Data Protection and Privacy
Data Protection and Privacy
This page explains how personal data is handled on the british-sign.co.uk course platform, operated by Lisia Digital Limited.
It is intended for individuals, schools, organisations, and trusts carrying out due diligence under the UK GDPR and the Data Protection Act 2018.
Who we are
The british-sign.co.uk course platform is operated by:
Lisia Digital Limited
(Data Processor)
Organisations using the platform act as the Data Controller for their users.
Our approach to data
The platform is designed to use as little personal data as possible.
We do not collect unnecessary information, and we do not use personal data for advertising, profiling, or resale.
What data we collect
We only collect the following personal data for course enrollments:
- Name
- Email address
No special category data (such as health, biometric, or sensitive personal data) is collected or processed.
What we use data for
Personal data is used only to:
- Create and manage user accounts
- Allow users to log in and access the course
- Track course progress
- Issue course completion certificates
- Verify course completion where requested
We do not use personal data for marketing or unrelated purposes.
Lawful basis
The lawful basis for processing is determined by the organisation using the platform (the Data Controller), typically:
- Consent, or
- Legitimate interests
Lisia Digital Limited acts only on the instructions of the Data Controller.
Data sharing
We do not sell, rent, or share personal data with third parties for marketing or advertising.
Personal data is only processed as required to operate the platform.
Sub-processors
We use trusted third-party providers to operate the platform, such as:
- Web hosting providers
- Email delivery services
All sub-processors are required to maintain appropriate data protection and security standards.
A current list of sub-processors can be provided on request.
Data security
We take appropriate technical and organisational measures to protect personal data, including:
- Secure hosting environments
- Encrypted connections (HTTPS)
- Access controls and authentication
- Regular software and security updates
Access to personal data is restricted to authorised personnel only.
Data retention
Personal data is retained only for as long as a user account remains active.
Users or organisations can request deletion of personal data at any time.
Course completion and certificate verification
Where a user has completed the course, we may retain a minimal record consisting of the individual’s name and email address for the sole purpose of verifying course completion if requested.
This record:
- Is used only for verification
- Is not used for communication or marketing
- Is retained under our legitimate interest in maintaining the integrity of issued certificates
Data subject rights
Under UK GDPR, individuals have the right to:
- Access their personal data
- Request correction of inaccurate data
- Request deletion of their data
- Request restriction of processing
We will support organisations (Data Controllers) in fulfilling these requests where required.
Data breaches
In the event of a personal data breach, we will notify the relevant organisation (Data Controller) without undue delay and provide appropriate information to support their obligations.
International data transfers
Personal data is stored within the UK or in jurisdictions that provide an adequate level of data protection in line with UK GDPR requirements.
Use by organisations (schools, trusts, etc.)
When the british-sign.co.uk course platform is used by a school, academy, trust, or organisation:
- The organisation acts as the Data Controller
- Lisia Digital Limited acts as the Data Processor
- Processing is carried out only to deliver the course
A Data Processing Agreement (DPA) can be provided on request.
Contact
If you have any questions about data protection or would like a copy of our Data Processing Agreement, please get in touch.
Updated on: 20/03/2026
Thank you!