Privacy Notice and Cookies Policy

  1. For the purposes of accessing (hereinafter the ‘Site’), this Privacy Notice and Cookies Policy tells you how we process your Personal Data in accordance with the European Union (EU) General Data Protection Regulation (GDPR). Personal Data is any information processed under this activity that identifies, or that, together or in connection with other information, can be uniquely linked to an individual. Any operation performed on Personal Data, including collection, structuring, storage, adaptation, consultation, disclosure, dissemination or otherwise making available, or erasure is processed.
  2. What data do we process and why? You acknowledge that Blood Academy/Digipath Academy Limited, registered in the United Kingdom (UK), under company number 12473976 with an address at 16 Scotney Way, Cardiff, CF23 8PJ, UK, and telephone number 004477888288466. The controller, or we, us or our, may collect, use, store and disclose your Personal Data (Your Data) for the purposes (Permitted Purposes) and on the basis set out in the table below.

  Your Data

  Permitted Purposes

 Legal Basis under GDPR

Name, title, place of work and associated address, an email address; Site login and password details  (if any)

To enable you to participate in the online course

The legal basis for processing  Your Data for all the Permitted  Purposes recorded is that it is  necessary for the purposes of our and your legitimate  interests

Name, title, place of work and associated address,  email address and contact number(s)

To contact you and manage any reports of adverse events and product quality complaints that may be reported by you

If reporting is required, we  may process your data to  comply with our legal obligations

Recordings of you

To ensure course material is available for subsequent review and to ensure the optimal experience when completing the course


Records of course attendance, other course related records

To facilitate the awarding of continuous professional development (CPD)  points and certification of attendance


Your opinions on the course (materials, organisation, etc.)

To allow for the course to be modified and optimised, should the course be repeated in the future


Data (including your device’s IP address) collected from the use of essential cookies on the Site employed to deliver the course material

To enable the website to operate correctly – please read the Cookie  Notice found below on this page

  1. Legitimate interests. We rely upon the legal basis of “legitimate interests” under the GDPR to process your personal data as described above. We have conducted a separate legitimate interests assessment to make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We will review this assessment on a regular basis and update it where necessary. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  2. Data sources. We obtain Your Data from you directly based on the information you provide to us or through a third party acting on your behalf. In addition, Your Data is captured based on the information you provide during the course registration process to Blood Academy/Digipath Academy Limited. and information generated as a result of your participation in the course and afterwards. Please see section 11 below which outlines the Site’s Cookies employed to deliver the course.
  3. How we share Your Data. Elements of Your Data may be seen by various functions in our company, 3rd parties such as regulators, RCPath, auditors, web hosting providers and Roche Products (Ireland) Limited who support the hosting of this course.

Your Data may be located in countries that do not provide the same level of protection for Your Data as Ireland.  However, we will still ensure that Your Data is processed only for Permitted Purposes and in accordance with our policies and data protection laws that apply to Your Data. Where appropriate, we may rely on European Commission adequacy decisions about certain countries, as applicable. Safeguard measures for transfers of Your Data outside the EEA, which we may rely on from time to time include having standard clauses approved by the European Commission in our contracts, using Binding Corporate Rules, approved Codes of Conduct, Certifications or, in exceptional circumstances, permissible statutory derogations using other acceptable data transfer mechanisms. You can learn more about the safeguards we use to transfer Your Data from our Data Protection Co-Ordinator.

  1. How long we keep Your Data. Your Data will be processed and stored by us (or on our behalf) for as long as is necessary to fulfil the purposes of this activity or to comply with legal obligations or requirements of any applicable code of practice.
  2. Security of Your Data. We have put in place measures to protect the security of Your Data. Details of these measures are available from our Data Protection Co-Ordinator.
  3. Automated decision-making. Our processing of Your Data will not involve automated decision-making.
  4. Requirement to provide personal data to us. You are not contractually or legally obliged to provide personal data to us.
  5. Your Rights. You have the right to know about, access and receive a copy, rectify, request deletion or restrict the processing of Your Data to the extent permitted by applicable laws. If data processing is based on consent, kindly note that you have the right to withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal. You can exercise these rights and ask questions about the processing of Your Data by contacting our Data Protection Co-Ordinator. You also have the right to make a complaint to the competent supervisory authority about the processing of Your Data, which in Ireland is the Data Protection Commission.
  6. Cookies policy. Cookies are small text files that our websites and applications may put on your computer or mobile device when you visit our websites. Cookies are used by websites and applications to help remember small amounts of information and give you a better experience using the website or application. An example is when a cookie remembers your device, so you don’t have to log in again. Certain cookies contain a limited amount of personal information. For example, if you click “remember me” when logging in, a cookie will store your username. Most cookies will not collect information that identifies you and will instead collect more general information to help us analyse how well our Site is performing. This information helps us develop the Site to improve the functionality and your overall experience in the future. Essential cookies. These are functions of websites that are only possible if the information is stored persistently between each page you look at. For example, if you log in to the Site as a registered user, we use a cookie to remember that you are logged in, so you do not have to enter your details on each page you visit. Non-essential cookies that analyse your behaviour (‘analytical’ cookies) or cookies used to display advertisements to you (‘advertising’ cookies) are not used on the Site. The Site employs Plausible, a third-party tracking software that allows the collection of anonymised data on website traffic including page visits and session duration. How to remove or block cookies. Your internet browser has tools that allow you to remove or block cookies. More information can be found here: or What will happen if I block cookies? Depending on which cookies you block, the Website may stop working, or certain features may stop working correctly. If the cookies marked below as ‘technically necessary’ are blocked, your access to the Site may be compromised.
  1. Data Protection Co-ordinator. You can contact our Data Protection Co-Ordinator Dr Ali Mahdi by email at Please note that Blood Academy are acting as data processors on behalf of Roche Products (Ireland) Ltd.