Privacy Policy

Privacy Policy

Last updated: 24 April 2026

foodsafetycourses.uk (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly. This policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over your data.

Please read this policy alongside our Cookie Policy and Terms & Conditions.

1. Who we are

foodsafetycourses.uk is a trading name of a sole trader based in the United Kingdom. For the purposes of UK data protection law, we are the data controller for personal data collected through this website.

  • Trading name: foodsafetycourses.uk
  • VAT number: GB 486 2518 63
  • ICO registration: ZA138797
  • Contact: [email protected]
  • Postal address: available on our Contact page

2. What this policy covers

This policy applies to personal data we collect when you:

  • visit our website;
  • purchase a course from us;
  • create an account;
  • subscribe to our newsletter;
  • contact us through a form, by email or by phone.

It does not cover third-party websites you may reach through links on our site. Those are governed by their own privacy policies.

3. What personal data we collect

Depending on how you interact with us, we may collect:

  • Identity and contact data — your name, email address, billing and delivery addresses, phone number, and (where provided) job title and company name.
  • Account data — if you create an account, your username and hashed password.
  • Transaction data — details of the courses you have purchased, order dates, amounts, and the date(s) you selected for attendance.
  • Payment data — we do not store your card details. Payments are processed by Stripe, and card information is sent directly to Stripe by your browser. We receive only the transaction result (success or failure) and the last four digits of the card for our records.
  • Correspondence data — the content of messages you send us and our replies.
  • Technical data — IP address, browser type and version, device information, and pages visited. This is collected automatically through server logs, security plugins, and analytics.
  • Marketing preferences — your consent (or withdrawal of consent) to receive our newsletter.

We do not knowingly collect special category personal data (such as health information or criminal convictions) through this website.

4. How we use your personal data and our lawful basis

Under UK GDPR we must have a lawful basis for each use of your personal data. Our uses and their bases are:

Purpose Lawful basis
Taking your order, providing access to the course and delivering the service you have purchased Performance of a contract
Processing payments Performance of a contract
Sending order confirmations, receipts, and course joining instructions Performance of a contract
Complying with our legal obligations (VAT records, accounting, responding to lawful requests) Legal obligation
Responding to enquiries you send us Legitimate interest (running our business and replying to potential customers)
Protecting our website and systems from fraud and abuse Legitimate interest (security of our business and our customers)
Sending our newsletter and marketing emails Consent (you can withdraw this at any time — see section 10)
Measuring how visitors use our site in order to improve it Consent (via our cookie banner)

5. Who we share your data with

We share your personal data only with trusted service providers who help us run our business, and only to the extent necessary for them to do so. Each provider is contractually required to protect your data and to use it only for the purposes we instruct.

  • 1stc.uk (course provider) — we are a reseller of accredited training courses delivered by 1stc. When you purchase a course, we pass your name, email address, any company or job-title details you have given, and the course and date you have booked to 1stc so they can enrol you, issue joining instructions, deliver the training and produce your certificate. 1stc acts as the data controller for the portion of the booking relating to course delivery and certification, and their privacy policy is available on their website.
  • Stripe — payment processor. Stripe’s privacy policy is available at stripe.com/privacy.
  • Rivmedia Digital Services — our website host and technical support provider, based in the UK.
  • Google — we use Google Analytics 4 (subject to your cookie consent) to measure site usage. See section 7 for details on this transfer.
  • Email service providers — we use reputable providers to send transactional emails (order confirmations) and, where you have opted in, our newsletter.
  • Wordfence — our website security plugin. It processes IP addresses to block malicious traffic.
  • Professional advisers — our accountant, where necessary for tax and bookkeeping purposes.
  • Law enforcement or regulators — where we are required to disclose data by law or to protect our legal rights.

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

6. Cookies and analytics

We use cookies and similar technologies to make the site work, to remember your preferences, and (with your consent) to measure how the site is used. Strictly necessary cookies are set without consent because the site cannot function without them; all other cookies are only set after you accept them via our cookie banner.

For a full list of the cookies we use and their purposes, please see our Cookie Policy.

7. International transfers

Our website, our host, our payment processor (Stripe UK) and the majority of our service providers are based in the United Kingdom or the European Economic Area.

Google Analytics may transfer some data (such as IP addresses and usage events) outside the UK, including to the United States. Where this happens, Google relies on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses to safeguard the transfer. You can read more in Google’s privacy policy. If you do not wish for your data to be transferred in this way, you can decline analytics cookies via our cookie banner.

8. How long we keep your data

We keep your personal data only for as long as we need it for the purpose for which it was collected, or as required by law. In practice:

  • Customer and order records — kept for 7 years after the end of the financial year in which the order was placed, to comply with HMRC record-keeping requirements.
  • Account data — kept for as long as your account is open. You can close your account at any time by contacting us.
  • Newsletter subscriptions — kept until you unsubscribe, after which we retain a record of your unsubscribe request so we do not contact you again.
  • Contact form and email enquiries — typically kept for up to 2 years, unless they relate to an ongoing matter.
  • Security logs (Wordfence, server logs) — kept for up to 6 months.
  • Analytics data — Google Analytics retention is set to the shortest period permitted by the tool.

9. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right to be informed — which this policy is designed to satisfy.
  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure — you can ask us to delete your data, subject to certain legal exceptions (for example, we must keep invoicing records for 7 years).
  • Right to restrict processing — you can ask us to pause processing your data in certain circumstances.
  • Right to data portability — you can ask for the data you have given us in a structured, commonly-used, machine-readable format.
  • Right to object — you can object to processing based on legitimate interests, and to any direct marketing.
  • Rights related to automated decision-making — we do not use automated decision-making or profiling that has legal or similarly significant effects.

To exercise any of these rights, email [email protected]. We aim to respond within one month.

You also have the right to complain to the UK’s data protection regulator, the Information Commissioner’s Office (ICO), if you believe we have mishandled your data. The ICO can be contacted at ico.org.uk or on 0303 123 1113. We would appreciate the chance to address your concerns before you approach the ICO, so please consider contacting us first.

10. Marketing and unsubscribing

If you have subscribed to our newsletter, every marketing email we send includes an unsubscribe link at the bottom. Clicking it will remove you from our marketing list immediately. Transactional emails (order confirmations, receipts, course joining instructions) are not marketing and will continue to be sent while you have an active order with us.

You can also unsubscribe at any time by emailing [email protected].

11. Children

Our services are intended for adults working in, or preparing to work in, the food industry. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with their data, please contact us and we will delete it.

12. Security

We take appropriate technical and organisational measures to protect your personal data, including encrypted transmission (HTTPS across the whole site), secure hosting, regular software updates, a web application firewall, and access controls on our administrative systems. Payment card data is never stored on our servers and is handled entirely by Stripe, which is certified to PCI-DSS Level 1.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our services, our service providers, or the law. When we do, we will update the “last updated” date at the top of this page. For significant changes we will notify customers by email where we have their address.

14. Contact us

If you have any questions about this policy, or about how we handle your personal data, please email [email protected] or use the contact form.