Training Records Retention Policy
Effective Date: 01/08/2025
Last Updated: 01/08/2025
Purpose
This policy outlines how Bloom Consultancy collects, stores, retains, and disposes of training records generated through our Learning Management System (LMS), hosted via Zoho Training Central. It ensures compliance with:
- General Data Protection Regulation (GDPR)
- Data Protection Acts 1988–2018 (Ireland)
- Relevant employment, health & safety, and industry-specific regulatory requirements
Scope
This policy applies to:
- All learners using the Bloom Consultancy LMS
- Corporate clients and their employees using our LMS under agreement
- Internal administrators managing training records
- Any third parties with approved access to training data (e.g. auditors, regulatory bodies)
Types of Training Records Maintained
We retain the following types of training data:
- Learner profile information (name, email, organisation, role)
- Course enrolments and participation logs
- Training completion status and certificates
- Quiz scores, assessment results, and feedback
- Date/time stamps of access, logins, and progress
- Technical records (e.g. IP address, device info for audit logs)
Retention Periods
Type of Record | Retention Period | Legal/Operational Justification |
Learner identity & course enrolment logs | 6 years | Employment law, audit readiness, HSA/WRC inspections |
Completion data & certificates | 6 years | Verification of mandatory training, H&S compliance |
Quiz scores and assessments | 3–6 years (varies by course) | Data minimisation + refresher training cycles |
Audit logs and access logs | 12 months (unless extended) | Cybersecurity and integrity of training records |
Support queries or issue records | 2 years | Customer service and internal review |
Note: For client organisations, these retention periods may be adjusted via contract.
Storage & Security
Training records are stored securely within Zoho’s cloud infrastructure, with access limited to:
- Authorised Bloom Consultancy staff
- Designated client administrators (where contractually agreed)
- Regulatory authorities (upon lawful request)
Data is encrypted in transit and at rest, and protected by role-based access controls and audit trails.
Deletion & Disposal
Once records reach the end of their retention period, they are securely deleted from the LMS in accordance with:
- Zoho’s data deletion protocols
- Our own internal data minimisation policy
- GDPR requirements on erasure and data lifecycle management
Manual deletions can also be requested by authorised client representatives.
Learner Access & Rights
All learners have the right to:
- Request a copy of their training history
- Request correction of inaccurate data
- Request erasure (subject to legal or contractual retention obligations)
To exercise your rights, contact:
Email: info@bloomco.ie
Data Sharing and Transfers
- With the learner’s employer or contracting client (for compliance or certification)
- With Zoho (as a Data Processor under strict GDPR-compliant terms)
- With auditors, regulators, or legal authorities (where legally required)
Data is stored within EU/EEA data centres, unless otherwise agreed and protected by Standard Contractual Clauses (SCCs).
Review and Updates
This policy is reviewed annually or upon major changes in legislation, LMS infrastructure, or client requirements.
Contact
For questions or data requests, please contact:
Data Protection Lead
Bloom Consultancy
Cork, T45YK68
info@bloomco.ie
