HSA Learning

The Health and Safety Authority uses its e-learning site https://hsalearning.ie/ to collect data on courses, learner activity, geographical and business locations, requests for technical support, and to periodically survey visitors to the site. The site also hosts a Digital Badges platform https://badges.hsalearning.ie that is linked to our Choose Safety programme – see details below.

The security of your data is a priority for the Health and Safety Authority and we are committed to respecting your privacy rights. We will handle your data fairly and legally at all times. We will also be transparent about what data we collect about you and how we use it. You can see our overall privacy policy on our main website www.hsa.ie. That deals with all of our potential interactions with you. We are registered with the data protection commissioner and our in-house Data Protection Officer can be contacted at dpo@hsa.ie.

This policy applies specifically to the Authority’s elearning portal https://hsalearning.ie and provides you with information about:

  • what personal data we collect
  • how we use your data
  • who we share your data with
  • how long we hold onto your data for
  • how we ensure your privacy is maintained, and
  • your legal rights relating to your personal data.


This Privacy Policy also applies to our Digital Badges platform https://badges.hsalearning.ie hosted on https://hsalearning.ie

The Health and Safety Authority (HSA) issue digital badges to students in post-primary schools, or Further Education institutions in the Republic of Ireland that participate in the HSA Choose Safety Programme. Badges are issued from https://badges.hsalearning.ie

What personal data we collect from you on this site

When you enrol on a course at hsalearning.ie, we collect the following data: your name, your county, the country you are in and your email address. When you complete a course, we retain your scores and certificates of completion.

Enovation Ltd. administrators and nominated staff from the Authority’s Education Unit have access to your personal data in line with the service you signed up to be provided with. Access to your account is based on a user name and password which are retained by you and the password can be changed at any time by you. It is important that you protect this information. If your password has been compromised for any reason you should change it immediately and contact hsasupport@enovation.ie if you require any assistance with this.

Digital Badges

When a teacher registers to award digital badges at http://badges.hsalearning.ie, we collect the following data: school name, school address, teacher’s name, teacher/school’s email address, teacher’s contact number, the estimated number of students doing the Choose Safety programme, and whether a teacher is currently delivering the programme to his/her students or intends to.

Once registered, teachers can award digital badges to their students for completing modules of the Choose Safety programme. In order to do this student email addresses are required to be logged.

From time to time teachers may request assistance from staff of the Authority’s Education Unit who can log the email addresses on their behalf. To submit a request contact educationunit@hsa.ie

Teachers must ensure that consent has been obtained before any student email addresses are logged on the Digital Badges platform or sent to the Authority’s Education Unit to be logged on their behalf.

Children and Young People

The vast majority of the courses on https://hsalearning.ie are intended for adult learners. The primary school courses are intended for teachers to deliver in a classroom setting. The post-primary course ‘Get Safe Work Safe’ is suitable for delivery by teachers/further education institutions in a classroom setting. From time to time teachers/further education institutions may register a group to take the ‘Get Safe Work Safe’ course. Where this occurs the teacher/tutor must ensure they have obtained consent to register their students. When using the ‘Group Manager’ facility the only personal information that teachers/tutors will log are email addresses. This enables students to take the course in their own time under their teacher’s/tutor’s supervision.

When using the Digital Badges platform https://badges.hsalearning.ie the only personal information that teachers will log in relation to their students are their email addresses. Teachers must ensure that they have obtained consent to log this information.

We will take action to delete any data that comes to our attention, which may have been logged without consent. A request to remove information that may have been collected can also be made by emailing elearning@hsa.ie

What personal data does this website collect using cookies?

Cookie policy

Our learning management system (LMS) is a secure Moodle based system available at https://hsalearning.ie. This site uses two types of cookies:

1. MoodleSession: This is an essential cookie, which, after login, maintains your login information—username and password—as you navigate through https://hsalearning.ie. We use the session cookie to track your progress through the site, allowing us to maintain the security and integrity of the data being used. If you have chosen to disable session cookies on your browser you will not be able to access the courses. This cookie is destroyed upon logout.

2. MoodleID: This cookie is for the purpose of convenience only. It remembers your username within the browser. It is safe to refuse this cookie, which can be done by allowing the Remember username checkbox to remain unchecked in the Login box at the https://hsalearning.ie homepage.

This information also applies to our Digital Badges platform https://badges.hsalearning.ie hosted on https://hsalearning.ie

General Browsing

For general web browsing no personal information is revealed to us, although certain statistical information is available to us via our internet service provider. This information may include:

  • The logical address of the server you are using
  • The top level domain name from which you access the Internet (for example, .i.e., com, .org etc.)
  • The type of browser you are using
  • The date and time you access our site
  • The Internet address used to link to our site

Some of the above information is used to create summary statistics that allow us to assess the number of visitors to our site, identify what pages are accessed most frequently and generally, help us to make our site more user friendly

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

Third-party Cookies

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. This to ensure that the service is available when you want it and fast.

For further details on the cookies set by Google Analytics, please refer to the Google Code website.

How we use your data

All of the personal data we collect from you on this site is collected and retained in order to facilitate setting up your elearning account, track your course progress, and retain your results and any certificates awarded in order to give you a complete and up to date record of your learning. Learners have access to all courses taken and certificates under their User Profile. A user name and password is required in order to set up your account. This allows you to create and secure your account login details. Your data is not used to contact you between taking courses unless you specifically opt in to receive further information from the Authority in relation to new courses or HSA activities.

Personal data collected on the Digital Badges platform is collected and retained to facilitate setting up your Digital Badges registration account and to retain results of awards. Your username and password will allow you to continue to award badges to your students.

Who we share your data with

Your data is processed by Enovation Ltd., who are contracted by the Authority to set up and maintain the Authority’s elearning platform. A data processing agreement is in place between the Authority and Enovation Ltd. Your data is processed as directed by the Authority in line with our commitment to you regarding your privacy. Technical support queries will also be handled by Enovation in line with our data processing agreement. If you wish to see the relevant section of the agreement please email your request to elearning@hsa.ie.

Technical Support

Technical support for all of the online courses is available by emailing your query to hsasupport@enovation.ie General non-technical queries relating to the online courses should be emailed to elearning@hsa.ie

Support for Digital Badges is available by emailing your query to educationunit@hsa.ie

Your name, email address, organisation, and contact telephone/mobile number is logged in order for us to respond to your query.

How long we hold your data for

The Authority will only retain data collected on this site for as long as necessary to fulfil the legal and business functions for which it was collected in the first instance.

Therefore, we will retain your data as long as you wish to retain an account with hsalearning.ie and a record of your learning. If you wish you close your account and delete your data, please send an email outlining your requirements to hsasupport@enovation.ie.

How we ensure your privacy is maintained

We will take all steps we deem to be reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.

While we take these steps to maintain the security of your data, you should be aware of the many data security risks that exist and take appropriate care to help safeguard your information. The nature of the internet is such that we cannot guarantee the security of the information you transmit to us electronically, and any transmission is at your own risk. We store information you provide to us on secure servers and deploy appropriate technical and organisational security measures in the storage and disclosure of your personal data to try to prevent unauthorised access or loss.

Hsalearning.ie is hosted in a secure environment. The Technical and Physical security measures used to ensure your privacy is maintained are:

Technical security measures

Access control and authentication

  • An access control system applicable to all users accessing the IT system is implemented. The system allows creating, approving, reviewing and deleting user accounts.
  • The use of common user accounts is avoided. In cases where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
  • When granting access or assigning user roles, the “need-to-know principle” shall be observed in order to limit the number of users having access to personal data only to those who require it for achieving the Processor’s processing purposes.
  • Where authentication mechanisms are based on passwords, Processor requires the password to be at least eight characters long and conform to very strong password control parameters including length, character complexity, and non-repeatability.
  • The authentication credentials (such as user ID and password) shall never be transmitted unprotected over the network.

Logging and monitoring

Log files are activated for each system/application used for the processing of personal data. They include all types of access to data (view, modification, deletion).

Security of data at rest

Server/Database security

  • Database and applications servers are configured to run using a separate account, with minimum OS privileges to function correctly.
  • Database and applications servers only process the personal data that are actually needed to process in order to achieve its processing purposes.

Workstation security

  • Users are not allowed to deactivate or bypass security settings.
  • Antivirus software and detection signatures are updated regularly.
  • Users do not have the rights to install unauthorized software applications.
  • The system has session timeouts when the user has not been active for a certain time period.
  • Critical security updates released by the operating system provider are installed regularly.

Network/Communication security

  • Whenever access is performed through the Internet, communication is encrypted using cryptographic protocols.
  • Traffic to and from the IT system is monitored and controlled through Firewalls and/or Intrusion Detection Systems.


  • Backup and data restore procedures are defined, documented and clearly linked to roles and responsibilities.
  • Backups are given an appropriate level of physical and environmental protection consistent with the standards applied on the originating data.
  • Execution of backups is monitored to ensure completeness.

Mobile/Portable devices

  • Mobile and portable device management procedures are defined and documented establishing clear rules for their proper use.
  • Mobile devices that are allowed to access the information system are pre-registered and pre-authorised.

Application lifecycle security

During the development lifecycle, best practice, state of the art and well acknowledged secure development practices or standards are followed.

Data deletion/disposal

Software-based overwriting will be performed on media prior to their disposal or physical destruction will be performed.

Shredding of paper and portable media used to store personal data is carried out.

Physical security

The physical perimeter of the IT system infrastructure is not accessible by non-authorised personnel. Appropriate technical measures and organisational measures are set in place to protect security areas and their access points against entry by unauthorised persons.

Your legal rights relating to your data

You have the following rights in relation to data collected on this site:

  • the right to ask what personal data that we hold about you at any time
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge, and
  • the right to have any personal data about you deleted.

If you wish to exercise any of the above rights, please email your request to our data protection officer at dpo@hsa.ie

Modifications to this Privacy Policy

We will review this Privacy policy on an ongoing basis and will update it when necessary.