REACT – GDPR & Data Protection Policy
1. Introduction
REACT (Resuscitation, Emergency & Acute Care Training) is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We ensure that all personal data is handled lawfully, transparently, and securely.
2. Who We Are
REACT is a UK-governed global medical education provider delivering training through a blended learning model (online and face-to-face).
Data Controller:
REACT Global Education Ltd
[Insert registered address] Please add Hinckley address – where REACT is registered to
3. What Data We Collect
We may collect and process the following personal data:
a. Personal Identification Data
- Full name
- Email address
- Phone number
- Job title / organisation
b. Professional & Training Data
- Course bookings and attendance
- Assessment results and certifications
- Professional registration details (if applicable)
c. Payment Information
- Billing address
- Payment details (processed securely via third-party providers such as Stripe – we do not store full card details)
d. Technical Data
- IP address
- Browser type
- Usage data (via cookies and analytics tools)
4. How We Use Your Data
We use your data to:
- Process course bookings and payments
- Deliver training and assessments
- Issue certificates and maintain training records
- Communicate course updates and essential information
- Improve our services and user experience
- Comply with legal and regulatory obligations
5. Legal Basis for Processing
We process your data under the following lawful bases:
- Contractual necessity – to deliver training services
- Legal obligation – for compliance and record keeping
- Legitimate interests – to improve services and manage operations
- Consent – for marketing communications (where applicable)
6. Data Sharing
We may share your data with:
- Accredited faculty and trainers (for course delivery)
- Payment providers (e.g. Stripe)
- Learning Management System (LMS) providers
- Regulatory or accreditation bodies (where required)
All third parties are required to handle your data securely and in compliance with GDPR.
7. International Data Transfers
As a global education provider, your data may be processed outside the UK.
Where this occurs, we ensure appropriate safeguards are in place, such as:
- UK-approved standard contractual clauses
- Working with GDPR-compliant providers
8. Data Retention
We retain your data only as long as necessary:
- Training and certification records: up to 6–8 years (for verification purposes)
- Financial records: as required by UK law
- Marketing data: until you withdraw consent
9. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data (“right to be forgotten”)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
To exercise your rights, contact:
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Secure servers and encrypted systems
- Restricted access to authorised personnel only
- Regular system monitoring and updates
11. Cookies
Our website uses cookies to enhance user experience and analyse performance.
You can manage cookie preferences via your browser settings.
12. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
13. Updates to This Policy
We may update this policy from time to time. Updates will be published on this page.