PREMED Ltd (“PREMED”, “we”, “us”) is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store and share your information when you:
• access our learning platform
• purchase or enrol in a course
• are enrolled through corporate onboarding
• interact with our website
• receive service or marketing communications
PREMED Ltd (Company no. 14252252) is the Data Controller.
1. Data We Collect
1.1 Account & Identity Data
• First name, last name
• Email address
• Organisation (if applicable)
• Account password (encrypted — we cannot view it)
1.2 Course & Learning Data
• Courses purchased or assigned
• Progress and completion records
• Assessment results
• Certificates issued
• CPD audit records (where required)
1.3 Communication Preferences
• Marketing consent
• Email subscription preferences
• Support enquiries
• Email interaction events (open/click where consented or soft opt-in applies)
1.4 Payment Data
Processed securely by Stripe.
PREMED never receives or stores payment card information.
1.5 Technical Data
• IP address
• Device and browser type
• Usage statistics
• Cookies (see Cookie Policy)
2. How We Collect Data
We collect data when you:
• create a PREMED account
• enrol in or are assigned a course
• complete onboarding forms
• contact us by email or via the platform
• use the PREMED learning platform (hosted by Thinkific)
• visit our website
Some data is collected automatically (e.g., IP address, device information).
3. How We Use Your Data
3.1 To Deliver Our Services (Contractual necessity)
• create and manage your account
• enrol you in courses
• track learning progress
• issue certificates
• provide CPD audit evidence where required
• provide user support
3.2 To Send Essential Service Emails (Contractual necessity)
These include:
• account creation and access
• password resets
• course access and expiry notifications
• certificates
• essential service or safety updates
You cannot opt out of essential service emails.
3.3 Marketing Communications (Consent or Soft Opt-In)
We send marketing only where:
• you have opted in, or
• you purchased a course from us and soft opt-in applies.
You may withdraw consent at any time.
3.4 Analytics & Platform Functionality (Legitimate interests)
• monitoring platform performance
• improving content and services
• identifying and resolving issues
• detecting misuse or unauthorised access
Our legitimate interests are balanced against your rights.
4. Lawful Bases for Processing
We process personal data under:
• Article 6(1)(b) – performance of contract (delivery of courses, account management)
• Article 6(1)(a) – consent (marketing)
• Article 6(1)(f) – legitimate interests (platform analytics, fraud prevention, security)
• Article 6(1)(c) – legal obligations (tax records, CPD audit evidence)
PREMED does not process special category data.
5. Our Data Processors
We use trusted third-party processors who act under our instructions:
5.1 Thinkific (Learning Platform)
• Stores account data, progression, assessment results and certificates
• Data hosted in Canada (covered by UK adequacy regulations)
• Processes data strictly under PREMED’s instructions
5.2 Stripe (Payments)
• Processes payments securely
• PREMED never sees or stores full card details
5.3 Brevo (Marketing & Email Automation)
• Sends marketing emails and stores subscription preferences
5.4 Zapier (Automation)
• Transfers corporate onboarding data to Thinkific
• Data retained for up to 69 days in activity logs
5.5 Google (Forms / Workspace)
• Used for onboarding and support enquiries
• Storage within the UK/EU where possible
5.6 Microsoft 365 (Email & Documents)
• Secure email and file storage
We do not sell personal data or share it with third parties for advertising.
6. Data Retention
We retain personal data only for as long as necessary:
• Learner accounts: retained until you request deletion (no automatic expiry)
• Course completion records: 6 years (CPD / audit requirements)
• Corporate onboarding forms: deleted once enrolment is validated
• Marketing records: retained until consent is withdrawn
• Financial records: 6 years (legal obligation)
You may request deletion at any time unless we are required to retain certain data for legal purposes.
7. International Transfers
Some processors store data outside the UK.
Where this occurs, data is protected by:
• UK adequacy regulations (including Canada)
• Standard Contractual Clauses
• Encryption and access controls
• Obligations in processor contracts
We ensure all transfers comply with UK GDPR Chapter V.
8. Your Data Protection Rights
Under the UK GDPR, you have the right to:
• Access – request a copy of your data
• Rectification – correct inaccurate data
• Erasure – request deletion (where legally permitted)
• Restriction – limit processing
• Objection – to certain processing
• Data portability – receive a machine-readable copy
• Withdraw consent – at any time (for marketing)
We respond within one month.
Contact: [email protected]
9. Marketing Opt-In & Opt-Out
You may withdraw consent at any time by:
• clicking “unsubscribe” in any email
• emailing [email protected]
Withdrawal does not affect processing carried out before withdrawal.
10. Cookies
Details of cookies used on our site and learning platform are provided in our Cookie Policy.
Thinkific also sets essential cookies required for platform operation.
11. Security
We implement appropriate technical and organisational measures, including:
• encrypted connections (HTTPS)
• secure password hashing
• administrator multi-factor authentication
• access controls and least-privilege principles
• regular security and access reviews
12. Children
Our Services are not intended for individuals under 18.
We do not knowingly collect children’s data.
13. Changes to This Policy
We may update this Privacy Policy periodically.
Updated versions will be posted on our website and platform.
Last updated: 28 November 2025.
14. Contact Us
PREMED Ltd
20–22 Wenlock Road
London, N1 7GU
United Kingdom
Email: [email protected]
Website: www.prem-ed.com
15. Contacting the ICO
If you are not satisfied with how we handle your data, you may contact the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/