CSTC is managing the processing and handling of all the courses on the CSTC website.  The CSTC team is committed to ensuring the protection of your personal information.

The General Data Protection Regulation (GDPR) has come into effect on 25 May 2018 which intended to strengthen and unify data protection for all individuals.

In accordance with GDPR guidelines, our aim is to have safeguards in place to protect your privacy and ensure that you feel confident about the security of your personal data you provide us with.

CSTC is also registered with the Information Commissioner’s Office (ICO) which is an independent regulator whose aim is to uphold information rights in the interest of the public.  They deal with issues such as information misuse and breaking of personal information privacy rights.

This privacy notice is to let you know how we will look after your personal information.

Under Data Protection Laws, we can only process your personal information where we have a justifiable reason for doing so, such as:

  • We are required to do so by law i.e. a legal obligation

  • You have entered into a contract with us for a service for example processing credit card payment

  • In the public interest where this has a clear basis in law

  • Vital interests for example protection of life in a medical emergency


What personal data do we collect?

Personal data is any information that is identifiable as belonging to you.

CSTC will request personal data from candidates attending any its courses (APLS/GIC/PHPLS etc.), for the sole purpose of creating a profile on the individual person to use for preparation of precourse and post course documentation. 

The personal data held on file canbe shared with:

  • ALSG (If necessary)

  • Course Instructors(During the course, only if necessary)

  • Admin Team (To prepare course documentation)

Personal data collected may include:

  • Name

  • Title

  • Date of birth

  • Home Address

  • Contact phone number

  • Email address

  • GMC/NMC/HCPC Number

  • Photo

  • Hospital name & address

Why do we collect data and who receives this data?

We collect data to prepare precourse and post course documentation.  As we are an accredited centre, we must report back course results and such information to the awarding body so that candidates of any given course may receive their certification.

It is often the first time that instructors have seen the details of candidates during a course therefore, a photograph of each candidate can make it easier for instructors to remember each candidate and that facilitates the marking candidates.

There are often precourse preparations that you may need to do if you are attending one of our courses and often,a course manual must be read.  We may send you the course manual by post therefore we must ask for your home address when you are filling in the application form.

As many courses require candidates to be licensed through an official organisation, GMC number or other equivalent licence registration numbers areneeded to ensure that such requirement is met.


How long will the data be retained?

Data will not be retained for any longer than is required.  We adhere to the standards outlined by the Scottish Government Records Management: NHS Code of Practice (Scotland).

As some courses are valid for 4 years before the certificate holder is required to recertify, for example APLS & PHPLS, personal information and the course outcome must be kept by us for at least 4 yearsThat’s why, we will retain your records until the time of your recertification arrivesIf you do not want us to keep your record after your recertification, please let us know and we will remove your record from our database.


Individual Rights Under GDPR

You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below.

  1. Right to be Informed This is provided through the privacy notice on our website.

  2. Right of Access You have the right to access your personal data and supplementary information.  We will aim to respond to any request received from you within one month from your request, although this may be extended in some circumstances in line with Data Protection Laws.  If you wish to obtain access to your file, you must write to us at the address below.  Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.

  3. Right to Rectification The right to ask us to correct your information if you think the information that we hold about you is wrong or incomplete.  We will respond within one month.

  4. Right to Erasure The right to object to our use of your information, or to ask us to delete, remove or stop keeping it if there is no need for us to keep it.  This is known as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’.  There may however be legal or regulatory reasons why we need to keep or use your information.

  5. Right to Restrict processing We may sometimes be able to restrict the use of your information so that it is only used for legal claims or to exercise legal rights.  In these situations, we would not use or share your information while it is restricted.

  6. Right to Data Portability The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

  7. Right not to be evaluated on the basis ofautomated processing Candidates who attend a CSTC will not be evaluated on the basis of automated processing nor is any decision making automated.



We may also collect information from you through the use of cookies.  Cookies are small files which are stored on your computer browser.  The cookie law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet for example, you may have a popup message informing you that this site uses cookies in combination with an acceptance/decline box, and it will be your decision whether you wish to accept or decline the use of the cookie.


Links from our website

Our website may contain links to other websites.  If you provide personal/sensitive data to a website to which we are linked to, we are not responsible for its protection and privacy.  This privacy statement only applies to

Contact us or make a complaint

If you wish to exercise any of the above rights under the Data Protection Laws, please write to:

34 Gairbraid Avenue,
G20 8YE

United Kingdom.

If you feel your data is being mishandled and you would like to make a complaint to the ICO, please write to the following address:


Information Commissioner’s Office
Wycliffe House
Water Lane