Data Protection Policy

Heartbeat Training Ltd

1. Policy Statement

Heartbeat Training Ltd ("the Company") is committed to ensuring the security and protection of the personal data that it processes, and to providing a compliant and consistent approach to data protection in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection legislation.

2. Scope

This policy applies to all employees, contractors, associates, and third parties who have access to personal data held by the Company. It covers all personal data collected, stored, processed, and destroyed by the Company in the course of its operations.

3. Key Definitions

- Personal Data: Any information relating to an identified or identifiable individual.- Data Subject: The individual whose personal data is being processed.- Processing: Any operation performed on personal data (e.g., collection, storage, use, disclosure, erasure).- Data Controller: The organisation or individual that determines the purposes and means of processing personal data.- Data Processor: An organisation that processes personal data on behalf of the Data Controller.

4. Data Controller

The Data Controller for Heartbeat Training Ltd is:Alan RalfsEmail: alanhbt@gmail.comPhone: 07971797462

5. Legal Basis for Processing

Heartbeat Training Ltd ensures that personal data is processed lawfully, fairly, and transparently. Data will be collected and processed based on one or more of the following lawful bases:- The performance of a contract- Compliance with a legal obligation- Consent- Legitimate interests- Vital interests- Public task

6. Types of Personal Data Collected

Heartbeat Training Ltd may collect and process the following personal data:- Name, contact details (email, phone number)- Date of birth (where required for certification)- Training history and qualifications- Special requirements or health information (when necessary for accessibility or safety)- Payment details for course fees

7. Purpose of Data Processing

Personal data is processed for the following purposes:- Course registration and administration- Certification and accreditation- Communication about training, updates, and events- Compliance with legal and contractual obligations- Internal quality assurance and evaluation

8. Data Subject Rights

Under UK GDPR, data subjects have the following rights:- Right to access their personal data- Right to rectify inaccurate data- Right to erasure ("right to be forgotten")- Right to restrict or object to processing- Right to data portability- Right to withdraw consent at any time (where consent is the lawful basis)- Right to lodge a complaint with the Information Commissioner’s Office (ICO)

9. Data Sharing and Disclosure

Personal data will only be shared with:- Awarding bodies (e.g., for certification)- IT and administrative service providers (under data processing agreements)- Legal or regulatory authorities when requiredHeartbeat Training Ltd will never sell or rent personal data to third parties.

10. Data Retention

Heartbeat Training Ltd will retain personal data for as long as necessary for the purposes for which it was collected, or as required by law or accrediting organisations. Specifically, data relating to healthcare professionals’ training will be retained for a minimum of 5 years to support CPD (Continuing Professional Development) verification where required. Once data is no longer required, it will be securely deleted or anonymised.

11. Data Security

Appropriate technical and organisational measures are in place to protect personal data from loss, misuse, unauthorised access, disclosure, alteration, or destruction. This includes:- Secure storage systems and encryption- Password-protected accounts- Staff training and awareness- Access control and data minimisation

12. Data Breach Management

In the event of a data breach, the Company will follow its Data Breach Response Plan. Serious breaches will be reported to the ICO within 72 hours, and to affected individuals where required.

13. Staff Responsibilities

All employees and associates must:- Understand and comply with this policy- Report any suspected data breaches immediately- Complete regular data protection training

14. Policy Review and Updates

This policy will be reviewed annually or in response to changes in legislation or company operations. Heartbeat Training Ltd reserves the right to make changes without prior notice where necessary.

15. Contact Information

For any queries related to this policy or data protection in general, please contact:Data Controller: Alan RalfsEmail: admin@heartbeatmed.co.uk