Privacy Policy

STS First Aid Privacy Policy

Data Controller
STS First Aid (Trading name of STS Complete Health and Safety Ltd).

STS Data Protection Officer
Dave Simpson

Legal Basis

STS offers a range of first aid and safety training services to customers operating in various sectors throughout the UK. As such, has a legitimate business interest in capturing, processing and retaining data from customers who have requested training services from the company for a mutually beneficial purpose.

STS undertakes to capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including the UK Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR).

Data Transfers

STS will carry out all necessary due diligence to ensure that all data transfers to third parties/partners (Tutors)  are carried out securely and that all necessary safeguards are in place to ensure data security. STS will also ensure that third parties/partners are fully aware of their responsibilities to ensure GDPR compliance when processing customer data transferred to them.

STS will not transfer personal data to any other company or organisation without your prior consent, with the exception of:

– Awarding Organisations through which STS are approved for the purposes of awarding qualifications, issuing certificates and supporting quality assurance and investigation activity
the Qualification Regulators.
– Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing).
– Secure and reputable third party advertising services used to deliver our own marketing messages

Data Subjects

STS will capture, process and retain data from the following categories of Data Subjects:

Customers (based in the UK and EEA)

STS will initially capture, process and retain customer (business and individual Learner) data obtained through telephone, e-mail or online communication when a customer requests course information, a quote for training services or wishes to make a course booking. This data will be used for the purposes of:

  • Creating a customer profile on our secure data systems (Data is encrypted using 256-bit encryption via Comodo security (SSL) cert).

  • Automatically sending e-mails to customers regarding quotes, bookings and requalification reminders.

  • Processing customer orders/bookings.

  • Creating and issuing customer invoices.

  • Collecting payments.

  • Monitoring order and customer account statuses.

  • Debt chasing.

  • Marketing activity (data provided such as company location, work sector and previous booking records may be profiled by STS to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure e-mail management system).

  • Staff training, internal auditing, dealing with complaints (including carrying out investigations) and customer queries (all inbound and outbound customer calls are recorded for these purposes).


STS will capture Learner assessment data from assessments carried out during and after training courses have taken place. This assessment data will be transferred to the relevant Awarding Organisations (e.g. Qualsafe Awards) for the purposes of awarding qualifications and issuing certificates to Learners, carrying out quality assurance activity or investigation activity and responding to requests for information from the Qualification Regulators (Ofqual, Qualifications Wales, Council for the Curriculum, Examinations and Assessment). STS will also receive data through Learner Feedback Forms submitted after course completion. The data on their perception of the standard of any course delivered will be used for internal review and quality assurance purposes.

STS may also receive appeals form Learners who want to challenge assessment decisions that have been made by the Trainers/Assessors who assessed their work during training. The data provided will be used for the purposes of

  • Acknowledging receipt of the appeal.

  • Reviewing the assessment decisions made by the Trainer/Assessor.

  • Making decisions based on the review carried out.

  • Informing the appellant of the outcome of the appeal.

  • Revising assessment outcomes and informing the relevant parties.


STS has a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by STS. When receiving the details of any complaint, STS will use the data provided for the purposes of:

  • Logging and processing the details of the complaint.

  • Carrying out and investigation into the scenario outlined in the complaint.

  • Making decisions based on the findings of any investigation.

  • Informing the complainant of the outcome of their complaint.

  • Informing any affected parties of the outcomes and actions required (should there be any).

STS customers and learners have the right to withdraw consent to hold their data at any time.

Data Retention

When a customer makes a purchase, STS will retain the data captured on our in-house systems (on secure servers) indefinitely for the purposes of:

  • Fulfilling the contract with the customer.

  • Providing an auditable customer transaction trail.

  • Providing historical data for accounting purposes.

  • Responding to HMRC financial information requests.

  • Reviewing and improving services and processes.

  • STS will retain all Learner assessment data for a period of at least three years from the point of registration in line with regulatory requirements.

Individual Rights

STS will capture, process and retain personal data in line with DPA and GDPR requirements. Your individual rights in line with these requirements include the:

  • Right to be informed of how we use and process your personal data.

  • Right of access to any personal data that we retain about you.

  • Right to rectification of any personal data that we retain about you that you believe to be inaccurate.

  • Right to erasure when there is no legal justification or legitimate business interest allowing us to retain your personal data.

  • Right to restrict processing of personal data if, for example, you think that personal data we retain about you is inaccurate or we have no legal justification or legitimate business.

  • Interest to continue to retain and process your personal data. Rather than request erasure, you can make the request to restrict processing.

  • Right to data portability should you want to move, copy or transfer your personal data from one source to another.

  • Right to object when personal data is processed due to legitimate business interest or performance of a task in the exercise of official authority, direct marketing and research and/or statistical analysis.

  • Rights associated with automated decision making and profiling which allow you to obtain human intervention in any such process, express your points of view on decisions or outcomes made about you and obtain an explanation of any decisions made and subject them to challenge.

  • Right to withdraw consent to hold your personal data at any time.

  • Right to lodge a complaint with a supervisory authority should you be dissatisfied with how we have managed your personal data (the Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest).

Subject Access Requests

In line with these individual rights, anyone who wishes to make a formal Subject Access Request to STS for the purposes of requesting personal data or taking some action with respect to the personal data that is held about them should submit the request in writing to Dave Simpson, STS First Aid Data Protection Officer either in writing by post to STS, Enfield Business Centre, 201 Hertford Road, Enfield EN3 5JH or emailing