top of page

Privacy Policy

Privacy Policy – LSFRCA Limited

Last updated: February 2026

​
 

1. Introduction

LSFRCA Limited (“we”, “our”, “us”), company number: 16826686, registered address: 167 - 169 Great Portland Street, 5th Floor, London, England, W1W 5PF, is committed to protecting the privacy and security of personal data. We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We provide professional training and courses via www.lsfrca.com. We are registered with the Information Commissioner’s Office (ICO) as a data controller (ICO registration number C1823586).

​
 

2. Contact for Data Protection Matters

If you have any questions about this Privacy Policy or our data practices, you may contact us at:
Email: courses@lsfrca.com

​
 

3. Personal Data We Collect

We collect personal data necessary to administer, manage, and deliver our training courses and related services. Categories include:

  • Full name

  • Email address

  • Training deanery (to determine eligibility for price reduction)

  • Course registration and attendance details

  • Information you provide in communications (via email)

  • Responses submitted via our online registration forms
     

Payment Data:

  • We do not collect or store full payment card details.

  • Payments are made via bank transfer (Starling business account) or via PayPal Business, depending on what the payer can use.


Feedback Tool:

  • We use Mentimeter during our training courses but do not capture or store any personal data in that tool.

     

4. How We Collect Your Data

We collect personal data when you:

  1. Fill out a registration, enquiry, or application form (via our website or direct link).

  2. Communicate with us by email (Google Workspace).

  3. Make payments to us by bank transfer or via PayPal Business.
     

Technical / system information:
We may collect limited technical information automatically (e.g., IP address or browser type) for security and site performance purposes. We do not use this data for profiling, tracking, or marketing.

​
 

5. Lawful Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity: to enroll you in courses, deliver training, and issue certificates.

  • Legal obligation: to maintain records for audits, accounting, regulatory, and tax purposes.

  • Legitimate interests: to run and improve our operations, communicate with participants, and maintain system security.

​
 

6. Use of Personal Data

Your personal data is used for:

  • Managing course applications, registrations, and attendance.

  • Communicating with you about course schedules, meeting invites, and certificates.

  • Processing payments and confirming bookings.

  • Maintaining internal records for audit, compliance, and financial purposes.
     

We do not use personal data for unsolicited marketing, nor do we sell or rent it to third parties.

​
 

7. Data Sharing and Third‑Party Processors

We share personal data only as necessary to deliver our services:

  • Google Workspace (for secure email, Forms, Sheets, and document management)

  • PayPal Business (for payment processing)

  • Starling Bank (for receiving payments)

  • Wix (for website hosting and infrastructure)
     

We have formal Data Processing Agreements (DPAs) with these providers to ensure GDPR compliance.
We may also disclose data if required by law, such as to comply with a court order or regulatory requirement.

​
 

8. International Transfers

Personal data may be processed outside the United Kingdom by providers such as Google Workspace or PayPal. We rely on safeguards such as the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) to ensure UK GDPR compliance.

​

9. Data Retention Policy

Course registration, attendance & certificates, Up to 6 years, for audit, legal, regulatory, and financial compliance
 

Email correspondence

Up to 7 years (active or archived) then deleted, for operational communications, enquiries, complaints, and to respond to Subject Access Requests
 

Payment records

Up to 6 years for accounting, tax, and regulatory compliance
 

Retention periods are regularly reviewed to ensure they remain necessary and proportionate.
 

​

10. Data Security & Protection by Design

We implement technical and organisational measures to protect personal data, including:

  • Secure storage in Google Workspace (Gmail, Forms, Sheets)

  • Access controls limiting data to authorised personnel only

  • All company directors are up to date with data protection training through NHS e-Learning for Healthcare (e‑LFH)

  • Regular internal reviews of policies and procedures

  • Documented procedures for identifying, managing, and reporting data breaches
     

Email correspondence is retained securely in Google Workspace, ensuring it can be accessed for compliance or SARs, before being automatically deleted after 7 years.
 

​

11. Your Rights Under UK GDPR

You have the right to:

  • Access: request a copy of personal data we hold

  • Rectification: correct inaccurate or incomplete information

  • Erasure: request deletion, where applicable

  • Restriction: limit processing

  • Objection: to certain processing (e.g., legitimate interests)

  • Data portability: receive your data in a structured, machine-readable format
     

We normally respond to valid requests within one calendar month, extendable by a further two months for complex requests.
To exercise your rights, email courses@lsfrca.com.
If unsatisfied, you may contact the ICO: www.ico.org.uk / 0303 123 1113.
 

​

12. Automated Decision‑Making

We do not use automated decision-making or profiling.
 

​

13. Cookies

We use only strictly necessary cookies that are required for the operation of our website. These cookies are essential for enabling basic features such as page navigation, security, and network management. They cannot be switched off.

We do not use cookies for advertising, marketing, analytics, or profiling.
 

Our essential cookies allow us to:

  • Verify your identity and maintain your active session while you navigate the site.

  • Implement security measures to prevent fraud and unauthorized access.

  • Ensure the website loads quickly and displays correctly on your device.

     

14. Policy Review, Versioning & Audit Trail

  • We review this Privacy Policy at least annually, or more often if legal or operational changes occur.

  • An internal audit trail of all versions is maintained to ensure accountability and transparency.

     

15. Changes to This Privacy Policy

Updates are published on www.lsfrca.com, with the “Last updated” date reflecting the most recent revision.
 

​

Email
courses@LSFRCA.com
 

Emails are monitored Monday to Thursday from 9am to 5pm. Responses can take up to 48 hours, so please be patient and we will respond ASAP

​​

Course Directors

 

Dr. Joe Reason​

 

Dr. Sam Passey

 

Dr. Rafi Kanji

​​

Social Media

 

Follow us:

X @LSFRCA

Instagram @LSFRCA

  • Instagram
  • X
bottom of page