1. PeopleCert Entities

The following PeopleCert entities may be involved in processing your Personal Data. These entities are data controllers under the EU General Data Protection Regulation 679/2016 (“GDPR”) and/or UK GDPR. Where PeopleCert is a data processor under GDPR, we apply the same principles in this Policy, modified as required by GDPR and our obligations to the data controller.

 

Company name	Country of incorporation	Address
PeopleCert Global Services Societe Anonyme	Greece	3, Korai str., Athens
PeopleCert Hellas - Human Resources Certification Body Societe Anonyme	Greece	3, Korai str., Athens
PeopleCert International Limited	Cyprus	40, Themistocles Devi str., Nicosia
PeopleCert Qualifications LTD	United Kingdom	192 Sloane Street, London, SW1X 9QX
PeopleCert UK LTD	United Kingdom	192 Sloane Street, London, SW1X 9QX
Axelos Limited	United Kingdom	192 Sloane Street, London, SW1X 9QX
International Association For Six Sigma Certification, LLC (IASSC)	United States of America	IASSC – Montana Office, Pinewood Professional Center, 682 S. Ferguson #5, Bozeman, MT 59718
DevOps, Inc.	United States of America	Corporation Trust Center, 1209 Orange Street, Wilmington, Delaware 19801

 

2. How we use your personal data

This section provides a description of the categories of Personal Data we collect about you, the ways we use your Personal Data, the legal bases on which we rely and the period of time we retain your Personal Data.

 

a. Online account

PeopleCert examination candidates (“Candidates”) must have an online account (“Account”), which is created and accessible via the PeopleCert website. Users who are not Candidates also may voluntarily create Accounts. Your Account contains some or all the Personal Data that we hold about you and makes it easier for you to use our services. If the User of the Account is a child below the age of 16 years, we will request consent for the collection and processing of Personal Data from a holder of parental responsibility over the child.

 

The PeopleCert membership service is available to Users holding an active subscription via the PeopleCert website. Users can access the service and explore the available options aligned with their membership plan by logging into their PeopleCert Account. At User's discretion, PeopleCert may allow the display of their public profile on third party websites or applications. Users retain control over which digital badges, and by implication certifications, are visible on their public profile page. They can choose to activate or deactivate the display of their public profile and upload a profile picture as desired.

 

 

Type of data	Legal basis	Retention Period
First/middle name(s), last name(s), email address, country of residence, date of birth, telephone number, address, city, postal code, gender, native language, id number, id issue date, certificate, certificate badge, exam history, any documentation needed to be submitted as a prerequisite for the specific exam you register for, photo in case of public profile display	Performance of a contract with you; our legitimate interests in providing services; in certain cases, your consent	Until you request deletion of your Account, or if your account is inactive for five (5) years and no certificates are associated with it

 

b. Examination and certification services

PeopleCert provides examination and certification services (“Certification Services”) as a Personnel Certification Body and Accredited Examination Institute. Some of our Certification Services are offered in cooperation with (i) organisations (including public authorities) that provide examination content or otherwise authorise examinations (“Test Owners”) and/or (ii) organisations who are authorised and approved by PeopleCert for delivery of Certification Services (“Partners”). Some authorised Partners may also provide training services related to PeopleCert certifications.

 

PeopleCert also maintains a registry containing details of all certified persons. As a Personnel Certification Body and Accredited Examination Institute we operate publicly available a Certificate Verification Service (“CVS”) accessible via our CVS websites for PeopleCert, and Axelos. The CVS allows Users and third parties (e.g., employers) to confirm the authenticity and accuracy of any PeopleCert certificate by entering the serial number of the relevant certificate.

 

Type of data	Legal basis	Retention Period
First/middle name(s), last name(s), email address, country of residence, date of birth, telephone number, address, city, postal code, identity document (e.g., ID, passport), photo, candidate number, video recording (in case of online examination), medical documents (in case of reasonable adjustment or special consideration requests)	Performance of a contract with you; our legitimate interests in providing services; in case of processing of medical documents, your consent	Personal Data related to your online account are retained until you request deletion of it or if your account is inactive for five (5) years and no certificates are associated with it Personal Data related to the examination process (e.g., answer sheets) are retained for six (6) months
Axelos Successful Candidates Register	Consent	Until you request to be removed from Axelos Successful Candidates Register

 

c. Online proctoring

PeopleCert offers examinations through PeopleCert Online Proctoring (OLP) services, allowing Candidates to take an online exam at their preferred time and location (i.e., almost anywhere they have internet access and a suitable room). PeopleCert OLP connects Candidates via webcam directly to an authorised PeopleCert proctor (invigilator), who guides them and monitors the exam session. We record the exam session, ensuring its security and integrity. For OLP examinations we also take a photograph of the Candidate for ongoing identification purposes and inclusion in the examination statement of results if it is required. PeopleCert may use your Personal Data to investigate malpractice and/or mismanagement during the examination process. The examination process is monitored by authorised internal teams who have access to the recorded material (video).

 

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, postal address, identity document (e.g., ID, passport), photo, candidate number, date of birth, IP address, Candidate's computer desktop, recorded material (image and sound data), examination details	Performance of a contract with you; our legitimate interests in providing certification services	Uploaded IDs, test day photos and video recordings are retained for one (1) year from the date of examination for non-regulated exams Uploaded IDs, test day photos and video recordings are retained for two (2) yeas from the date of examination for regulated exams

 

d. Biometric verification of identity

PeopleCert verifies the identity of examination candidates. Identity verification processes include ID document verification, liveness detection, facial recognition and/or voice recognition. The ID Verification tool checks the validity and authentication of the provided identification document. The liveness detection check determines whether credentials supplied to pass a biometrics identity check represent a live person rather than a high-tech imitation. The facial recognition verification tool can identify a human face in the digital copy of your provided identification document and compare it to the person taking the exam and/or PeopleCert database. In case of regulated exams which include assessments that are subject to the control of government or regulatory authorities, such as language certification examinations, PeopleCert uses biometric measurements. This practice ensures the highest standards of security and integrity, serving the substantial public interest. For unregulated exams which do not fall under the purview of government or regulatory bodies, such as Business & IT examinations, PeopleCert may use biometric measurements only upon candidate’s consent.

 

Type of data	Legal basis	Retention Period
Biometric data (facial recognition, liveness verification, voice recognition)	Substantial public interest (for regulated examinations); consent (for unregulated examinations)	Biometric data are retained for one (1) year from the date of examination for non-regulated exams Biometric data are retained for two (2) yeas from the date of examination for regulated exams

 

e. Internal training

PeopleCert may use the personal data collected during the examination process for internal training purposes in order to improve its services and to prevent malpractice.

 

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, postal address, identity document (e.g., ID, passport), photo, candidate number, date of birth, Candidate's computer desktop, recorded material (image and sound data), examination details	Our legitimate interests in improving our services	Uploaded IDs and video recordings are retained for one year from the date of examination for non-regulated exams Uploaded IDs and video recordings are retained for two yeas from the date of examination for regulated exams

 

PeopleCert sells and provides physical and electronic books related to its certification services. To access your e-book, you are being redirected to the virtual environment of our e-book provider Vitalsource, but we do not share your Personal Data with Vitalsource.

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, postal address, shipping details, associated sales, usage (for e- books)	Our legitimate interests to deliver and improve our products and services	Until you request deletion of your Account

 

g. Canvas Learning Management System

PeopleCert provides Official Training Materials and e-learning modules to enhance robust digital learning. By creating a PeopleCert online account users are enrolled in the Canvas Learning Management System. To access the Canvas LMS, users are redirected to the services of our provider Instructure. You may find more information in the Instructure Privacy Policy at Product Privacy | Policy| Instructure.

 

PeopleCert also supports and enables users to use the Canvas LMS and provides advice if users experience difficulties with the platform.

 

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, profile information	Our legitimate interests to deliver and improve our products and services	Personal data of candidates are retained for 5 years Personal data of partners are retained for as long as the partnership agreement is in force

 

h. Oral exams using interlocutors

PeopleCert conducts oral exams for physically present candidates through the PeopleCert Interlocutor Application. Interlocutors access a session, select the candidate to examine from an existing list and record the oral part of the exam session.

 

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, ID number, exam date and start time, exam module, candidate and session ID, venue address and examination room, voice recording, grades	Our legitimate interests to deliver and improve our products and services	Personal Data are linked to your PeopleCert account and are retained until you request deletion of it or if your account is inactive for five (5) years and no certificates are associated with it Voice recording files are retained for six (6) months.
Login credentials of interlocutors/markers	Our legitimate interests to deliver and improve our products and services	Personal data of interlocutors/markers are retained for as long as the agreement covering the services is in force

 

i. Online purchases

PeopleCert offers products, exams and services for purchase remotely and electronically. Payments are processed securely by our selected payment processors. PeopleCert does not store or have access to credit or debit card information. This information is securely provided by Users directly to our payment processors at the time of purchase. Where users opt to store credit or debit card information, PeopleCert’s payment processors will use this data for the sole purpose of facilitating further purchases by the users. To ensure the safety of electronic purchases, PeopleCert complies with PCI-DSS (Payment Card Industry – Data Security Standard).

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, billing address, shipping postal address, candidate number, order id, invoice number	Performance of a contract with you; Our legitimate interests to deliver and improve our products and services	Until you request deletion of your Account

 

j. Customer support

PeopleCert offers 24/7 customer service support to Users (both organisations and individual Candidates) to handle their requests. You may submit your request through email, telephone and online chat. Telephone calls and online chats may be recorded in order to ensure proof of transactions. If you do not wish to contact us by the above means, you can always send us a message at customerservice@peoplecert.org.

 

Type of data	Legal basis	Retention Period
First/Middle name(s), last name(s), email address, telephone number, voice data, other information related to a support request	Performance of a contract with you; our legitimate interests in providing services	Online chats, emails and contact forms are retained for two (2) years after the submission of the written request Telephone recordings are retained for fifteen (15) days

 

k. Surveys

From time-to-time PeopleCert may run surveys, polls and similar initiatives (“Surveys”), to request information from Users to assist us to improve our products, services and operating practices. Participation in Surveys is always voluntary, and Personal Data provided in Survey responses will always remain strictly confidential. The results of Surveys may be aggregated, and anonymised, and such anonymised information may be shared with third parties.

 

Type of data	Legal basis	Retention Period
Email address, case number, date of rate, comment(s)	Our legitimate interests in improving our services; in certain cases, your consent	Personal Data are retained for one (1) year

 

l. Review invitations

PeopleCert may contact you via e-mail to invite you to review any services and/or products you received from us in order to collect your feedback and improve our products and services. We use an external provider, Trustpilot A/S (“Trustpilot”), to collect your feedback which means that we will share your name, email address and candidate number with Trustpilot for the above purpose. If you wish to learn more about how Trustpilot processes your personal data, you can access their Privacy Policy at Trustpilot Legal - Privacy Policy.

 

PeopleCert may also utilize any public reviews that you submit to Trustpilot in various promotional materials and media for our advertising and promotional purposes.

 

 

m. Suppliers

 

We collect data on suppliers of good and services to manage our relationships with the suppliers. The information may include personal details of supplier representatives.

 

Type of data	Legal basis	Retention Period
Full name of company representative, VAT number, phone number, email address, bank accounts	Our legitimate interests in managing our supplier relationships; performance of a contract with you	Personal Data are retained for fifteen (15) years from the termination of the contract

 

n. Marketing communications

If you have opted in to receiving marketing communications, PeopleCert may occasionally contact you via various means (e.g., email, SMS) to inform you of new PeopleCert products and services, and other PeopleCert developments. Our partners and Test Owners are not permitted to use your Personal Data for marketing or similar purposes unless specific consent has been given by you. You have the option of opting out of such communications at any time, by using the “unsubscribe” links in the communications or by contacting us at dataprotection@peoplecert.org. Additionally, we may collect directly or indirectly (from our partners) your contact details during corporate events and we may contact you in order to promote our new products or/and services.

 

Type of data	Legal basis	Retention Period
First/Middle name, last name, email address, telephone number	Consent; Our legitimate interest in promoting our products and services	Up to three (3) years from the data subject's consent or until you request deletion of your Personal Data

 

o. Cookies

PeopleCert uses cookies on its websites to optimise user experience, enhance security and combat fraudulent and/or malicious web activity. You can adjust your browser settings to refuse or accept cookies. For more information about cookies, please check our Cookie Policy.

 

3. With whom PeopleCert shares your personal data

We never sell your Personal Data or disclose it to third parties for marketing purposes (if Test Owners whose examinations you take market other services to you, it is their responsibility to comply with applicable data protection legislation). We may disclose Personal Data to third parties in the following circumstances:

 

- to other PeopleCert companies

- if we have obtained your consent to do so

- as part of the Certification Services, including:

    - - during examination sessions, through contact between Candidates and examination staff

    - - sharing with Test Owners

- by disclosing your examination results:

    - - as part of a Certificate Verification Service (CVS)

    - - to a Partner through which you took your examination, for sharing with you

    - - as requested by your employer or other person or entity who booked an examination on your behalf (directly or via a Partner)

- to providers who support PeopleCert’s services, with appropriate agreements to ensure the Personal Data is used only for these supporting services and in accordance with this Privacy Policy

- when we are required by law or court order, or requested by a regulatory or governmental authority legally authorised to request such disclosure

   - - where we suspect fraudulent activity on SELT exams, we will share your information with the UK Home Office who will take appropriate enforcement action

- if you are suspected and/or investigated for examination malpractice

- to the UK Home Office, if you have participated in Secure English Language Tests (SELT) in order to obtain a visa in the UK

- if required to protect the rights, property or safety of PeopleCert, its business partners or Test Owners

 

4. Transfers of personal data to third countries

 

Whenever we transfer your Personal Data out of the European Economic Area (EEA), we ensure that your Personal Data is protected in accordance with applicable law, including through contractual commitments where required.

If you or the Partner through which you took your examination are based outside the EEA, we transfer your Personal Data to you or the Partner in order to establish or perform a contract with you, or otherwise with your consent.

In other circumstances, we will only transfer your Personal Data to third countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or where there are appropriate safeguards or other bases for transfer under applicable law. For example, we may transfer your Personal Data to the United Kingdom based on the adequacy decision for the United Kingdom. Appropriate safeguards to protect your Personal Data may include Standard Contractual Clauses adopted by the European Commission.

 

5. Your Rights

 

If you wish to exercise any of the rights set out below, please complete the GDPR Data Request Form and send it to the PeopleCert Data Protection Officer at   dataprotection@peoplecert.org.

 

 

6. How we protect your personal data (data security)

 

We use appropriate technical and organisational measures to protect Personal Data from unauthorised use, access, disclosure, alteration or destruction. These precautions include physical, electronic and operational procedures in compliance with the ISO 27001 and Cyber Essentials standards. These are indicatively:

 

• measures to ensure that data processing systems cannot be used by unauthorised persons
• measures to ensure that persons authorised to use data processing systems have access only to the data for which they have been authorised
• measures to ensure that during electronic transmission, or during transfer, or recording, personal data may not be transmitted, copied, altered or removed by unauthorised persons
• measures to verify whether and by whom personal data have been entered, modified or deleted in data processing systems
• measures that ensure that personal data processed by third parties are processed only in accordance with our instructions
• measures to ensure that data collected for different purposes, are processed separately

 

7. Laws in other countries

 

At PeopleCert, we are committed to complying with all applicable privacy laws in the countries where we operate our services. Some countries have privacy laws or regulations that may grant you additional rights beyond what is stated in this Privacy Policy. If you believe that you have such rights, please inform us. We are committed to addressing any valid privacy requests promptly and in accordance with      the relevant laws. 

 

               a) US Family Educational and Privacy Act (“FERPA”)

 

PeopleCert complies with FERPA where it is applicable. In this section, “Education Record” and “Directory Information” have the definitions provided in FERPA. In particular, we:

 

• do not disclose a student’s Education Record without obtaining the prior written consent of the student or the student’s parent, unless disclosure falls within one of the exceptions listed below in this section 7;
• may disclose personal data that is part of an Education Record where the information is shared with (i) a school official with a legitimate educational interest in the record, (ii) an official for an audit or evaluation, (iii) appropriate parties in connection with financial aid, (iv) appropriate officials pursuant to a health or safety emergency, (v) juvenile justice authorities under state law, (vi) accrediting agencies and/or (vii) an organisation conducting certain studies for or on behalf of the school, or pursuant to a judicial order or subpoena;
• may disclose Directory Information without prior consent of the student or the student’s parent, subject to applicable rights to restrict the disclosure of such information.

 

8. Third party links

 

Our websites may include links to third-party websites or applications. Clicking on those links may allow third parties to collect or share your data. We do not control these third-party websites and applications and are not responsible for their privacy notices. We encourage you to read the privacy notices of third- party sites that you visit.

 

9. Amendments to the privacy policy

 

This Policy is updated when necessary. If there are significant changes in our Policy, we will make reasonable efforts to inform you (by any appropriate means).

We encourage you to read this Privacy Policy from time to time to stay informed about the processing of your personal data by PeopleCert.

 

10. Contact details and complaints

 

For any questions, requests, clarifications or complaints about the processing of your personal data, please contact the PeopleCert Data Protection Officer:

By letter: to any of the addresses in section 1 of this Policy

By e-mail: dataprotection@peoplecert.org

If you believe that we have not addressed a problem with processing of your Personal Data, you may lodge a complaint before the data protection authorities in your country.