The National Skills Academy for Rail


We take you right to privacy seriously and want you to feel comfortable during any engagement that you have with NSAR. We ask you to provide personal information by which you may be identified and we would like to assure you that it will only be used in accordance with this Privacy Policy and only for the reason we have informed you about.

From 25 May 2018, the new EU General Data Protection Regulation (GDPR) came into effect. In order to comply with this law, NSAR has updated its Privacy Policy which provides detailed information on how we use and protect your personal information, and your rights in relation to this.

This Privacy Policy explains what we do with your personal data, whether we are in the process of recruiting you, continuing our relationship with you as an employee, or a member, providing you with a service, receiving a service from you, or you are visiting our website. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. It also applies to the emergency contacts of our Staff. For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data (“NSAR” or “us”) NSAR reserves the right to amend this Privacy Policy from time to time in line with legislative changes. If you are dissatisfied with any aspect of our Privacy Policy, please contact NSAR HR Manager.


You are required to supply your Data in order to register for our membership, newsletters, access to applications and services or where you have asked us to send you further information.

What kind of personal data do we collect?

Candidate Data

In order to recruit effectively we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, contact details, education details, employment history and financial information (where we need to carry out financial background checks). Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions. Should you be unsuccessful in your application we destroy your personal information within 12 weeks.

Employee Data

Organisations are required by law to hold certain personal data for their workforce such as records of workers joining them, their job title, contact details, pay and benefits and so on. NSAR collects as a minimum personal data relating to contact details, previous work history, proof of right to work in the UK, bank details, and terms & conditions of employment.

Member Data

If you are an active NSAR Member, we need to collect and maintain information about you and your organisation. We will ask that you submit any changes to these details once they are apparent.

Supplier Data

We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).

People Whose Data We Receive from Staff, Such as Referees and Emergency Contacts

In order to provide candidates with suitable employment opportunities safely and securely and to provide for every eventuality for them and our employees, we need some basic background information. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our employees.

Client Data

The main reason for using information about Clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. The more information we have, the more bespoke we can make our service.

Supplier Data

The main reasons for using Supplier data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

Employee Data

Employee records are necessary for the formulation and implementation of employment policies and procedures for recruitment, training, promotion, dismissal etc. Some of these are required by law and others enable personnel to monitor other processes. Accurate records help ensure that employees receive their correct pay, annual leave, pension and other entitlements and benefits. They can be used to monitor fair and consistent treatment of staff. We use referees’ personal data to help verify our Employee’s details and qualifications on commencement of employment. We use the personal details of an Employee’s emergency contacts in the case of an accident or emergency affecting that individual.

How do we use your personal data?

Your data will solely be used for the purpose specified at the time of collection.

How can you access, amend or take back the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact NSAR HR Manager or read the GDPR Procedure.

Children and privacy

Our Website does not target and is not intended to attract children under the age of 14. We do not knowingly solicit personal information from children under the age of 14 or send them requests for personal information.

What are cookies and how do we use them?

A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number. We use cookies in the following ways:

  • to help us recognise you as a unique visitor (just a number) when you return to our Website and to allow us to tailor content or advertisements to match your preferred interests; and
  • to track user traffic patterns to see how effective our navigational structure is in helping users reach that information and to help us ensure that its structure is workable; and
  • to compile anonymous, aggregated statistics that allow us to determine the usefulness of our Website information.

More information about cookies, including how to block them and/or delete them, can be found at You do not need to have cookies turned on to use or navigate through many parts of our Website, however this may limit some of the functions available on the Website and you may not be able to use all the interactive features.


How do we safeguard your data?

We take reasonable precautions to keep your Data secure. Such information is subject to restricted access to prevent unauthorised or unlawful access, modification or use and accidental loss, destruction, or damage. We will ensure any third parties to whom we send your data for processing on our behalf are obliged to comply with our own standards of security and to act only upon our instructions.

System Data

NSAR and your employer are committed to protecting and respecting your privacy.

This Privacy Policy sets out the basis on which any personal data we store on the web-based system will be processed by us. This includes your trainer / assessor account, if applicable, and your individual record on the system (called ‘Skills ID’). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Please note that this policy only relates to personal data stored on the NSAR system; your employer also has a policy for other personal data collected by it or not held on the NSAR system.

For the purpose of GDPR, NSAR and your employer are joint data controllers. NSAR is registered in England and Wales under company number 07484465 and data controller number Z2646486.

Information we collect from you

We will collect and process the following data about you:

  • Information that you provide which is necessary to allow you to register on the NSAR SkillsBackbone™ system (as well as any changes to this information). This is your name, gender, date of birth (trainers/assessors), year of birth (SkillsID holders), National Insurance number, your current employer and an e-mail address.
  • An e-mail address will be required as the NSAR system uses password automation for instances of an individual requiring a password reminder. In addition, a helpdesk will be provided should any problems be encountered with this process.
  • Information that you/your employers provide which, at your option, may be recorded on your NSAR account(s) (as well as any changes to this information). This may include your job title and functional area.

Where we store your personal data

Once your information is stored on the NSAR system, we will use strict procedures and security measures to prevent unauthorised access. For example, when your NSAR account is accessed over the internet by either us or your employer the delivery of information is executed using secure transport mechanisms. When not in transmission, all information you provide to us is stored on secure servers.

If you would like further information regarding the security of the NSAR system, please contact the nominated data control representative in your organisation or NSAR’s helpdesk.

Retention of Data

Once your information has been uploaded onto the NSAR system, it will remain accessible while you are employed by your employer or whilst you remain an active Trainer/Assessor. ‘Archiving’ means that your NSAR account(s) has been removed to a separate area on the NSAR system and is not accessible to anyone except NSAR. Your Trainer/Assessor account will be archived if you cease to be sponsored by any approved Sentinel training/assessment provider or if your employing training/assessment organisation withdraws from the NSAR scheme.

Your system account will be archived in the two circumstances:

  • where there has been no change or access to it within 5 years; or
  • where you cease to be employed by your employer

After archiving, one of three things will happen to your account:

  • where an account is not ‘unarchived’ within 5 years, it will be stored on a disc in accordance with current legislation in this area; or
  • on obtaining a job with a new employer, your account will be reactivated by them if they subscribe to SkillsID. Your account will be unarchived, with your training and qualification records being transferred to your new employer
  • trainer/assessor accounts will be reactivated by NSAR when you begin training/assessing with a new employer or sponsor. However, NSAR may require you to reapply for approval depending on how long you were inactive for.

Uses Made of This Information

We use information held about you in the following ways:

  • to process and approve your application to become an NSAR approved Trainer/Assessor
  • to manage your approved trainer / assessor status including monitoring your CPD
  • to allow you (via your employer and approved training providers) to record that you have completed training and qualifications
  • to allow new employers (after you commence employment with them) to confirm your training and qualifications by reviewing your Skills ID records.

If NSAR needs to contact you it will use the email information provided on your account.

Access to information

The GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the GDPR. Please address any requests to NSAR Data Protection Controller at NSAR’s head office address.

Trainers/Assessors are able to access information held about them via their Trainer /Assessor account. As a SkillsID holder you will be able to access some of this information yourself (i.e. your training and qualification records), unless your account has been archived. If you are not able to access your account, then you can also ask your employer for assistance in accessing your SkillsID.

Changes to the privacy policy

Any changes we may make to this Privacy Policy in the future will be notified to you by post or by e-mail unless:

  • your Trainer/Assessor account has been permanently deleted (after being archived)
  • your Skills ID has been permanently deleted (after being archived); or
  • you have moved to a new employer (and this privacy policy has been superseded with one provided to you by your new employer).

Changes to the privacy policy

Any changes we may make to this Privacy Policy in the future will be notified to you by post or by e-mail unless:

  • your Trainer/Assessor account has been permanently deleted (after being archived)
  • your Skills ID has been permanently deleted (after being archived); or
  • you have moved to a new employer (and this privacy policy has been superseded with one provided to you by your new employer).


If you wish to unsubscribe from NSAR communications follow the unsubscribe link sent with all NSAR electronic communications or alternatively by email your request to unsubscribe request to

Data protection

We are registered as a data controller with the Information Commissioner. If you have any further questions or concerns about our collection, use, or disclosure of your personal information, please write to the Data Protection Officer, the National Skill Academy for Rail Ltd, 11 Carteret Street, London SW1H 9DJ.


We use our reasonable endeavours to make sure information on this Website is accurate and up to date but before you rely on anything please contact us or double check the information from another source.

This Website also contains links to external Internet websites. We have included such links for your ease of reference but please note that we have no control over the contents of these websites and do not endorse their content and cannot accept responsibility for them. You access such websites at your own risk.

© 2021 Copyright National Skills Academy for Rail