EBAMAS Services Ltd
EBAMASSERVICES LTD

Privacy Policy

Your privacy is important to us. Learn how we protect your data

Last updated: January 2026

1. Introduction

EBAMAS Services Ltd ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, medical training courses, and related services (collectively, the "Services").

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Services.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

  • Name, email address, phone number, and postal address
  • Account credentials (username and password)
  • Payment information (processed securely through Stripe)
  • Professional information (qualifications, job title, employer)
  • Course enrollment and completion data
  • Communication preferences

2.2 Automatically Collected Information

When you use our Services, we automatically collect certain information, including:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, click patterns)
  • Cookies and similar tracking technologies
  • Log files and analytics data

2.3 Third-Party Information

We may receive information about you from third parties, such as payment processors (Stripe).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our Services
  • To process your course enrollments and payments
  • To communicate with you about your account, courses, and our Services
  • To send you important updates, newsletters, and promotional materials (with your consent)
  • To personalize your experience and provide relevant content
  • To monitor and analyze usage patterns and trends
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our Terms of Service
  • To issue certificates and CPD points upon course completion

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal bases:

  • Consent: When you have given clear consent for us to process your data for specific purposes
  • Contract: When processing is necessary for the performance of a contract with you (e.g., course enrollment)
  • Legal Obligation: When we need to comply with a legal obligation
  • Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., improving our Services, security)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services, such as payment processors (Stripe), hosting providers, email services, and analytics providers. These providers are contractually obligated to protect your information.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Secure payment processing through Stripe
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies and applicable laws.

8. Your Rights (GDPR)

Under the GDPR and UK data protection laws, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your preferences and usage patterns. Cookies are small text files placed on your device when you visit our website.

We use cookies for the following purposes:

  • Essential Cookies: Required for the website to function properly
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your information in accordance with this Privacy Policy.

11. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification (for significant changes)

Your continued use of our Services after such changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EBAMAS Services Ltd

Email: info@ebamas.co.uk

Phone: +44 123 456 7890

Data Protection Officer:
For data protection inquiries, please contact us at the email address above with "Data Protection" in the subject line.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with data protection laws. Visit ico.org.uk for more information.