Privacy Policy for

Who We Are

The Health and Safety Authority (HSA) has overall responsibility for the administration and enforcement of health and safety at work in Ireland. We are also the national centre for information and advice to employers, employees and self-employed on all aspects of workplace health and safety and the use of chemicals. The HSA also promotes education, training and research in the field of health and safety.

The Health and Safety Authority uses this e-learning site to collect data on courses, learner activity, geographical and business locations, requests for technical support, and to periodically survey visitors to the site. The site also hosts a Digital Badges platform that is linked to our Choose Safety programme – see details below.

The security of your data is a priority for the Health and Safety Authority and we are committed to respecting your privacy rights. We will handle your data fairly and legally at all times. We will also be transparent about what data we collect about you and how we use it. You can see our overall privacy policy on our main website That deals with all of our potential interactions with you. We are registered with the Data Protection Commissioner and our in-house Data Protection Officer can be contacted at

This policy applies specifically to the Authority’s eLearning portal and provides you with information about:

  • what personal data we collect
  • how we use your data
  • who we share your data with
  • how long we hold onto your data for
  • how we ensure your privacy is maintained, and
  • your legal rights relating to your personal

This Privacy Policy also applies to our Digital Badges platform hosted on

The Health and Safety Authority (HSA) issue digital badges to students in post-primary schools, or Further Education institutions in the Republic of Ireland that participate in the HSA Choose Safety Programme. Badges are issued from

Workplace Safety, Health and Welfare Induction MOOC

The Health and Safety Authority and the Atlantic Technological University (ATU) Sligo have jointly developed a ‘Workplace Safety, Health and Welfare Induction’ course or MOOC that is hosted on the ATU Sligo Moodle Platform for free courses

The Induction course is also directly accessible via an LTI link from to the ATU platform. You are not required to register again on the ATU platform when you login and access the course from On completion, your certificate(s) will be available to you on the homepage of the course – the ATU course homepage. Your certificate(s) will also be transferred back to your ‘My Certificates’ account on for accessing in the future. Digital Badges are also available on completion of the course. Details about the Badges are available on the ATU platform.

This Privacy Policy applies to all learners that access the Induction course via and to their account on ATU Sligo’s Privacy Policy applies to all learners on their Moodle platform, including those who have accessed the Induction course via Acceptance of the Privacy Policy is required before you can proceed to take the course.

What personal data do we collect?

A once-off registration is required on in order to access any of the online courses. When you create an account, you will see a number of mandatory fields for completion and some optional ones. We collect the following data when you enrol on a course: your name, your county, the country you are in and your email address. When you complete a course, we retain your scores and certificates of completion.

Enovation Ltd. administrators and nominated staff from the Authority’s Enterprise and Employee Support Unit have access to your personal data in line with the service you signed up to be provided with. Access to your account is based on a user name and password, which are retained by you and the password can be changed at any time by you. It is important that you protect this information. If your password has been compromised for any reason you should change it immediately and contact if you require any assistance with this.

Group Manager

A Group Manager facility is available on for registering a group of individuals to take a course or courses on To create a group the Group Manager will be required to log the email addresses of each participant. Group Managers must ensure they have obtained prior consent from each participant to log their emails.

When creating a group to access the Workplace Safety, Health and Welfare Induction (MOOC) you will be required to enter group details on the ATU Sligo platform as the Induction course is hosted there. Group Managers must ensure they obtain prior consent from participants to log their email addresses using the Group Manager facility.

Digital Badges

When a teacher registers to award digital badges at, we collect the following data: school name, school address, teacher’s name, teacher/school’s email address, teacher’s contact number, the estimated number of students doing the Choose Safety programme, and whether a teacher is currently delivering the programme to his/her students or intends to.

Once registered, teachers can award digital badges to their students for completing modules of the Choose Safety programme. In order to do this student email addresses are required to be logged.

From time to time teachers may request assistance from staff of the Authority’s Enterprise and Employee Support Unit who can log the email addresses on their behalf. To submit a request contact

Teachers must ensure that consent has been obtained before any student email addresses are logged on the Digital Badges platform or sent to the Authority’s Enterprise and Employee Support Unit to be logged on their behalf.

Children and Young People

The vast majority of the courses on are intended for adult learners. The primary school courses/resources are intended for teachers to deliver in a classroom setting. The post-primary course ‘Get Safe - Work Safe: Health and Safety in the Workplace for Students Starting Work’ is suitable for delivery by teachers and Further Education institutions in a classroom setting. From time to time teachers or tutors may register a group of students to take a course using the ‘Group Manager’ facility. Teachers/tutors must ensure they have obtained consent to register their students, as it will be necessary to log their email addresses when using the facility. This will enable students to take the course in their own time under their teacher’s/tutor’s supervision.

When using the Digital Badges platform it will also be necessary to log the email addresses of students. Teachers/tutors must ensure that they have obtained consent to log this information in advance.

We will take action to delete any data that comes to our attention, which may have been logged without consent. A request to remove information that may have been collected can also be made by emailing

What personal data does this website collect using cookies?

Our learning management system (LMS) is a secure Moodle based system available at This site uses two types of cookies:

  1. MoodleSession: This is an essential cookie, which, after login, maintains your login information—username and password—as you navigate through We use the session cookie to track your progress through the site, allowing us to maintain the security and integrity of the data being used. If you have chosen to disable session cookies on your browser, you will not be able to access the courses. This cookie is destroyed upon logout.
  1. MoodleID: This cookie is for the purpose of convenience only. It remembers your username within the browser. It is safe to refuse this cookie, which can be done by allowing the Remember username checkbox to remain unchecked in the Login box at the homepage.

This information also applies to our Digital Badges platform hosted on

Our Cookies Policy can be viewed on the homepage.

General Browsing:

For general web browsing no personal information is revealed to us, although certain statistical information is available to us via our internet service provider. This information may include:

  • The logical address of the server you are using
  • The top level domain name from which you access the Internet (for example .ie, .com, .org)
  • The type of browser you are using
  • The date and time you access our site
  • The Internet address used to link to our site

Some of the above information is used to create summary statistics that allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally, help us to make our site more user friendly.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

How we use your data

All of the personal data we collect from you on this site is collected and retained in order to facilitate setting up your eLearning account, track your course progress, and retain your results and any certificates awarded in order to give you a complete and up to date record of your learning. Learners have access to all courses taken and certificates under their User Profile. A user name and password is required in order to set up your account. This allows you to create and secure your account login details. Your data is not used to contact you between taking courses unless you specifically opt in to receive further information from the Authority in relation to new courses or HSA activities.

Personal data collected on the Digital Badges platform is collected and retained to facilitate setting up your Digital Badges registration account and to retain results of awards. Your username and password will allow you to continue to award badges to your students.

Whom we share your data with

Your data is processed by Enovation Ltd., who are contracted by the Authority to set up and maintain the Authority’s elearning platform. A Data Processing Agreement is in place between the Authority and Enovation Ltd. Your data is processed as directed by the Authority in line with our commitment to you regarding your privacy. Enovation will also handle technical support queries in line with our Data Processing Agreement. If you wish to see the relevant section of the agreement please email your request to

As outlined under the heading ‘Workplace Safety, Health and Welfare Induction MOOC’ above some data is shared with ATU Sligo when you take the Induction course. This is because the course is hosted on the ATU Moodle Platform and your data is required for the purposes of taking the course and obtaining a certificate/s and digital badge/s. When you access the Induction course from you are re-directed to the ATU platform using your registration details.

Technical Support

Technical support for all of the online courses is available by emailing your query to General non-technical queries relating to the online courses should be emailed to

Support for Digital Badges is available by emailing your query to

Your name, email address, organisation, and contact telephone/mobile number is logged in order for us to respond to your query.

How long we hold your data for

The Authority will only retain data collected on this site for as long as necessary to fulfil the legal and business functions for which it was collected in the first instance.

Therefore, we will retain your data as long as you wish to retain an account with and a record of your learning. If you wish to close your account and delete your data, please send an email outlining your requirements to

How we ensure your privacy is maintained

We will take all steps we deem to be reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.

While we take these steps to maintain the security of your data, you should be aware of the many data security risks that exist and take appropriate care to help safeguard your information. The nature of the internet is such that we cannot guarantee the security of the information you transmit to us electronically, and any transmission is at your own risk. We store information you provide to us on secure servers and deploy appropriate technical and organisational security measures in the storage and disclosure of your personal data to try to prevent unauthorised access or loss. is hosted in a secure environment. The Technical and Physical security measures used to ensure your privacy is maintained are:

Technical security measures

Access control and authentication:

  • An access control system applicable to all users accessing the IT system is implemented. The system allows creating, approving, reviewing and deleting user accounts.
  • The use of common user accounts is In cases where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
  • When granting access or assigning user roles, the “need-to-know principle” shall be observed in order to limit the number of users having access to personal data only to those who require it for achieving the Processor’s processing purposes.
  • Where authentication mechanisms are based on passwords, Processor requires the password to be at least eight characters long and conform to very strong password control parameters including length, character complexity, and non-repeatability.
  • The authentication credentials (such as user ID and password) shall never be transmitted unprotected over the network.

Logging and monitoring:

Log files are activated for each system/application used for the processing of personal data. They include all types of access to data (view, modification, deletion).

Security of data at rest

Server/Database security:

  • Database and applications servers are configured to run using a separate account, with minimum OS privileges to function correctly.
  • Database and applications servers only process the personal data that are actually needed to process in order to achieve its processing purposes.

Workstation security:

  • Users are not allowed to deactivate or bypass security
  • Antivirus software and detection signatures are updated
  • Users do not have the rights to install unauthorized software
  • The system has session timeouts when the user has not been active for a certain time
  • Critical security updates released by the operating system provider are installed

Network/Communication Security:

  • Whenever access is performed through the Internet, communication is encrypted using cryptographic protocols.
  • Traffic to and from the IT system is monitored and controlled through Firewalls and/or Intrusion Detection Systems.


  • Backup and data restore procedures are defined, documented and clearly linked to roles and
  • Backups are given an appropriate level of physical and environmental protection consistent with the standards applied on the originating data.
  • Execution of backups is monitored to ensure

Mobile/Portable Devices:

  • Mobile and portable device management procedures are defined and documented establishing clear rules for their proper use.
  • Mobile devices that are allowed to access the information system are pre-registered and pre-authorised.

Application lifecycle security:

During the development lifecycle, best practice, state of the art and well-acknowledged secure development practices or standards are followed.

Data Deletion / Disposal:

Software-based overwriting will be performed on media prior to their disposal or physical destruction will be performed.

Shredding of paper and portable media used to store personal data is carried out.

Physical security:

The physical perimeter of the IT system infrastructure is not accessible by non-authorised personnel. Appropriate technical measures and organisational measures are set in place to protect security areas and their access points against entry by unauthorised persons.

Your legal rights relating to your data

You have the following rights in relation to data collected on this site:

  • the right to ask what personal data that we hold about you at any time
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge, and
  • the right to have any personal data about you

If you wish to exercise any of the above rights, please email your request to our data protection officer at

Modifications to this Privacy Policy

We will review this Privacy policy on an ongoing basis and will update it when necessary.