Privacy Policy how we handle your data
This policy explains what we collect, why we collect it, and the choices you have. We keep it as clear as possible, without hiding the important bits.
February 2026
Clear explanations, plus the legal bits where needed.
If your employer purchased training for you, we may process your details as part of compliance tracking and course delivery. See “Employer responsibilities” below.
Policy details
The information below explains how we collect, use, share, and protect personal data.
1. Who we are
Back to topTSTA (The Safety Training Academy Ltd) is a UK-based digital training provider delivering online compliance and safety e-learning solutions to businesses and individual learners.
2. Our commitment to data protection
Back to topTSTA is committed to protecting and respecting your privacy.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
3. What personal data we collect
Back to topWe collect personal data in the following ways:
- Information you provide to us (e.g. name, job title, company, contact details, billing address, account login credentials, training history, certificates, and correspondence).
- Information collected automatically when you use our website or LMS (e.g. IP address, device/browser, usage data, cookies/tracking).
- Business client data where an employer purchases training for you (e.g. name, work email, department, training requirements, completion status) used strictly for course delivery and compliance tracking.
4. How we use your data
Back to topWe use your personal data to:
- Provide access to our e-learning platform
- Deliver and manage training courses
- Issue certificates
- Track compliance for employer clients
- Process payments and invoices
- Respond to enquiries
- Improve our website and services
- Send relevant marketing communications (where consent applies)
5. Lawful basis for processing
Back to topWe rely on the following lawful bases under UK GDPR:
- Contractual necessity: to deliver purchased training
- Legal obligation: where compliance training is required by law
- Legitimate interests: to improve services and maintain platform security
- Consent: for marketing communications
6. Marketing communications
Back to topWe may send marketing emails relating to new courses, compliance updates, industry insights, and service announcements (where consent applies).
You may unsubscribe at any time via the link in our emails or by contacting us.
We do not sell or rent your data to third parties.
You can unsubscribe via the link in our emails or email courses@tsta.co.uk.
8. Data sharing
Back to topWe may share your data with trusted third parties where necessary, including:
- Learning Management System (LMS) providers
- Payment processors
- IT hosting providers
- Email marketing platforms
- Accreditation bodies (where certification is issued)
All third parties are required to process data securely and in compliance with UK GDPR.
We do not transfer personal data outside the UK without appropriate safeguards.
9. Data retention
Back to topWe retain personal data only for as long as necessary. Typical retention periods include:
- Learner records and certificates: up to 6 years
- Financial records: 6 years (for HMRC compliance)
- Marketing data: until consent is withdrawn
Where data is no longer required, it is securely deleted.
10. Data security
Back to topWe implement appropriate technical and organisational measures to protect personal data, including:
- Secure hosting environments
- Encrypted data transmission (SSL)
- Password-protected accounts
- Restricted staff access
- Regular security reviews
11. Your rights
Back to topUnder UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request erasure (where applicable)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent (where consent applies)
To exercise any of these rights, contact us at info@tsta.co.uk.
12. Complaints
Back to topIf you are not satisfied with how we handle your data, please contact us directly in the first instance.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk
You can lodge a complaint with the Information Commissioner’s Office (ICO). Website: ico.org.uk
13. Changes to this policy
Back to topWe may update this Privacy Policy from time to time to reflect legal, technical, or business changes.
The latest version will always be available on our website.
14. Employer responsibilities
Back to topWhere an organisation purchases training for employees, the organisation remains responsible for ensuring a lawful basis for sharing employee data with TSTA, informing employees that training data will be processed, and maintaining internal compliance policies.
TSTA acts as a data processor in such cases and processes employee data solely for delivering training and compliance reporting.
Contact us about privacy
For data protection matters, contact our Compliance Manager.
Tell us what you’d like to do (access, correction, deletion, restriction, objection, portability, or withdrawing consent) and include the email address associated with your account.
Tip: If you’re contacting us on behalf of someone else (e.g. an employee), include confirmation you’re authorised to make the request.
Looking for the Cookie Policy?
Cookies help with login, analytics, and performance. You can also manage cookies in your browser.