Welcome to HSA Learning, provided by Helen Sanderson Associates ("HSA", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website at hsalearning.org, use our HSA Learning App, or purchase and access our online learning programmes and courses.
We want you to understand what choices you have in relation to your information, and how you can exercise those choices. We encourage you to read this policy carefully and to reach out to us if you have any questions.
This policy applies to all learners, visitors, and customers engaging with HSA Learning services in the United Kingdom, the European Union, the United States, and Canada.
1. Who We Are and How to Contact Us
Data Controller:
Helen Sanderson Associates
Website: hsalearning.org
App: HSA Learning App
Email: [email protected]
If you have any questions, concerns, or requests relating to your personal information, you are welcome to contact us at any time using the details above.
2. What Information We Collect and Why
We collect only the personal information that is necessary to provide you with access to our learning programmes, courses, and related services. Below is an overview of the information we may collect and our purpose for doing so.
2.1 Account and Registration Information
When you create an account or register for a course, we collect:
Full name
Email address
Password (stored in encrypted form)
Organisation or employer name (where provided)
Country or region of residence (where provided)
Purpose: To create and manage your learner account, provide access to purchased programmes, and deliver your learning experience.
2.2 Purchase and Payment Information
When you make a purchase, we collect billing information including your name and payment card details. Payment processing is handled securely by authorised third-party processors (such as Stripe or PayPal) and we do not store your full payment card details on our systems.
Purpose: To process your payment, issue receipts, and maintain accurate financial records.
2.3 Learning and Engagement Data
As you engage with courses and programmes on our platform and app, we may collect:
Course enrolment and completion records
Progress through learning modules
Assessment results and certificates earned
Responses to course activities, reflections, or feedback forms
Purpose: To deliver and improve your learning experience, issue completion certificates, and support your progress.
2.4 Device and Technical Information
When you access our website or app, we automatically collect certain technical data including:
IP address
Device type and operating system version
Browser type and version
Pages visited, time spent, and interaction patterns
Purpose: To maintain the security and performance of our platform, troubleshoot technical issues, and improve the app experience.
2.5 Communications and Marketing
If you subscribe to receive updates, newsletters, or information about our programmes, we collect your email address and communication preferences. We may also use your information to share details of new courses, updates to existing programmes, or surveys about your experience. You can opt out at any time (see Section 4).
3. Legal Basis for Processing Your Information
We process your personal information on the following lawful bases, in line with the UK GDPR, EU GDPR, and applicable data protection law:
Contractual necessity: To fulfil our agreement with you when you purchase and access a course or programme.
Legitimate interests: To improve our services, ensure security, and communicate relevant updates, where these do not override your rights.
Legal obligation: To comply with applicable laws including tax, fraud prevention, and safeguarding requirements.
Consent: For optional marketing communications, where you have specifically opted in. You may withdraw your consent at any time.
4. Your Consent and Your Choices
4.1 How We Obtain Consent
When you provide your personal information to subscribe to our service, make a purchase, or access a digital programme, we make clear the purpose for which we are collecting it. For optional uses such as marketing, we will ask for your specific consent before proceeding.
4.2 How to Withdraw Consent or Opt Out
You are in control of your preferences and can adjust them at any time. You may:
Unsubscribe from marketing emails using the link at the bottom of any email we send
Update your communication preferences in your account settings on the platform
Contact us directly at [email protected] to withdraw consent for any specific use
Withdrawing consent will not affect the lawfulness of any processing that took place before you withdrew it, and will not affect your ability to continue accessing programmes you have already purchased.
5. Your Rights
Depending on your location, you have a range of rights in relation to your personal information. We are committed to supporting you in exercising these rights.
5.1 Rights Under UK GDPR and EU GDPR
If you are located in the UK or European Economic Area (EEA), you have the right to:
Access – request a copy of the personal information we hold about you
Rectification – ask us to correct inaccurate or incomplete information
Erasure (‘right to be forgotten’) – request deletion of your personal information in certain circumstances
Restriction – ask us to limit how we use your information
Data portability – receive your information in a structured, commonly used format
Object – object to processing based on legitimate interests or for direct marketing
Withdraw consent – at any time, where processing is based on consent
UK residents may also lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk | Helpline: 0303 123 1113
EU residents may contact their relevant national data protection authority.
5.2 Rights for US Residents
If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), including:
The right to know what personal information we collect, use, disclose, and sell
The right to delete your personal information (subject to certain exceptions)
The right to opt out of the sale or sharing of your personal information – we do not sell your personal information
The right to correct inaccurate personal information
The right to non-discrimination for exercising your privacy rights
5.3 Rights for Canadian Residents
If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, including:
The right to access your personal information
The right to challenge the accuracy of your information and have it corrected
The right to withdraw consent, subject to legal or contractual restrictions
The right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC)
To exercise any of your rights, please contact us at [email protected]. We will respond within the timeframe required by applicable law (generally 30 days for UK/EU requests; 45 days for US/Canadian requests).
6. Cookies and Tracking Technologies
6.1 What Are Cookies
Cookies are small text files that are placed on your device by our website and app. We use cookies and similar technologies (such as local storage and session tracking) to help our platform function properly, understand how you use our services, and provide you with a personalised experience.
6.2 Types of Cookies We Use
Essential cookies: Necessary for the website and app to function, such as maintaining your login session and remembering your progress in a course.
Functional cookies: Remember your preferences and settings to personalise your experience.
Analytics cookies: Help us understand how learners engage with our content, using aggregated and anonymised data, so we can improve our programmes.
Marketing cookies: May be used to deliver relevant information about our programmes. These are only placed with your consent.
6.3 Managing Your Cookie Preferences
On your first visit to our website, you will be presented with a cookie consent banner allowing you to choose which types of cookies you accept. You can update your preferences at any time via the cookie settings link at the bottom of our website. You may also configure your browser to refuse or delete cookies, though some features of our platform may not function correctly if you do so. Please note that we do not currently alter our data collection in response to browser-level “Do Not Track” signals, as there is no consistent industry standard for these signals.
7. How We Share Your Information
We do not sell your personal information. We share it only in the following limited circumstances:
7.1 Service Providers and Technology Partners
We work with trusted third-party providers to deliver our services, including:
Payment processors (e.g. Stripe, PayPal) to securely handle your transactions
Learning management system (LMS) providers who host and deliver our course content
Email and communications platforms to send you notifications and learning updates
Analytics services to help us understand how our platform is used
These providers are only permitted to use your information as necessary to provide their services to us and are required by contract to maintain appropriate safeguards. We encourage you to review the privacy policies of any third-party services you interact with directly.
7.2 Legal Requirements
We may disclose your personal information where required by law, such as in response to a valid court order, legal process, or regulatory obligation, or where necessary to protect the rights, property, or safety of HSA Learning, our learners, or others.
7.3 Business Transfers
In the event that HSA Learning or Helen Sanderson Associates is acquired by or merged with another organisation, your information may be transferred as part of that process. We will notify you in advance of any such change and ensure your rights are protected.
7.4 International Data Transfers
Some of our third-party service providers may be located or operate in countries outside the UK or EEA, including the United States. Where your information is transferred internationally, we ensure that appropriate safeguards are in place – such as UK-approved International Data Transfer Agreements (IDTAs), EU Standard Contractual Clauses (SCCs), or transfers to countries recognised as providing an adequate level of protection. If you would like further information about the safeguards in place, please contact us.
8. Payment Security
All payments made through hsalearning.org or the HSA Learning App are processed securely by authorised third-party payment processors. We use SSL (Secure Socket Layer) encryption and all payment data is handled in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). We do not store your full credit or debit card details on our servers. Your purchase transaction data is retained only as long as necessary for legal and financial record-keeping purposes.
9. How Long We Keep Your Information
We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Our general retention approach is:
Account and learning data: Retained for the duration of your account and for up to 7 years thereafter to support your access to certifications and records.
Financial records: Retained for a minimum of 6 years in accordance with UK tax law and HMRC requirements.
Marketing preferences: Retained until you withdraw consent or opt out.
Technical and analytics data: Generally retained in anonymised or aggregated form.
10. Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction. These include SSL/TLS encryption for data in transit, AES-256 encryption for data at rest, access controls and authentication requirements for staff, and regular security reviews of our platform and processes. While no system can be entirely without risk, we follow industry best practices and applicable legal standards to keep your information safe. In the event of a data breach that is likely to affect your rights, we will notify you and the relevant supervisory authority as required by law.
11. Children and Young People
Our online learning programmes and website are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will take steps to delete it promptly.
12. Links to Other Websites
Our website and app may contain links to external websites or services. Please be aware that once you leave our platform, this Privacy Policy no longer applies. We are not responsible for the privacy practices of other sites and encourage you to review their privacy statements before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make significant changes, we will let you know by posting a notice on our website or app, or by sending you an email notification, so that you are always informed about how your information is being used. The “Last updated” date at the top of this policy will always reflect the most recent version.
14. Questions and Contact
If you would like to access, correct, update, or request deletion of your personal information; have a concern about how we handle your data; or simply want to talk through your privacy choices, please get in touch. We are always happy to hear from you.
Contact us at:
Email: [email protected]
Website: hsalearning.org
We aim to respond to all enquiries within 5 working days. For formal data subject requests, we will respond within the timescales required by applicable law.