Privacy Policy for MOBI Training Site

Last updated: 5 July 2026


This Privacy Policy explains how Metabolic, Obesity & Bariatric Healthcare Ltd (T/A MOBI) collects, uses, shares, stores and protects personal data when you access or use the MOBI Training Site at https://mobi-training.co.uk/, purchase or access courses, attend live sessions, submit course activities, contact us, or otherwise interact with us in relation to the Training Site.

This Privacy Policy should be read together with the Terms and Conditions, any course-specific information, the cookie information presented on the Training Site, and any relevant Teachable platform privacy information.


1. Who we are and how to contact us

Metabolic, Obesity & Bariatric Healthcare Ltd (T/A MOBI) is the controller for personal data that MOBI decides to collect and use in connection with MOBI courses, student support, certificates, communications, course administration and related Training Site activities.

Registered office: 65 Knowl Piece, Wilbury Way, Hitchin, SG4 0TY. Privacy contact: info@mobi.clinic. Telephone: 01462 889704. Postal address: 65 Knowl Piece, Wilbury Way, Hitchin, SG4 0TY. ICO registration number: [ZB821774].

Dr Ben Zalin is Metabolic, Obesity & Bariatric Healthcare Ltd (T/A MOBI)’s registered Data Protection Officer.

Teachable Inc. provides the Training Site platform and may process personal data as a processor for MOBI and/or as an independent controller for certain platform, account, checkout, security, analytics or legal-compliance activities. Teachable's own privacy policy and data processing documentation may also apply.


2. What personal data we collect

We may collect and process the following categories of personal data, depending on how you use the Training Site and which courses you access:

  • Identity data eg: Name, title, username, account ID and login details.
  • Contact data eg: Email address, telephone number, billing address, organisation, employer or commissioning body where provided.
  • Professional and eligibility data eg: Job role, professional registration details, professional body, qualifications, employer, course prerequisites and eligibility information where relevant.
  • Account and course data eg: Course enrolments, course progress, modules viewed, quiz/assessment results, assignments, certificates, completion records, attendance, support requests and communications.
  • Payment and transaction data eg: Payment status, transaction details, invoices, refunds and payment confirmations. Full card details are handled by payment providers and are not stored directly by MOBI.
  • Technical and usage data eg: IP address, browser type, device information, operating system, cookie identifiers, pages viewed, login activity, time spent on modules, security logs and platform usage data.
  • Marketing and communications data eg: Marketing preferences, consent records, email engagement, enquiry history and communication preferences.
  • Student contribution data eg: Comments, Q&A posts, assignments, feedback, reviews, messages, uploaded files and other course submissions
  • Special category data eg: MOBI does not intentionally request student health data unless a specific course activity clearly requires it and the appropriate legal basis and Article 9 condition are identified. Students must not submit patient-identifiable information.


3. How we collect personal data

We collect personal data directly from you when you create an account, purchase a course, complete forms, submit assignments, contact us, take part in course activities, attend live sessions or request support.

We collect personal data automatically through the Training Site, Teachable platform, cookies, logs and similar technologies when you use the Training Site.

We may receive personal data from Teachable, payment processors, email providers, analytics providers, employers, commissioners, professional bodies or other service providers where this is necessary and lawful.

Where an employer, commissioner or organisation purchases training for you, they may provide your name, email address, role, eligibility details and course requirements. They may also receive appropriate completion or attendance information as described below.


4. Purposes and lawful bases for processing

Under UK data protection law, we need a lawful basis for processing personal data. The table below summarises the main purposes and likely lawful bases. The applicable basis may vary depending on the course, user type and training arrangement.


1.Purpose: Creating and managing student accounts

Lawful Basis: Contract; legitimate interests in operating the Training Site and securing access.


2.Purpose: Processing course purchases, payments, refunds and invoices

Lawful Basis: Contract; legal obligation for accounting,tax and record-keeping.


3.Purpose: Providing course access, digital content, live sessions, support and certificates.

Lawful Basis: Contract; legitimate interests in administering training and maintaining completion records.


4.Purpose: Checking eligibility, professional status or course prerequisites.

Lawful Basis: Contract; legitimate interests in ensuring appropriate and safe course access.


5.Purpose: Sending service communications about account access, course changes, certificates, live sessions or policy updates.

Lawful Basis: Contract; legitimate interests in administering the Training Site and supporting students.


6.Purpose: Responding to enquiries, complaints and support requests

Lawful Basis: Contract; legitimate interests in customer support and dispute management.


7.Improving courses, platform performance, security and user experience

Lawful Basis: Legitimate interests, balanced against user rights; consent where required for non-essential cookies or similar technologies.


8.Purpose: Sending marketing communications

Lawful Basis: Consent, or soft opt-in where legally available and appropriate; legitimate interests for limited business-to-business communications where lawful.


9.Purpose: Sharing completion or attendance information with employers, commissioners or professional bodies

Lawful Basis: Contract, legitimate interests, consent or legal obligation depending on the training arrangement and user expectations.


10.Purpose: Complying with legal, tax, audit, regulatory, insurance, security or professional obligations

Lawful basis: Legal obligation; legitimate interests; legal claims where applicable.


11.Purpose: Processing special category data, if ever collected

Lawful Basis: An Article 6 lawful basis plus an Article 9 condition, such as explicit consent, healthcare/professional obligations, substantial public interest or legal claims where applicable.


5. Special category data and patient information

MOBI does not intentionally require students to submit their own health information or patient-identifiable information through the Training Site unless a specific course activity clearly explains this and identifies a lawful basis and Article 9 condition.

Students must not upload patient-identifiable information, confidential clinical records, identifiable case details or unnecessary special category data in comments, assignments, messages, Q&A areas or course activities.

If special category data is processed, MOBI will rely on an appropriate Article 6 lawful basis and an Article 9 condition, such as explicit consent, substantial public interest, healthcare-related obligations, professional confidentiality obligations, or legal claims where applicable. The exact basis will depend on the activity.

If identifiable patient information is accidentally submitted, MOBI may remove, restrict, delete or handle it in accordance with confidentiality, data protection, patient safety and legal obligations.


6. Marketing communications

We may send service emails about your account, course access, payment, certificates, live sessions, technical matters, policy updates or important course changes where necessary for the course or our legitimate interests.

We will send electronic marketing communications only where we have a lawful basis under data protection law and comply with PECR. This may include consent or the soft opt-in where legally available and appropriate.

You can unsubscribe from marketing emails at any time by using the unsubscribe link or contacting us. You may still receive necessary service communications.


7. Who we share personal data with

We may share personal data with Teachable and its authorised subprocessors to host and operate the Training Site, manage accounts, deliver course content and support platform functionality.

We may share data with payment processors, such as Teachable Payments, Stripe, PayPal or other providers, to process payments, refunds, fraud checks and payment disputes.

We may share data with email, CRM, analytics, cookie-consent, video, webinar, cloud hosting, IT support, security, document-management and professional service providers used to operate and support the Training Site.

Where training is purchased, sponsored or required by an employer, commissioner or organisation, we may share proportionate enrolment, attendance, progress, completion, certificate or support information where this is lawful, expected and appropriate.

We may share data with professional advisers, insurers, auditors, regulators, courts, law enforcement, public authorities or other parties where necessary for legal, regulatory, security, tax, audit, insurance, dispute or safeguarding purposes.

We do not sell student personal data.


8. Teachable platform processing

Because the Training Site is hosted through Teachable, Teachable may collect and process account, login, checkout, technical, usage, security, cookie and payment-related data when you use the Training Site.

MOBI is responsible for its own course content, student relationship and decisions about how MOBI uses student data. Teachable is responsible for its own platform policies and may act as a processor, independent controller or both depending on the processing activity.

We use Teachable to host, deliver, manage and administer our online training courses. Where Teachable processes personal data on our behalf in connection with course enrolment, access, course progress, communications and administration, Teachable acts as our data processor under its Data Processing Agreement. Teachable may also process certain account, payment, platform or technical data as an independent controller in accordance with its own terms and privacy documentation. Where personal data is transferred outside the UK, we rely on appropriate safeguards, which may include Teachable’s Data Processing Agreement, applicable UK International Data Transfer Agreement/Addendum arrangements, or other lawful transfer mechanisms recognised under UK data protection law.


9.Use of Teachable and Data Processing

MOBI uses Teachable to host, deliver and administer its online training courses. Where Teachable processes personal data on MOBI’s behalf in connection with course enrolment, access, administration, learner records or related services, such processing is governed by Teachable’s applicable Data Processing Agreement. MOBI will take reasonable steps to keep its privacy disclosures aligned with Teachable’s current data processing terms, subprocessor information, international transfer arrangements and privacy documentation.


10. International data transfers

Some of our service providers, including Teachable and other technology providers, may be located outside the United Kingdom or may process personal data outside the United Kingdom, including in the United States.

Where personal data is transferred outside the UK, we will use an appropriate lawful transfer mechanism where required. This may include a UK adequacy regulation, the UK Extension to the EU-US Data Privacy Framework where the recipient is certified, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, the UK International Data Transfer Agreement, UK Binding Corporate Rules, or another lawful safeguard or derogation.

Where required, we will consider transfer risk and supplier due diligence before making or continuing restricted transfers.

Because transfer mechanisms and supplier certifications may change, MOBI should verify Teachable's current DPA, subprocessor list and transfer mechanism before publication and on a periodic basis.

international users may have additional local privacy rights, but MOBI’s main privacy framework is UK GDPR/Data Protection Act 2018. The ICO treats transfers of personal information outside the UK as restricted transfers requiring appropriate safeguards, so the privacy policy should continue to include the international transfer wording, especially because Teachable’s DPA refers to the UK IDTA/transfer arrangements for UK creators.



11. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including training delivery, support, legal, tax, audit, security, dispute, professional and regulatory purposes. The retention periods below should be confirmed against MOBI's internal retention schedule before publication.


1.Record type: Account records

Indicative retention period: For the duration of account access plus a reasonable period for support, audit, dispute and legal purposes.


2.Record Type: Course enrolment, progress and completion records

Indicative retention period: For the duration of course access plus 6 years to evidence completion, respond to queries and support professional training records.


3.Record type: Certificates

Indicative retention period: 6 years for professional, employer, regulatory or accreditation evidence.


4.Record Type: Payment, invoice and accounting records

Indicative retention period: Normally 6 years after the end of the relevant financial year, or longer where required by law or dispute.


5.Record Type: Support and complaint records

Indicative retention period: 6 years after resolution depending on the nature of the issue.


6.Record Type: Marketing consent and unsubscribe records

Indicative retention period:Until consent is withdrawn or marketing stops, plus a reasonable period to evidence compliance.


7.Record Type: Cookie consent records

Indicative retention period:For the period configured in the consent management platform or as otherwise required to evidence cookie choices.


8.Record Type: Security logs

Indicative retention period: For a limited period appropriate to security monitoring, fraud prevention, investigation and platform integrity.


9.Record Type: Student submissions and community posts

Indicative retention period:For the duration of course access or community availability, unless removed earlier or retained for dispute, safety, legal or compliance reasons.


10.Record Type: Legal, regulatory, insurance or dispute records

Indicative retention period:As long as necessary to comply with legal obligations or manage claims, audits, investigations or disputes.



12. Cookies and similar technologies

The Training Site may use cookies, pixels, tags, local storage, scripts, device identifiers and similar technologies.

Essential cookies and similar technologies may be used where necessary for login, authentication, security, checkout, fraud prevention, remembering choices, course access and operation of the Training Site.

Analytics, advertising, retargeting, tracking pixels, embedded video cookies, social media cookies and similar non-essential technologies should only be used where users receive clear information and give valid consent, unless an exemption applies.

A cookie banner or consent tool should allow users to accept, reject and manage non-essential cookies. Non-essential cookies should not load before the required consent is obtained.


13. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These may include access controls, password protection, supplier due diligence, secure platforms, confidentiality obligations, restricted access and staff awareness.

No online service, email system or platform can be guaranteed to be completely secure. You are responsible for keeping your login details secure and notifying us if you suspect unauthorised access.


14. Your data protection rights

Subject to legal conditions and exemptions, you may have the right to: access your personal data; request correction of inaccurate or incomplete data; request erasure; restrict processing; object to processing; request data portability; withdraw consent where processing is based on consent; and object to direct marketing.

Some rights may be limited where we need to keep data for legal, tax, audit, regulatory, professional, training evidence, security, dispute, safeguarding or legitimate business reasons. To exercise your rights, contact info@mobi.clinic. We may need to verify your identity before responding.


15. Automated decision-making and profiling

MOBI does not use automated decision-making or profiling that produces legal or similarly significant effects on students through the Training Site.

If this changes, we will update this Privacy Policy and provide appropriate information.


16. Children and age restrictions

The Training Site is intended for adults aged 18 or over. We do not knowingly offer courses to children or intentionally collect children's personal data through the Training Site.

If we become aware that a child has created an account or provided personal data without appropriate authority, we may delete or restrict the account and associated data where appropriate.


17. Links to other websites

The Training Site may contain links to third-party websites, platforms, payment pages, professional resources, journal articles or guidance. This Privacy Policy does not apply to third-party websites or services that are not controlled by MOBI. You should review the privacy notices of any third-party services you use.


18. Complaints

If you have concerns about how we use your personal data, please contact us first at info@mobi.clinic so we can try to resolve the issue. You also have the right to complain to the Information Commissioner's Office (ICO), the UK data protection regulator. The ICO can be contacted at www.ico.org.uk or by telephone on 0303 123 1113.


19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on the Training Site.

Material changes will be notified where reasonably practicable, for example by email, account notice or website notice.