Privacy Statement

The Courageous Compass privacy notice and consent is a legally sound document that clearly outlines how participants' personal health data is used for training sessions.

By obtaining consent and detailing the handling of sensitive health information, it helps build trust and minimize legal risks for the organization. 

Analysis of the privacy notice and consent

Here is a breakdown of the key components of the notice provided:

Core privacy notice elements

  • Purpose of data processing: Explicitly states that personal data is collected "only to assess if the data subject can participate in the training sessions and adopt measures if any health issue arises". This fulfills a key legal requirement to inform individuals why their data is being collected.

  • Voluntary and informed consent: By including "I declare that this information is accurate and complete" and other explicit agreements, the form ensures that the individual's consent is freely given and that they understand what they are agreeing to.

  • Transparency in data handling: The notice explains what the trainers' role is in a medical emergency, clarifying the limits of their responsibility. This transparency is a fundamental principle of data protection.

  • Right to withdraw: Although not explicitly stated, the agreement to "communicate any health problems that may arise" implies an ongoing dialogue and the ability to update one's health status with the trainers. However, most comprehensive privacy notices, particularly under GDPR, should explicitly mention the right to withdraw consent for specific purposes.

  • Data integrity: The declaration that the information is "accurate and complete" places an obligation on the data subject to provide correct information, which is a good practice for data accuracy. 

Authorization for emergency treatment

The section "I authorize the staff of Courageous Compass to seek emergency medical diagnosis or treatment if I am unconscious or unable to make my own decisions" is a critical part of a medical consent form. It grants permission for a specific action in case of an emergency, protecting both the participant and the organization. 

First aid and emergency procedures

The final sentence clarifies the scope of responsibility: "the role of the trainers will be limited to emergency first aid and emergency contact and/or transportation to the nearest medical unit." This sets clear boundaries and manages the participant's expectations regarding the level of medical care the trainers will provide. 

Areas for potential enhancement

For maximum clarity and compliance with evolving data protection regulations like the General Data Protection Regulation (GDPR), Courageous Compass could consider adding the following: 

  • Contact details: Include the company's full name, address, and contact information, as well as a designated privacy officer or point of contact.

  • Data retention period: Specify for how long the health data will be kept and when it will be securely deleted.

  • Data storage and protection: Briefly explain the security measures in place to protect the sensitive health information from unauthorized access.

  • Data subject rights: Clearly inform participants of their rights, such as the right to access, correct, or erase their personal data.

  • Third-party sharing: Explicitly state if any third parties, such as medical transport companies, will have access to the data in an emergency. The notice alludes to this but could be more explicit.

  • "Do not sell" provision: As a best practice, expressly state that the organization will not sell or share health data with other third parties for marketing purposes. 

September 16, 2025