Privacy Policy
Last updated: 4 June 2026
1. Who we are
BeSafety Ltd (“BeSafety”, “we”, “us”) is the data controller for the personal data described in this policy. We are a company registered in England and Wales.
- Company number: 07502284
- Registered address: 56 Delafield Road, London, SE7 7NP
- VAT number: 110270968
- Data protection contact: info@besafety.co.uk
2. The data we collect
Depending on how you use our services, we may collect:
- Account details — your name, email address, mobile number and date of birth, captured when you create an account or claim an existing record.
- Booking details — the courses and dates you book, and any course-specific information you provide.
- Billing address — captured during checkout for invoicing.
- Payment information — card payments are processed by Stripe. We do not see or store your full card details; we receive only a payment reference and confirmation of the outcome.
- IRATA candidate data — for rope-access courses, the information described in section 3.
3. IRATA Online (IOS) lookups
When you book an IRATA rope-access course as a returning candidate, we query the IRATA Online System (IOS) at irata-online.org using your surname together with your IRATA number and/or date of birth. This allows us to verify your current registration and pre-fill your course registration. The data we retrieve may include your IRATA number, current level, certificate expiry date, registration and original issue dates, and your assessment history.
This lookup is performed as a condition of booking a rope-access course — see our Terms & Conditions. If the lookup is unavailable you may enter your details manually for staff verification.
4. Communications
We will always send you essential transactional messages by email — for example booking confirmations, invoices and important changes to your course. These are necessary to deliver the service you have booked.
We send proactive status updates (such as reminders) by SMS, WhatsApp or RCS only if you have opted in to course updates. You can withdraw consent at any time by replying STOP or UNSUBSCRIBE to a message, or by updating your communication preferences, and we will stop sending you these messages. You may also tell us your preferred channel for these updates.
5. Payment and invoicing processors
We use Stripe to process card payments and Xero to issue and manage invoices. These providers process your data on our behalf under their own terms and applicable data protection law.
6. Our lawful bases
- Performance of a contract — to take and fulfil your booking, process payment, verify IRATA eligibility and send transactional messages.
- Consent — for proactive SMS/WhatsApp/RCS course updates, which you may withdraw at any time.
- Legitimate interests — to operate, secure and improve our services, where not overridden by your rights.
- Legal obligation — for example retaining financial records for tax purposes.
7. Retention
We keep your personal data only for as long as necessary for the purposes above, including to meet legal, accounting and accreditation requirements. Financial and training records are typically retained for the periods required by law and by IRATA.
8. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to certain processing;
- data portability; and
- withdraw consent at any time where we rely on it.
To exercise any of these rights, contact us at privacy@besafety.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
9. Cookies and sessions
We use essential cookies and session tokens to keep you signed in and to operate the site securely. These are necessary for the service to function and are not used for advertising.
10. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top of this page shows when it was last revised.