Skip to main content

Privacy Policy

We (THFI Education Limited (trading as The Health & Fitness Institute and/or THFI)) are committed to respecting and protecting the privacy of all those who use our website and services. The following policy explains the various ways in which we collect personal information and data about our users. It also outlines what this information is used for, the steps we take to keep it secure, and the situations in which we may disclose this information to others. 

From time to time, this policy may change so you may want to occasionally check this page to ensure you’re happy with any updates, and where we hold an email address for you we will notify you that changes have been made. Questions about this policy or other practices relating to privacy can be sent to 

Who are we? 

THFI is an education provider to the health and fitness sector. THFI is a Registered Trademark of THFI Education Limited

Our registered address is: THFI Education Limited, Acresfield, 8 - 10 Exchange Street, Manchester, England, M2 7HA. We can be contacted at our address or at 

How do we collect your information? 

We collect information about you when you use our website, when you make an enquiry about a course, sign up for our newsletters, enrol onto a course, book an exam, or use our Learner Management System to assist with your studies. 

As you interact with our website, we will automatically collect data such as you IP address, login data, and browser type and version. We collect this personal data by using cookies and other similar technologies. Please see further information regarding our use of cookies in our cookies policy.  

What type of information is collected? 

Depending on the specific elements of our website that you use, we will collect a range of personal information including: name, postal address, email address, date of birth, IP address and which specific pages you have accessed, for how long and when. We process such data in accordance with our legitimate interests to do so, namely to enable us to effectively run our website, offer services to you and engage in pre-contract dealings. 

If you are a student enrolling onto a course or booking an exam, further information may be required to provide you with the best possible service. This includes details of any disabilities, learning difficulties or additional educational needs you may have. Where we process your personal data as a student, this is done in accordance with our legitimate interests in providing the best service possible to you and efficiently conducting our operations. It is also processed as it is necessary for the performance of our contract with you. 

If you enrol on to a course or exam online, or purchase replacement learning materials from us, your card information will be collected. This information is not held by us as we use a third-party payment processor who securely capture and process one-off debit/credit card transactions. Our monthly payment plans also use recurring card payment. Again, this is processed as it is necessary for the performance of our contract with you and also is in our legitimate interests to collect payments for the services provided or to be provided. 

The information collected may include any sensitive or personal data, such as where you provide us with information regarding medical conditions, disabilities or additional educational needs as a student of ours. Where this special category data is processed we will seek your consent to process it. If you are also our employee, we acknowledge that you cannot give proper consent, and therefore process your special category data to carry out our obligations under employment law and/or for the performance of the employment contract. Whilst you may refuse to give consent, we do note that this may impact upon our ability to provide services to you with allowances made for any additional requirements or needs.  

Any information collected is strictly for internal use. Any requests to be excluded from future recordings must be made in writing to and this is on a per IP address, not a per user/device basis. 

How is your information used? 

We may use your personal information in the following ways: 

  • Process payments you have made 
  • Collect payments from you 
  • Notify you of important changes to our services and policies 
  • Send you information about products and services you may be interested in 
  • Carry out contractual obligations 
  • Enable access to specific website services 
  • Improve the products and services we provide, and to deliver a better website experience 

The periods in which we retain personal information are reviewed on a regular basis. 

There are certain types of information (for example invoicing and payments) that we are required to hold to fulfil our statutory obligations. Personal information is held securely on our systems for as long as it is necessary for the relevant activities. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

Your data may also be shared with selected partners if you choose to use any of our secondary services, like Careers Service, or any offers, discounts or free products or services provided by our partners. You will always be informed in advance of any data transfer and we require all third parties to respect the security of your personal data and to treat it in accordance with the law. 

We may transfer your personal data outside of the UK, for example where our data storage is based outside the UK, or if you engage with any of secondary services. Whenever your personal data is transferred out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or 
  2. Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. 

Who has access to your information? 

Under no circumstances do we sell any of your personal information to third parties. Your information is never shared with third parties for marketing purposes without your explicit prior consent.  Aside from our internal staff, your information may be disclosed to third-party product and service providers working on our behalf, for example, to process payments or delivering email newsletters. These service providers, subcontractors and other associated organisations only have access to the information necessary to deliver the service we have hired them to provide. 

Data processing agreements are in place to ensure all of our third-party providers and suppliers do their utmost to keep your information safe and secure, and do not use it for their own direct marketing purposes. 

When using our secure checkout process to book a course or exam, your payment details are processed by a third-party provider who specialise in securely capturing and processing this type of information. This information is encrypted and is not stored by us on any of our systems or networks.  If you have any specific questions about the payment process, please don’t hesitate to contact us at 

How do we keep your data secure? 

We take reasonable and appropriate measures to prevent the loss, theft, misuse or alteration of your personal information. These methods include regular backups of data, encryption of data and secure password protection policies on any and all systems handling your personal information. Whenever we transfer your data between systems or for the purpose of a backup, we always use secure file transfer protocols (SFTP). 

In cases where you have been provided with a password and login details, for example, to access our Learner Management System, you are solely responsible for keeping this password confidential. We greatly encourage you not to share this information with anyone else, including our own staff. 

How can I update my information? What are my rights? 

In order to provide you with the best possible levels of service, it’s important your information is kept accurate and up to date. If any of the information we hold about you changes at any time, please email us on as soon as possible so it can be updated. 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Such rights include the right to request access to, correction or erasure of, object to the processing of, restrict processing of, transfer of, your personal data or to withdraw consent. Further detail on your rights can be found here. You can contact us to exercise any of your rights at 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

You have the right to make a complaint at any time to the ICO, the UK regulator for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.  

What are cookies and how do you use them? 

Cookies are small pieces of information sent from our website and stored in your web browser while you are using our website. These cookies are used in a variety of ways, including for analytics purposes and saving your login information. We monitor how people use our website, which pages they visit and how long they spend on these pages. This information is then used to improve the features and functionalities of our website, ensuring a continually improved experience for everyone. The browsing information collected by our analytics cookies is anonymous, so we do not collect any personal information. 

It is possible to delete cookies and disable them from being stored in your browser. This can be done in your browser’s settings/preferences; however, this may result in reduced functionality while using our website. 

Occasionally, we may link to other websites we feel may be of use and interest to you. Please note that this policy only covers our website and once you have clicked on a link we have no control of your experience. We do not accept any responsibility for the privacy and cookie practices of third party websites. We encourage you to use caution when clicking on an external link. 

Research data 

We do occasionally introduce products and services on our website for the purpose of research and data collection. These can include, but are not limited to, questionnaires, quizzes, mock exams, calculators and other web-based applications designed to provide users with a free online resource. 

The main purpose of conducting this research is to enable us to produce better and more useful products or resources in the future, or so that we can publish our findings of our research to industry or academia, as appropriate. 

Therefore, data collected from these web-based applications may be used to form part of a wider research project, the findings of which may be presented in an industry publication, at a conference or in a separate report. 

Raw data collected for research purposes: 

  • is always collected and stored in an anonymised format - none of our data would identify a participant
  • never requires participants to supply contact details to access the product/service
  • is encrypted and stored securely in accordance with THFI’s strict data security procedures
  • is only accessed and used by those THFI employees who need access to it to perform their duties

Published data will typically only include data samples that have been statistically analysed (e.g. mean, standard deviation, ranges etc) and will not include raw data. In any event, as above, the raw data is stored in an anonymised format and therefore does not identify you. 

If you do wish to know more about how our research data is used, please contact us at and a member of the team will connect you with the appropriate member of the THFI team. 

Policy Review 

This policy is subject to regular review and was last updated in March 2023