/curated/cpd

PRIVACY POLICY

This Privacy Policy describes how your personal information is collected, stored, used, and protected when you use this CPD e-learning programme, created and offered by Liam Van Zyl (“the Course Creator”), a private individual acting in a personal capacity and based in Finland. The course is hosted on Thinkific, a third-party platform operated by Thinkific Labs Inc. This Policy is written in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and, where applicable, the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa. By using this platform, you agree to the terms of this Privacy Policy.

1. WHO WE ARE

This CPD e-learning programme is created and offered by Liam Van Zyl (the “Course Creator”). Liam Van Zyl is a private individual acting in a personal capacity and is not a registered company, corporation, or other legal entity. The course is hosted on Thinkific, a third-party online learning platform; the Course Creator does not own or operate the Thinkific platform. The purpose of this Policy is to describe the way in which the Course Creator collects, stores, uses, and protects data that can be associated with you or another specific natural person and can be used to identify you (“personal data”).

For the purposes of this Policy, “platform” refers to the Thinkific-hosted site on which this course is made available, and any other linked or affiliated pages operated by the Course Creator.

2. AUDIENCE

This Policy applies to you if you are:

• a visitor to this platform; or
• a learner who has enrolled in or is using any of the CPD courses or services offered by the Course Creator.

When visitors register or subscribe on this platform, the Course Creator collects the data provided in the registration form, which may include your registration category, name, and surname.

3. PERSONAL DATA

3.1 Included

Personal data includes:

• certain information collected automatically when you visit this platform;
• certain information collected upon registration (see Section 6);
• certain information collected upon enrolment or purchase; and
• optional information that you provide voluntarily.

3.2 Excluded

Personal data excludes:

• information that has been anonymised so that it does not identify a specific person;
• permanently de-identified information that cannot be traced back to you;
• non-personal statistical information compiled by the Course Creator; and
• information you have voluntarily provided in an open, public environment (such as a public forum or discussion board), which is no longer confidential and does not constitute personal information subject to protection under this Policy.

3.3 Common examples

Common examples of the types of personal data the Course Creator may collect and process include your:

• identifying information – such as your name and surname;
• contact information – such as your email address or phone number;
• professional information – such as your profession, HPCSA registration number, and HPCSA registration category; and
• technical information – such as your IP address and device details.

3.4 Sensitive personal data

Depending on the services you use, the Course Creator may also collect:

• financial information – such as payment transaction data (processed by third-party processors; see Section 7); and
• professional registration information – such as your HPCSA registration number and registered psychology category.

4. ACCEPTANCE

You must accept all the terms of this Policy when you register for, enrol in, or use this platform or any of its services. If you do not agree with anything in this Policy, you may not register for or use this platform.

You may not access this platform or enrol in courses if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.

By accepting this Policy, you are deemed to have read, understood, and agreed to be bound by all of its terms. You may only submit your own personal data, or the data of another person where you have their permission to do so.

5. CHANGES TO THIS POLICY

The Course Creator reserves the right to update or modify the terms of this Policy at any time by updating this page. Where required by applicable EU law (including the GDPR), users will be notified of material changes in accordance with the minimum notification requirements prescribed by law. If you do not agree with any changes, you must stop using the platform. Your continued use of the platform following any update constitutes acceptance of the revised Policy.

6. COLLECTION OF PERSONAL DATA

6.1 On registration

Once you register on this platform, you will no longer be anonymous to the Course Creator. You will provide certain personal data, which may include:

• your name and surname;
• your email address;
• your telephone number;
• your profession, HPCSA registration number, and HPCSA registration category;
• your postal or physical address; and
• your username and password.

This personal data will be used to fulfil your account, provide course access and completion certificates, submit CPD records to the HPCSA, and communicate with you as described in this Policy.

6.2 On enrolment or purchase

When you enrol in a course or make a purchase, you may be asked to provide additional information. All payment details are processed exclusively by Thinkific’s integrated payment processors; the Course Creator does not directly handle or store any payment information.

6.3 From your browser (automatic collection)

The Thinkific platform automatically receives and records internet usage information, including your IP address, browsing habits, click patterns, version of software installed, system type, screen resolution, language settings, cookie preferences, the pages you access, and the dates and times of your visits. Please note that other websites visited before entering this platform may place personal data in your URL, and the Course Creator has no control over such third-party websites.

6.4 Cookies

The Thinkific platform may place small text files called ‘cookies’ on your device when you visit. These files contain a personal identifier allowing your personal data to be associated with your device. Cookies serve a number of useful purposes, including:

• maintaining your logged-in session;
• tailoring the platform’s functionality to you personally by remembering your preferences;
• improving platform performance;
• allowing third-party services (such as payment processors) to function; and
• tracking your course progress and completion.

Your internet browser generally accepts cookies automatically, but you can change this setting or delete cookies manually. However, refusing or deleting cookies may prevent you from accessing certain features of the platform. It is not possible to use this platform without cookies. By using the platform, you accept the use of cookies. You can learn more about cookies at www.allaboutcookies.org.

6.5 Third-party cookies

Some third-party service providers integrated with the Thinkific platform (such as payment processors) may use their own cookies or widgets. The Course Creator has no access to or control over them. Information collected by those cookies is governed by the privacy policy of the relevant third-party company.

6.6 Web beacons

The Thinkific platform may use electronic image requests (single-pixel GIFs or web beacons) to count page views and access cookies. These web beacons do not collect, gather, monitor, or share your personal data and are used only to compile anonymous information about platform usage.

6.7 Optional details

You may also provide additional information voluntarily, for example when you respond to surveys, rate courses, or use optional features of the platform.

6.8 Purpose for collection

The Course Creator collects and processes your personal data for the following purposes:

• service delivery – providing access to courses and issuing CPD completion certificates;
• HPCSA compliance – submitting CPD completion records as required by HPCSA CPD Provider Guidelines;
• communications – sending account updates, course notifications, and (with your consent) information about new programmes;
• platform improvement – monitoring usage metrics and improving the learning experience; and
• legal compliance – handling claims, complying with applicable regulations, and retaining records as required by law.

7. PAYMENT

All payments are processed exclusively through Thinkific’s integrated payment processors, which are compliant with the Payment Card Industry Data Security Standard (PCI-DSS). The Course Creator does not directly handle, process, or store any payment card information. Transaction data is retained only for as long as is necessary to complete the transaction and to comply with applicable Finnish tax and accounting obligations.

8. LEGAL BASIS FOR PROCESSING (GDPR)

As a Finland-based individual provider, the Course Creator processes your personal data under the following legal bases in accordance with the GDPR:

• Contract performance: processing your name, email address, HPCSA registration number, and HPCSA registration category is necessary to deliver the enrolled service and to issue CPD completion certificates;
• Legal obligation: retention of CPD attendance records for a minimum of three years is required under HPCSA CPD Provider Guidelines;
• Legitimate interests: processing course completion data to improve programme quality and to comply with HPCSA CPD provider obligations; and
• Consent: by registering on this platform, you agree to receive marketing and programme-related communications from the Course Creator. You may withdraw this consent at any time by unsubscribing from communications or contacting the Course Creator at [email protected].

9. USE OF YOUR PERSONAL DATA

The Course Creator may use your personal data to fulfil obligations to you under the Terms of Service and this Policy.

The Course Creator may send you administrative messages and email updates about your account, course progress, and CPD certificates. By registering on this platform, you agree to receive marketing communications including information about new programmes, related services, and updates. You may unsubscribe from marketing communications at any time by using the unsubscribe link in any email or by contacting the Course Creator at [email protected].

Your personal data is not shared with advertisers. Any aggregate statistics about the user population shared with third parties will be fully anonymised.

10. DISCLOSURE OF YOUR PERSONAL DATA

10.1 Service providers

The Course Creator may share your personal data with third-party service providers who assist with course delivery, payment processing, and email communications. These providers are contractually bound to use your data only for the purposes for which it was shared and not for their own benefit.

10.2 Legal and regulatory disclosure

The Course Creator may disclose your personal data as required by applicable law or regulation, including:

• in response to a court order or subpoena;
• to comply with any applicable law;
• to protect the safety of any individual or the general public; or
• to prevent a violation of applicable terms or laws.

10.3 No selling of personal data

The Course Creator will not sell your personal data to any third party under any circumstances.

11. INTERNATIONAL DATA TRANSFERS

Your personal data is processed via the Thinkific platform, which is based in Canada, and may be processed by other third-party service providers located in the United States or other countries outside the EU/EEA and South Africa.

Where personal data is transferred outside the EU/EEA, the Course Creator takes steps to ensure that appropriate safeguards are in place in accordance with GDPR requirements, including reliance on the European Commission’s adequacy decisions or Standard Contractual Clauses where applicable.

For South African users, your data may be transferred to a foreign country whose data protection laws may differ from those of South Africa. By using this platform, you consent to this transfer, subject to the safeguards described above.

12. SECURITY

The Course Creator takes the security of personal data seriously and endeavours to comply with applicable data protection laws. The Thinkific platform uses industry-standard SSL/TLS encryption for data in transit, and payment information is encrypted and processed in compliance with PCI-DSS standards.

Access to personal data is restricted to those who require it to deliver the service. While industry best practices are followed, no method of transmission over the Internet or electronic storage is 100% secure.

In the event of a personal data breach that poses a risk to your rights and freedoms, the relevant supervisory authority will be notified within 72 hours where feasible, as required by GDPR Article 33. Affected individuals will be notified without undue delay where required by law.

13. ACCURACY AND KEEPING DATA UP TO DATE

The Course Creator will endeavour to keep the personal data held as accurate, complete, and up to date as is necessary for the purposes described in this Policy. You may review or update any personal data held about you by accessing your account on the Thinkific platform directly.

You retain the right to rectify any personal data that is incorrect or inaccurate by updating it through your account settings.

14. RETENTION

The Course Creator will only retain your personal data for as long as is necessary to fulfil the purposes described in this Policy, unless retention is required or authorised by law, or you have consented to extended retention. Specifically:

• CPD attendance and completion records are retained for a minimum of three years, as required by HPCSA CPD Provider Guidelines;
• account information is retained for the duration of your active account and for a reasonable period thereafter; and
• payment and transaction records are retained as required by Finnish tax and accounting regulations.

During the period of retention, non-disclosure obligations will continue to apply and your personal data will not be shared or sold. Personal data may be retained in physical or electronic form.

15. YOUR DATA RIGHTS

Depending on your location, you have the following rights regarding your personal data:

15.1 Right of access

You may request a copy of the personal data held about you by the Course Creator.

15.2 Right to rectification

You may request correction of any inaccurate or incomplete personal data held about you.

15.3 Right to erasure (‘right to be forgotten’)

You may request deletion of your personal data. The Course Creator will remove your personal data unless retention is required or permitted by law, including:

• where legitimate grounds for processing can be demonstrated that override your request; or
• where data must be retained to establish, exercise, or defend legal claims (including the three-year HPCSA retention requirement).

15.4 Right to restriction of processing

You may request that the Course Creator restrict the use of your personal data in certain circumstances. When restricted, your data may still be stored but will not be actively processed. Requests will be responded to within 30 days.

15.5 Right to data portability

You may request that your personal data be provided in a structured, commonly used, machine-readable format (such as CSV or Excel), or transferred directly to another data controller where technically feasible.

15.6 Right to object

You may object to processing based on legitimate interests or for direct marketing purposes at any time. Such processing will cease unless compelling legitimate grounds can be demonstrated that override your interests.

15.7 Withdrawing consent

Where processing is based on your consent, you may withdraw consent at any time by contacting the Course Creator at [email protected]. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

15.8 Supervisory authority complaints

EU/EEA users have the right to lodge a complaint with their national data protection supervisory authority. In Finland, this is:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

Website: www.tietosuoja.fi

South African users also have rights under POPIA and may lodge a complaint with:

Information Regulator of South Africa

Website: www.inforegulator.org.za | Email: [email protected]

16. DATA BREACHES

In the event of a confirmed personal data breach that is likely to result in a high risk to your rights and freedoms, affected users will be notified without undue delay as required by applicable law. The relevant supervisory authority will be notified within 72 hours of the Course Creator becoming aware of a qualifying breach, as required by GDPR Article 33.

17. THIRD-PARTY WEBSITES AND LIMITATION

Course content may include links to external third-party websites, including open-access academic publishers. Once you leave this platform, this Privacy Policy no longer applies. The Course Creator is not responsible for, gives no warranties in respect of, and makes no representations regarding the privacy policies or practices of any linked third-party websites. You are encouraged to read the privacy statements of any third-party sites you visit.

18. AGE OF CONSENT

This platform is intended for adult professionals. By using this platform, you confirm that you are at least 18 years of age and have legal capacity to enter into legally binding agreements. This platform is not directed at minors.

19. QUESTIONS AND CONTACT INFORMATION

If you have any questions or concerns arising from this Privacy Policy, or if you wish to exercise any of your data rights (access, rectification, erasure, restriction, portability, or objection), please contact:

Liam Van Zyl (Course Creator)

Email: [email protected]

Location: Finland

For South African residents, complaints regarding the handling of personal information may also be directed to:

Information Regulator of South Africa

Website: www.inforegulator.org.za | Email: [email protected]

For EU/EEA residents, complaints may also be directed to:

Office of the Data Protection Ombudsman (Finland)

Website: www.tietosuoja.fi