This Privacy Policy explains how MaintainSafe (“we”, “us”, “our”) collects and uses personal data when you use our website and training platform. We aim to comply with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

Who we are

MaintainSafe is the data controller for personal data processed through this website, unless stated otherwise. If you have questions about this policy or your data, please contact us via our Contact Us page.

Personal data we collect

Depending on how you use the platform, we may collect:

• Account data (name, email address, phone number, login details, role and company association where relevant).
• Training and learning records (enrolments, progress, assessment results, completions, certificates issued).
• Payment and billing data (transaction references and payment status). Card details are processed by our payment provider and are not stored on our servers.
• Support and contact data (messages submitted through forms, and associated contact details).
• Technical data (IP address, device/browser information, log data, and usage data to maintain security and performance).

How we use your data

We use personal data to:

• Provide access to the platform, manage accounts, and deliver training content.
• Issue certificates and maintain completion records for learners and organisations.
• Process payments and manage subscriptions where applicable.
• Respond to enquiries and provide customer support.
• Maintain platform security, prevent fraud and misuse, and troubleshoot issues.
• Improve the platform, content quality, and user experience.

Lawful bases for processing

We rely on one or more lawful bases under UK GDPR, including: performance of a contract (to provide the service you requested), legitimate interests (to operate and improve our platform and keep it secure), legal obligation (where record-keeping is required), and consent (where required, such as certain marketing communications).

Sharing your data

We may share personal data with trusted service providers who help us operate the platform (for example, hosting, email delivery, analytics, and payment processing). These providers are required to protect your data and use it only for the services they provide to us. We may also disclose information where required by law or to protect our rights, users, or the public.

International transfers

If any of our service providers process data outside the UK, we will take steps to ensure appropriate safeguards are in place in line with UK GDPR (such as adequacy regulations or contractual protections).

Data retention

We keep personal data only for as long as necessary for the purposes described above, including maintaining training and certificate records and meeting legal or operational requirements. Retention periods vary based on the type of data and how the platform is used.

Security

We use administrative, technical, and organisational measures designed to protect personal data. No method of transmission or storage is completely secure, but we work to protect your information and reduce risk.

Your rights

Subject to UK GDPR, you may have rights including:

• Access to your personal data.
• Rectification of inaccurate data.
• Erasure (in certain circumstances).
• Restriction of processing (in certain circumstances).
• Data portability (where applicable).
• Objection to processing based on legitimate interests (in certain circumstances).
• Withdrawal of consent where we rely on consent.

To exercise your rights, please contact us via our Contact Us page.

Complaints

If you have concerns about how we handle your personal data, you can contact us first and we will try to resolve the issue. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Changes to this policy

We may update this Privacy Policy from time to time. Updates will be posted on this page.