Privacy Policy

Progress in Health Ltd (“we”, “us”, “our”) operates the Progress in Health continuing professional development platform at progressinhealth.co.uk. We are the data controller for personal data collected through this website.

You can contact us regarding data protection matters at: contact@prehospitalcpd.co.uk

We collect the following categories of personal data:

Account information — your name, email address, job title, and organisation when you register an account.

Learning data — courses you enrol on, modules you complete, quiz scores, notes you write, and questions you ask on modules.

Certificate records — details of CPD certificates issued to you, including completion date and the unique verification code.

Payment data — if you purchase a paid course, payment is processed by our payment provider (Stripe). We do not store full card numbers. We retain a record of the transaction amount and date.

Usage data — pages visited, device type, browser, and general access logs retained for security and platform improvement.

Communications — any messages you send to us via email or support channels.

We use your personal data for the following purposes:

• Creating and managing your account and providing access to courses you have enrolled on.
• Issuing, storing, and enabling third-party verification of CPD completion certificates.
• Processing payments for paid courses and maintaining transaction records.
• Sending transactional emails (account confirmation, certificate notification). We do not send unsolicited marketing emails.
• Improving the platform by understanding how content is used in aggregate.
• Complying with our legal obligations, including maintaining financial records.

We rely on the following lawful bases under UK GDPR:

Contract — processing necessary to provide the service you have signed up for, including account management, course access, and certificate issuance.

Legitimate interests — security logging, fraud prevention, and aggregate analysis of platform usage to improve our service, where these interests are not overridden by your rights.

Legal obligation — retaining transaction records as required by HMRC and applicable financial regulations.

Consent — where we ask for your explicit consent for a specific optional purpose, such as receiving newsletter communications. You may withdraw consent at any time.

When a CPD certificate is issued, a publicly accessible verification page is created at progressinhealth.co.uk/verify/[code]. This page displays your name, the course title, and the date of completion — sufficient for a third party (such as an employer or regulatory body) to confirm the certificate is genuine.

The verification page is intentionally accessible without authentication. If you do not wish your certificate to be publicly verifiable in this way, please contact us and we will discuss your options.

We do not sell your personal data. We share data only with the following categories of third parties, all bound by data processing agreements:

• Hosting and infrastructure — our platform runs on cloud infrastructure (Vercel / Cloudflare). Data is stored within the UK or EEA.
• Payment processing — Stripe Inc. processes card payments. Their privacy policy is available at stripe.com/gb/privacy.
• Email delivery — transactional emails (account confirmation, certificates) are sent via Resend. Only your email address and the content of that specific email are shared.
• Legal and regulatory — we may disclose data if required by law, court order, or regulatory authority.

We do not share your data with course authors or any third party beyond the above.

We retain your personal data for the following periods:

• Account and learning data — retained for as long as your account is active and for 3 years after account deletion, to support certificate verification requests.
• Certificate records — retained indefinitely to allow ongoing third-party verification of issued certificates, unless you request deletion.
• Financial transaction records — retained for 7 years in accordance with HMRC requirements.
• Security logs — retained for up to 90 days.

You have the following rights regarding your personal data. To exercise any of these rights, contact us at contact@prehospitalcpd.co.uk. We will respond within one calendar month.

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your data where there is no overriding legal basis for retention. Note that we may be unable to delete certificate records if they are needed for ongoing verification.
• Right to restrict processing — request that we limit how we use your data in certain circumstances.
• Right to data portability — request your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, withdraw at any time without affecting prior lawful processing.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We use cookies that are strictly necessary for the platform to function, including your authentication session cookie. We do not use tracking or advertising cookies.

We may use analytics cookies to understand aggregate usage of the platform. Where we do, we will ask for your consent before setting these. See our Cookie Policy for full details.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), hashed password storage, and access controls limiting who within our organisation can access personal data.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by UK GDPR.

This platform is intended for healthcare professionals and students aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. Where changes are material, we will notify registered users by email. The “last updated” date at the top of this page always reflects the current version. Continued use of the platform after a change constitutes acceptance of the updated policy.

For any questions about this Privacy Policy or how we handle your personal data:

Progress in Health Ltd
contact@prehospitalcpd.co.uk

To report a concern to the ICO: ico.org.uk/make-a-complaint