1. Introduction
This Privacy Policy explains how Baby & Child First Aid Course (“we”, “us”, or “our”) collects, uses, and protects your personal data when you use our services, sign up for our courses, or subscribe to our marketing communications.
We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the UK GDPR, the EU GDPR, and the Data Protection Act 2018.
2. What data we collect
We may collect the following personal information from you:
  • Full name
  • Email address
  • Phone number
  • Any additional details you voluntarily provide when signing up for a course or newsletter.
We do not collect any sensitive personal data (such as health information or payment card details) unless explicitly required and consented to.
3. How we use your data
We process your personal data for the following purposes:
  • To provide you with access to the Baby & Child First Aid Course materials.
  • To send you course-related information, updates, and instructions.
  • To communicate with you regarding our products, promotions, and upcoming courses (if you have opted in to receive marketing).
  • To improve our services and user experience.
4. Legal basis for processing
We rely on the following legal bases under the UK and EU GDPR:
  • Performance of a contract: when processing your data to provide course access or related services.
  • Consent: when you agree to receive marketing emails or SMS messages.
  • Legitimate interest: when improving our website or communicating basic service updates.
5. Marketing communications
If you have opted in, we may use your email and/or phone number to send marketing messages about our products and services.
You can opt out of marketing at any time by clicking “Unsubscribe” in our emails or replying “STOP” to SMS messages.
6. Data retention
We will keep your personal data only as long as necessary to:
  • Provide you with our services, and/or
  • Comply with legal and regulatory requirements.
Once the retention period ends, we securely delete or anonymize your information.
7. Sharing your data
We do not sell your personal information.
We may share your data with trusted third-party service providers who help us deliver emails, SMS, or course access (for example, email marketing platforms or learning management systems).
All third parties are bound by data processing agreements ensuring GDPR compliance.
8. International data transfers
If your data is transferred outside the UK or EU (for example, to a secure cloud provider), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK’s International Data Transfer Addendum.
9. Your rights
Under the GDPR, you have the following rights:
  • Access your personal data
  • Correct inaccuracies
  • Request deletion (“right to be forgotten”)
  • Withdraw consent for marketing
  • Request data portability
  • Lodge a complaint with your local Data Protection Authority (e.g., the ICO in the UK)
To exercise these rights, contact us at [insert contact email].
10. Security
We use appropriate technical and organisational measures to protect your personal data against loss, misuse, or unauthorised access.
11. Changes to this Privacy Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated “Last updated” date.