ZISHI – FSTP Limited Privacy Notice

This privacy notice was updated on 26/5/2021

As part of our effort to deliver on – the – ground training and graduate programmes, exclusive eLearning courses, certified qualifications, consultancy and coaching, ZISHI-FSTP collects and processes personal data relating to training attendees, Traders and attendees representatives. We are committed to being transparent about how we collect and use personal data and how we meet our data protection obligations.

Please read the following carefully prior to using the Website or the Service in order to understand how we will safeguard your personal information and how that information may be collected, used, or shared.

ZISHI-FSTP is the controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, including by phone, email, and post.

Our postal address:

Bromley (Head Office)
21-25 North Street

T: +44 203 326 9050

For general contact please use this page of our website.

We have appointed a data protection officer (DPO) to oversee compliance of data protection laws. Our DPO can be contacted at gdpr@thezishi.com.

How We Use Your Information

With respect to our Website, we may use the information we collect in the following ways:

  • To better understand how visitors interact with the content on our Website so that we may optimize that content and its location to provide the best visitor experience.
  • To better understand what technology visitors are using to interact with our Website so that we may optimize our Website for you.

With respect to other services, we will collect and process your personal data to provide you required training, coaching and consultancy services and certification. Data will be stored in a range of different places, including on management systems, third party systems (LMS) and on other IT systems (including email).

What information do we collect?

We may collect some or all of the following types of information from and about visitors to our Website:

  • Information that is about you but does not personally identify you, including, but not limited to, information about your web browser, language preference, referring site, and the date and time of each visitor request.
  • Information that is about you and can potentially be used to identify you, including, but not limited to, your internet protocol (IP) address.
  • Aggregated statistics about the behavior of visitors.

If you are a client of ZISHI-FSTP we may collect the following information:

  • Name;
  • Contact details (phone, email, address)

When Clients refer you to us for a service we may collect the following information.

  • Name;
  • Contact details (phone, email, address)
  • identification number;
  • location data;
  • an online identifier

Other personal data may be collected from third parties for specific purposes; for instance, we may receive your name and contact details from your education provider in order to set up an account.

Lawful basis for processing your data:

Contract: Where Data is collected for the purpose of fulfilling a contract with a client, we will use your Data on the basis that processing is necessary to fulfil that contract and on the understanding that client has obtained all necessary consents from you.

Legitimate Interest: Where we have a legitimate interest (which you may object to at any time) to process Data, we will use your Data on the basis that we have legitimate interest to do so which is not overridden by your rights and freedoms, which may include the following types of processing

  • help us identify you so we know who we are talking to;
  • help prevent and detect fraud or loss;
  • assess risk, carry out market research, statistical analysis, test systems, improve our services; and
  • train staff and monitor our services. This may mean that we record our conversations or our correspondence with you to make sure we are providing you with a good service and to make sure we keep to our legal and regulatory obligations.

Legal Obligation: Where we are required to process Data in order to comply with our legal obligations, we will use your Data on the basis that it is necessary to do so for the purposes of legal compliance, which may include storing your Data in order to establish, exercise or defend legal claims within the relevant statutory limitation periods.

Consent: your consent will be obtained for processing that requires such consent.

Who has access to your data?

We may disclose your personal information to any of our subsidiaries, affiliates or their successors or assigns, contractors, service providers, or other third parties that we use to support our business or that we partner with in order to provide you with additional features or services. Any entity with whom your personal information is disclosed is authorized to use that data solely as needed in order provide you with services. We do not sell your personal information.

We may also disclose your personal information to comply with any applicable law, regulation or government request or to protect our rights or the rights of our customers, users, partners, or others.

In the event that we sell all, or substantially all, of our assets to a third party, your personal data held by us will be transferred as part of the sale and we will endeavor to provide you with notice of such event.


Divert Digital Ltd

Divert Digital is our IT service partner. They are hosting, upgrading, patching and updating our website so they need to have access to your data among other things. Divert Digital privacy policy can be accessed here – https://www.divertdigital.com/privacy-policy.

How does ZISHI-FSTP protect your data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

Where we have need to share your data with third party organisations, we ensure it is with your consent and transferred via secure transmission methods.

Transfers of personal data outside the European Economic Area (EEA)

Given the international dimension of ZISHI-FSTP, and in order to optimize the quality of our services, the communication of information mentioned above may involve the transfer of personal data outside the UK whose legislation on the protection of personal data is different from that of the UK.

Where we transfer personal data outside the EEA (except where the concerned country has been officially recognized by the UK Government as ensuring that personal data has an adequate level of protection equivalent to the UK standard), we will ensure that the transferred data is protected by suitable Standard Contractual Clauses or other appropriate safeguards referred to in the Data protection Act (2018) and the GDPR.

For how long does ZISHI-FSTP keep data?

We will only retain personal data for as long as necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any contract, legal, accounting, reporting requirements, or to comply with internal policy requirements.

Your rights under the Data Protection Act (2018):

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party. This only applies to information you have given us.

If you want to review, verify, correct, request erasure or object to the processing of your personal information; request that we transfer a copy of your personal information to another party; or if you have any general queries about how we handle your personal data, please email: gdpr@thezishi.com.

Data protection officer

We have appointed a data protection officer (DPO) to oversee compliance of data protection laws. Our DPO can be contacted at gdpr@thezishi.com.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane


Do we share your data with anyone?

We do not share, sell, rent, or trade your information with any third parties without your consent, except from what is described below:

Divert Digital Ltd

Divert Digital is our IT service partner. They are hosting, upgrading, patching and updating our website so they need to have access to your data among all other things. Divert Digital privacy policy can be accessed here – https://www.divertdigital.com/privacy-policy.

LinkedIn, Twitter

LinkedIn and Twitter are social networks. Integration of social network components allows them to track which page on our site you are accessing, but only if you are logged in to their account. If you do not wish this, please log out of your social network accounts before browsing the web.

LinkedIn privacy policy can be accessed here –


Twitter privacy policy can be accessed here – https://twitter.com/privacy?lang=en.

Google Analytics

When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Your right to complain with a supervisory authority

If you are unhappy with the way in which your personal data has been processed, you have the right to contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issueshttps://ico.org.uk/concerns/.We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at info@fstp.co.uk .

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

Modern Slavery Statement

Introduction from Partners of FSTP Limited

Modern slavery and human trafficking is abhorrent to all honest and decently minded business owners.  The partners of FSTP feel very strongly that we must take responsibility and be alert to the risks, however small, in the business and the wider supply chain of businesses we are involved with.

FSTP Limited

This statement is aligned to the requirements of section 54 of the Modern Slavery Act 2015 and constitutes our slavery and human trafficking statement.

FSTP is a Limited company providing training and consultancy services to businesses requiring our support.  Our primary client base consists of UK Financial services regulated firms however our RoATP status for the provision of Apprenticeships affords us the opportunity to work with businesses that are not FS regulated and thus widens the contact and potential service provision to firms predominantly in the UK.

FSTP’s 3 partners employ 5 FTE staff and contracts with vetted Consultants to deliver services.

Our Approach

Through our Code of Conduct we define a high standard of ethical behaviour for all of those who represent FSTP and our whistleblowing arrangements encourage all employees and contractors to report any concerns related to activities or the supply chains including risk of slavery or human trafficking.

We are committed to preventing acts of modern slavery and human trafficking within our business and we expect our supply chain to adopt a similar approach and support a zero-tolerance approach to modern slavery.

We expect our suppliers and client firms to ensure:

  • Living wage is paid
  • No forced or child labour
  • Freedom of association
  • Health and safety arrangements are sufficient to protect all employees and contractors in their working environment

Where required a Modern Slavery Statement is published and freely accessible