necessary for the purpose it was originally collected/processed.
  • The right to restrict processing
You have the right to stop your personal data from being processed any further. This means that we are able to store your personal data, but not process it. We shall keep just enough information about you to make sure we can keep your restriction in place from this point on. (See emails as an example of this scenario).
  • The right to data portability
This right only applies to personal data you give to a controller (anyone who determines the reasons and ways of processing personal data), where your personal data is being processed because you have given consent or for the performance of a contract and when processing is carried out automatically.
  • The right to object
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics. You have the right to withdraw consent at any time.
  • Rights in relation to automated decision making and profiling
You have the right to request for reconsideration of your applications or request should a decision be made through an automated process. The information above has been sourced from the Information Commissioner’s Office (ICO). For their full guide to rights for individuals under the GDPR, please visit:
11. Complaints:

If you have a complaint about the way your personal data is being processed or for any other reason relating to your personal data, you have the right to lodge a complaint with a supervisory authority.

12. Subject Access Requests:

As per your right of access, you are entitled to request to see your personal data that is stored in our records. In order to do this, you must send us your request in writing, so that we may be able to tell you whether any of your personal data is being processed, provide you with a description of your personal data, the reasons for which it is being processed and whether it will be shared with any other party. You will also be given a copy of this information and the details of where it is available.

If you wish to use our Subject Access Request Form to make your request, please contact us at:

13. Links to other websites:

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites. Such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy statement applicable to the website in question.

14. Changes to our Privacy Notice:

If there are any changes to this Privacy Notice, we will notify you via email and it will be updated here.

15. How to contact us:

As noted above please contact us at:

We are happy to assist with any request you may have.

The Building Crafts College, Kennard Road, Stratford, London E15 1AH

UK registered charity 1162750    telephone 020 8522 1705 email