Privacy Policy

Last updated: 5 April 2026

G Holland Limited ("we", "us", "our"), trading as EduSafe, is committed to protecting your privacy and personal data. This Privacy Policy explains how the EduSafe platform and mobile applications ("EduSafe", "the App", "the Service") collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR), Data Protection Act 2018, and applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

G Holland Limited
Trading as EduSafe
Republic of Ireland
Email: privacy@edusafe.ie
Website: https://edusafe.ie

2. Information We Collect

We collect and process the following categories of personal data:

2.1 Account Information

  • Full name
  • Email address
  • Username and password (encrypted)
  • Profile picture (if provided by you)
  • Company/organisation affiliation
  • Job title or role

2.2 Educational and Compliance Data

  • Course enrolment and completion records
  • Assessment submissions and grades
  • Compliance training progress and certificates
  • Audit and inspection records
  • Risk assessment submissions
  • Hazard reports
  • Contractor management documents

2.3 Device and Technical Information

  • Device type, model, and operating system version
  • Push notification token (for delivering notifications)
  • App version
  • IP address (for security and access logging)
  • Browser type and version (when accessing via web)

2.4 Media and Files

  • Photographs taken or uploaded within the App (e.g., audit evidence, hazard reports, profile pictures)
  • Audio recordings (e.g., voice submissions for assessments)
  • Documents uploaded as part of compliance workflows

2.5 Usage Data

  • Course progress and interaction data
  • Login timestamps and session duration
  • Feature usage patterns (aggregated, non-identifying)

3. How We Use Your Information

We process your personal data for the following purposes:

Purpose Legal Basis (GDPR)
Providing and managing your account Contract performance (Art. 6(1)(b))
Delivering courses, training, and compliance content Contract performance (Art. 6(1)(b))
Processing audit and inspection submissions Legitimate interest (Art. 6(1)(f))
Sending push notifications about course updates, deadlines, and approvals Consent (Art. 6(1)(a))
Generating compliance reports for your organisation Legitimate interest (Art. 6(1)(f))
Ensuring platform security and preventing fraud Legitimate interest (Art. 6(1)(f))
Responding to your support requests Contract performance (Art. 6(1)(b))
Complying with legal and regulatory obligations Legal obligation (Art. 6(1)(c))

4. Camera, Microphone, and Photo Library Access

The EduSafe mobile application requests access to the following device features:

  • Camera: Used to capture photographs for audit evidence, hazard reports, risk assessment documentation, and profile pictures. Photos are uploaded to your organisation's EduSafe platform and are not shared with third parties.
  • Microphone: Used to record audio for assessment submissions where voice input is required. Recordings are stored on your organisation's EduSafe platform.
  • Photo Library: Used to select existing images for audit evidence, profile pictures, and compliance documentation. Selected images are uploaded to your organisation's EduSafe platform.

These permissions are requested only when needed, and you can revoke them at any time through your device settings. The App does not access your camera, microphone, or photo library in the background.

5. Push Notifications

We use push notifications to inform you about:

  • Course deadlines and enrolment updates
  • Audit and inspection assignments
  • Document approval requests and status changes
  • Compliance training reminders
  • System announcements

Push notifications are delivered through Apple Push Notification Service (APNs) for iOS and Google Firebase Cloud Messaging (FCM) for Android, via Moodle's Airnotifier service. Your device token is stored solely for notification delivery purposes and is not used for advertising or tracking.

You can disable push notifications at any time through your device settings.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. Your data may be shared only in the following circumstances:

  • Your Organisation: Your employer or organisation that has deployed EduSafe has access to your compliance and training records as part of their regulatory obligations.
  • Hosting Providers: Our platform is hosted on secure cloud infrastructure (Amazon Web Services, EU region). These providers process data on our behalf under strict data processing agreements.
  • Legal Requirements: We may disclose data when required by law, court order, or to protect the safety and security of our users and platform.

We do not use any third-party advertising networks, analytics tracking services, or data brokers.

7. Data Storage and Security

We implement robust security measures to protect your personal data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption.
  • Access Controls: Access to personal data is restricted to authorised personnel on a need-to-know basis, protected by multi-factor authentication.
  • Regular Audits: We conduct regular security assessments and vulnerability testing.
  • Data Centre Location: All data is processed and stored within the European Economic Area (EEA).

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account Data: Retained for the duration of your account and deleted within 30 days of account deletion request.
  • Compliance Records: Retained for the period required by your organisation's regulatory obligations (typically 3-7 years, depending on jurisdiction and industry).
  • Technical Logs: Retained for up to 12 months for security and troubleshooting purposes.
  • Backup Data: Removed from backups within 90 days of deletion from primary systems.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the General Data Protection Regulation:

  • Right of Access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): You may request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction (Art. 18): You may request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format.
  • Right to Object (Art. 21): You may object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@edusafe.ie. We will respond to your request within 30 days.

10. Children's Privacy

EduSafe is designed for use by adults in professional and organisational settings. We do not knowingly collect personal data from children under the age of 16. If you believe a child under 16 has provided us with personal data, please contact us immediately at privacy@edusafe.ie and we will take steps to delete such information.

11. International Data Transfers

All personal data is processed and stored within the European Economic Area (EEA). In the event that data needs to be transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding corporate rules where applicable

12. Cookies and Tracking

The EduSafe mobile application does not use cookies for tracking or advertising purposes. The web platform uses essential cookies only for:

  • Session management (keeping you logged in)
  • Security tokens (CSRF protection)
  • User preferences (language, display settings)

We do not use any third-party tracking cookies, advertising cookies, or cross-site tracking technologies in our mobile applications.

13. Account Deletion

You may request complete deletion of your account and all associated personal data by:

  • Using the "Request Account Deletion" feature within the App (Settings > User Account > Request Account Deletion)
  • Emailing privacy@edusafe.ie with the subject line "Account Deletion Request"
  • Contacting your organisation's EduSafe administrator

Upon receiving your request, we will delete your personal data within 30 days, except where retention is required by law or your organisation's regulatory obligations.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page with a revised "Last updated" date
  • Sending a notification through the App for significant changes

We encourage you to review this Privacy Policy periodically.

15. Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. For users in Ireland, the relevant authority is:

Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
Phone: +353 (0)1 765 0100

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

G Holland Limited
Email: privacy@edusafe.ie
General enquiries: dev@hollandgroup.ie
Website: https://edusafe.ie