First Aid Training Barbados

Privacy Policy

Privacy Policy for First Aid Training Barbados

Effective Date: 28th May 2025

First Aid Training Barbados (“we,” “us,” or “our”) operates the website firstaidtrainingbarbados.com. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit and interact with our website and services. We are committed to protecting your privacy and handling your personal data in accordance with the Barbados Data Protection Act, 2019.

By using our website and services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect various types of information for different purposes to provide and improve our services to you.

1.1. Personal Data You Provide Directly

When you book courses or submit enquiries through our website forms, we may collect the following personal data:

  • Names: To identify you for course registration and communication.
  • Email Addresses: For sending course confirmations, updates, and responding to enquiries.
  • Phone Numbers: For direct communication regarding bookings or enquiries.
  • Physical Addresses: For billing purposes and record-keeping related to course bookings.
  • Date of Birth: For age verification and specific course requirements.
  • Payment Information: When you make a payment for a course, sensitive payment details (such as credit card numbers) are processed directly by our third-party payment gateway, Fygaro. We do not store or retain your sensitive payment card details on our servers.

1.2. Automatically Collected Information

When you visit our website, certain information is collected automatically through third-party services like Google Analytics and social media platforms. This information may include:

  • IP Addresses: Your device’s Internet Protocol address.
  • Browser Type: The type and version of the browser you are using.
  • Device Information: Details about the device you are using (e.g., operating system, device type).
  • Usage Data: Information on how you interact with our website, such as pages visited, time spent on pages, and referring URLs.

We use this automatically collected data to analyse website traffic, understand user behaviour, and improve our website’s layout and overall user experience.

2. How We Use Your Information

We use the collected personal data for the following primary purposes:

  • To Process Course Bookings: To register you for first aid training courses, manage your enrolment, and provide you with necessary course materials and information.
  • To Respond to Enquiries: To communicate with you and address your questions submitted through our website’s contact forms.
  • To Improve Website and User Experience: To analyse trends, administer the site, track users’ movements around the site, and gather demographic information to enhance our website’s functionality and content.

3. How We Share Your Information

We do not sell your personal data to any third parties. We also do not share your personal data with third parties for their independent marketing or promotional purposes.

However, we engage certain trusted third-party service providers (data processors) who assist us in operating our website and providing our services. These third parties process personal data on our behalf and are contractually obligated to protect your information and use it only for the purposes for which we provide it to them. These include:

  • Pipedrive (CRM System): Used for managing customer relationships and course bookings.
  • Fygaro (Payment Gateway): Processes online payments securely.
  • Google Analytics: Collects and analyses website usage data.
  • Social Media Platforms (e.g., Meta/Facebook): May collect data related to your interactions with our social media presence and website.

These service providers adhere to their own privacy policies and security standards. We encourage you to review their respective privacy policies for more details on their data handling practices.

4. Data Security

We are committed to protecting the security of your personal data. We implement appropriate technical and organisational measures to safeguard your information against unauthorised access, disclosure, alteration, or destruction.

  • Pipedrive: Our CRM system, Pipedrive, is cloud-based and employs robust security measures, including data encryption, access controls, and compliance with international standards such as GDPR, SOC 2/3, and ISO/IEC 27001:2013.
  • Fygaro: Our payment gateway, Fygaro, is PCI DSS (Payment Card Industry Data Security Standard) compliant, ensuring the secure processing of your payment information. As noted, we do not store your sensitive payment card details directly.
  • General Measures: We use secure connections (HTTPS/SSL) for data transmission and regularly review our security practices to protect your data.

While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Course Booking Data: We retain course booking data for a period of 18 months after course completion. This retention period is necessary to facilitate re-certification outreach, as certifications typically require renewal at this interval. We may retain certain financial transaction records associated with bookings for longer periods as required by applicable tax and accounting laws in Barbados.
  • Contact Form Enquiries (that do not lead to a booking): We generally retain records of contact form enquiries for approximately one (1) year. This period allows us to effectively follow up on enquiries and analyse common questions. However, in certain cases, we may retain records for a longer duration if ongoing communication or a specific legitimate business need necessitates it.
  • Google Analytics and Social Media Data: Data collected by Google Analytics and social media platforms (e.g., Meta/Facebook) is subject to their respective privacy policies and data retention settings. We do not directly control these third-party retention periods. For more information on how Google and Meta retain data, please refer to their privacy policies.

6. International Data Transfers

As we utilise third-party service providers such as Pipedrive, Fygaro, Google Analytics, and social media platforms (e.g., Meta/Facebook), some of which are based in the United States or operate globally, your personal data may be transferred to and processed in countries outside of Barbados.

We ensure that such international transfers are conducted with appropriate safeguards in place to protect your personal data, in compliance with the Barbados Data Protection Act, 2019. For example, Pipedrive participates in the EU-US Data Privacy Framework, which provides a mechanism for transferring personal data from Barbados to the United States. For other services, we rely on standard contractual clauses or similar legally recognised transfer mechanisms to ensure an adequate level of data protection.

7. Your Data Protection Rights (Barbados Data Protection Act, 2019)

Under the Barbados Data Protection Act, 2019, you have certain rights regarding your personal data. These rights include:

  • The Right to Access: You have the right to request copies of your personal data that we hold.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (“Right to be Forgotten”): You have the right to request that we erase your personal data, under certain conditions (e.g., when the data is no longer necessary for the purposes for which it was collected).
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions, in a structured, commonly used, and machine-readable format.
  • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request in accordance with applicable data protection laws.

8. Children’s Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 18 without verification of parental consent, we take steps to remove that information from our servers.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Us

If you have any questions about this Privacy Policy, your data protection rights, or our data practices, please contact us:

By email: [email protected]

What are we quoting for?