Privacy and Cookie Notice

Emergency Care Education Centre


We really do want you to read and understand our privacy policy. We believe simplicity and openness are key, however there are some important technical terms explained in appendix 1.

Who are we?

We are The Risk Practice Ltd, trading as Emergency Care Education Centre. The Emergency Care Education Centre brings together cutting-edge, immersive, emergency care training delivered by an experienced top flight faculty of medical educators.

What data do we collect?

You may be giving or have given personal information via our website e.g. through “contact us”. This may include your name, email address, home address, your contact number and information about the services or products, or information you are looking for.

The G.D.P.R. classes this information as personal data therefore you be will asked to consent whilst on line via a “tick box” to confirm your consent. If you do not positively opt in, the system will not accept your data.

Do we use Cookies?

We use cookies on our website to distinguish users and help to provide them with a good user experience. A cookie is a tiny file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. We use the following cookies:

Strictly necessary cookies

These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or use a shopping cart.

Analytical/performance cookies

They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies

These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

What is the lawful basis for processing the data?

Our lawful basis for processing the personal data we collect via our website or whilst networking is “consent”.

If you are a customer or you contact us to ask for a quote or prices on products or services then the lawful basis will be to fulfil a “contract”.

Will data be shared with any third parties?

No. We do not share data with third any parties unless we are required to by law, however our analytics data is stored with Google Analytics.

How will the information be used?

Existing and prospective clients who have given consent will receive information about the products or services they have enquired about or marketing material regarding courses, special offers or other useful information from us.

We do not undertake any individual customer profiling and have no intention of sharing data with third parties for marketing purposes. If for any reason we wanted to in the future, your explicit consent will be sought first.

How long will your data be stored for?

We will store data about clients or potential clients for 1 year (or until you exercise your right to be forgotten i.e. by opting out). This period will be extended if you are actively engaging with us and/or we believe you may potentially become a client in the near future. If you do not engage with us for 12 months, we will send you a reengagement email asking you to confirm that you want to continue to hear from us.

If you become a client, for HMRC purposes your details will be removed from our invoicing software 7 years after they cease to be a client. For legal purposes, emails from and to clients providing advice or regarding the supply of goods or services, will be held for 6 years after the last interaction.

Is your data safe?

Your data and any emails we keep will be held in accordance with Article 32 (Security of processing) of the G.D.P.R.. This means we apply “appropriate technical and organisational measures” to ensure security, such as storing data on a secure server which has the latest antivirus, is backed up regularly, regularly security patched, protected by a firewall and has strong password protection.

What rights does the data subject have?

You can submit a subject access request to see the data we hold or exercise your right to be forgotten by emailing us at

How can the data subject raise a complaint?

If you wish to complain please email us at

Changes to this Privacy Notice.

This Privacy Notice became effective on 25th May 2018. It will be revised as needed to fully comply with changes in the law.

Should we choose to make any significant changes to this privacy notice whilst your data is held by us, you will be asked to again to give your explicit consent.


Appendix 1


The General Data Protection Regulations.

Data subject

The person who’s data is being held by the Company.

Explicit consent

Where a person has taken action to confirm consent; and are not deemed to have accepted something by simply not objecting or by clicking a pre ticked box.

The right to be forgotten

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and will depend on the circumstances.

Subject access request

A verbal or written request to an organisation for:

  • confirmation that you are processing their personal data;
  • a copy of their personal data;
  • a copy of the organisation’s privacy notice (or equivalent information).

Organisations have to respond without undue delay or at least within 1 month of the request.