PeopleCert Privacy Policy
This Policy describes how companies in the PeopleCert Group (together “PeopleCert” or “we”) collect and process data which identify individuals (“Personal Data”) who are customers and other users of our services (“Users”, “you”), and your associated rights. This Policy applies to PeopleCert products and services, including websites operated by PeopleCert. Your privacy is extremely important to us, and we are committed to offering you a safe and hassle-free experience while visiting our websites and using our services.
1. PeopleCert Entities
The following PeopleCert entities may be involved in processing your Personal Data. These entities are data controllers under the EU General Data Protection Regulation 679/2016 (“GDPR”) and/or UK GDPR. Where PeopleCert is a data processor under GDPR, we apply the same principles in this Policy, modified as required by GDPR and our obligations to the data controller.
| Company name | Country of incorporation | Address |
|---|---|---|
| PeopleCert Global Services Societe Anonyme | Greece | 3, Korai str., Athens |
| PeopleCert Hellas – Human Resources Certification Body Societe Anonyme | Greece | 3, Korai str., Athens |
| PeopleCert International Limited | Cyprus | 40, Themistocles Devi str., Nicosia |
| PeopleCert Qualifications LTD | United Kingdom | 192 Sloane Street, London, SW1X 9QX |
| PeopleCert UK LTD | United Kingdom | 192 Sloane Street, London, SW1X 9QX |
| Axelos Limited | United Kingdom | 192 Sloane Street, London, SW1X 9QX |
| International Association For Six Sigma Certification, LLC (IASSC) | United States of America | IASSC – Montana Office, Pinewood Professional Center, 682 S. Ferguson #5, Bozeman, MT 59718 |
| DevOps, Inc. | United States of America | 340 9th st north #282, Naples, FL 34102. |
2. How we use your Personal Data
This section provides a description of the categories of Personal Data we collect about you, the ways we use your Personal Data, the legal bases on which we rely and the period of time we retain your Personal Data.
a. Online account
PeopleCert examination candidates (“Candidates”) must have an online account (“Account”), which is created and accessible via the PeopleCert website. Users who are not Candidates also may voluntarily create Accounts. Your Account contains some or all the Personal Data that we hold about you and makes it easier for you to use our services. If the User of the Account is a child below the age of 16 years, we will request consent for the collection and processing of Personal Data from a holder of parental responsibility over the child.
PeopleCert’s MyAxelos membership service is available to you with an active membership to the service https://my.axelos.com. Subscribers are required to create an account during the subscription process. After subscribing you can use these login credentials to access the service, as long as your subscription remains active.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/middle name(s), last name(s), email address, country of residence, date of birth, telephone number, address, city, postal code, gender, native language, id number, id issue date, certificate, certificate badge, exam history, any documentation needed to be submitted as a prerequisite for the specific exam you register for | Performance of a contract with you; our legitimate interests in providing services; in certain cases, your consent | Until you request deletion of your Account, or if your account is inactive for five (5) years and no certificates are associated with it |
| First/middle name(s), last name(s), email address, country of residence, candidate number, billing address | Performance of a contract with you; our legitimate interests in providing services | As long as the MyAxelos subscription remains active |
b. Examination and certification services
PeopleCert provides examination and certification services (“Certification Services”) as a Personnel Certification Body and Accredited Examination Institute. Some of our Certification Services are offered in cooperation with (i) organisations (including public authorities) that provide examination content or otherwise authorise examinations (“Test Owners”) and/or (ii) organisations who are authorised and approved by PeopleCert for delivery of Certification Services (“Partners”). Some authorised Partners may also provide training services related to PeopleCert certifications.
PeopleCert also maintains a registry containing details of all certified persons. As a Personnel Certification Body and Accredited Examination Institute we operate publicly available a Certificate Verification Service (“CVS”) accessible via our CVS websites for PeopleCert,and Axelos.The CVS allows Users and third parties (e.g., employers) to confirm the authenticity and accuracy of any PeopleCert certificate by entering the serial number of the relevant certificate.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/middle name(s), last name(s), email address, country of residence, date of birth, telephone number, address, city, postal code, identity document (e.g., ID, passport), photo, candidate number, video recording (in case of online examination), medical documents (in case of reasonable adjustment or special consideration requests) | Performance of a contract with you; our legitimate interests in providing services; in case of processing of medical documents, your consent |
Personal Data related to your online account are retained until you request deletion of it or if your account is inactive for five (5) years and no certificates are associated with it Personal Data related to the examination process (e.g., answer sheets) are retained for six (6) months |
| Axelos Successful Candidates Register | Consent | Until you request to be removed from Axelos Successful Candidates Register. |
c. Online proctoring
PeopleCert offers examinations through PeopleCert Online Proctoring (OLP) services, allowing Candidates to take an online exam at their preferred time and location (i.e., almost anywhere they have internet access and a suitable room). PeopleCert OLP connects Candidates via webcam directly to an authorised PeopleCert proctor (invigilator), who guides them and monitors the exam session. We record the exam session, ensuring its security and integrity. For OLP examinations we also take a photograph of the Candidate for ongoing identification purposes and inclusion in the examination statement of results if it is required. PeopleCert may use your Personal Data to investigate malpractice and/or mismanagement during the examination process. The examination process is monitored by authorised internal teams who have access to the recorded material (video).
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, postal address, identity document (e.g., ID, passport), photo, candidate number, date of birth, IP address, Candidate’s computer desktop, recorded material (image and sound data), examination details | Performance of a contract with you; our legitimate interests in providing certification services |
Video recordings are retained for one (1) year from the date of examination. Uploaded IDs are retained for three (3) months following the release of the results. |
d. Biometric verification of identity
PeopleCert verifies the identity of examination candidates. Identity verification processes include ID document verification, liveness detection, facial recognition and/or voice recognition. The ID Verification tool checks the validity and authentication of the provided identification document. The liveness detection check determines whether credentials supplied to pass a biometrics identity check represent a live person rather than a high-tech imitation. The facial recognition verification tool can identify a human face in the digital copy of your provided identification document and compare it to the person taking the exam and/or PeopleCert database. In case of regulated exams which include assessments that are subject to the control of government or regulatory authorities, such as language certification examinations, PeopleCert uses biometric measurements. This practice ensures the highest standards of security and integrity, serving the substantial public interest. For unregulated exams which do not fall under the purview of government or regulatory bodies, such as Business & IT examinations, PeopleCert may use biometric measurements only upon candidate’s consent.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| Biometric data (facial recognition, liveness verification, voice recognition) | Substantial public interest (for regulated examinations); consent (for unregulated examinations) |
Biometric data are retained for three (3) months following the release of the results
|
e. Internal Training
PeopleCert may use the personal data collected during the examination process for internal training purposes in order to improve its services and to prevent malpractice.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, postal address, identity document (e.g., ID, passport), photo, candidate number, date of birth, Candidate’s computer desktop, recorded material (image and sound data), examination details | Our legitimate interests in improving our services |
Video recordings are retained for one (1) year from the date of examination
Uploaded IDs are retained for three (3) months following the release of the results
|
f. Books and e-books
PeopleCert sells and provides physical and electronic books related to its certification services. To access your e-book, you are being redirected to the virtual environment of our e-book provider Vitalsource, but we do not share your Personal Data with Vitalsource.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, postal address, shipping details, associated sales, usage (for e-books) | Our legitimate interests to deliver and improve our products and services | Until you request deletion of your Account |
g. Canvas Learning Management System
PeopleCert provides access to the Canvas Learning Management System to deliver our Official Training Materials and enhance robust digital learning. To access the Canvas LMS, you are redirected to the services of our provider Instructure. You may find more information in the Instructure Privacy Policy at Product Privacy | Policy | Instructure.
PeopleCert also supports and enables users to use the Canvas LMS and provides advice if users experience difficulties with the platform.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, profile information | Our legitimate interests to deliver and improve our products and services |
Personal data of candidates are retained for 5 years. Personal data of partners are retained for as long as the partnership agreement is in force. |
h. Oral exams using interlocutors
PeopleCert conducts oral exams for physically present candidates through the PeopleCert Interlocutor Application. Interlocutors access a session, select the candidate to examine from an existing list and record the oral part of the exam session.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, ID number, exam date and start time, exam module, candidate and session ID, venue address and examination room, voice recording, grades | Our legitimate interests to deliver and improve our products and services |
Personal Data are linked to your PeopleCert account and are retained until you request deletion of it or if your account is inactive for five (5) years and no certificates are associated with it. Voice recording files are retained for six (6) months. |
| Login credentials of interlocutors/markers | Our legitimate interests to deliver and improve our products and services | Personal data of interlocutors/markers are retained for as long as the agreement covering the services is in force |
i. Online purchases
PeopleCert offers products, exams and services for purchase remotely and electronically. Payments are processed securely by our selected payment processors. PeopleCert does not store or have access to credit or debit card information. This information is securely provided by Users directly to our payment processors at the time of purchase. Where users opt to store credit or debit card information, PeopleCert’s payment processors will use this data for the sole purpose of facilitating further purchases by the users. To ensure the safety of electronic purchases, PeopleCert complies with PCI-DSS (Payment Card Industry – Data Security Standard).
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, billing address, shipping postal address, candidate number, order id, invoice number | Performance of a contract with you; Our legitimate interests to deliver and improve our products and services | Until you request deletion of your Account |
i. Customer support
PeopleCert offers 24/7 customer service support to Users (both organisations and individual Candidates) to handle their requests. You may submit your request through email, telephone and online chat. Telephone calls and online chats may be recorded in order to ensure proof of transactions. If you do not wish to contact us by the above means, you can always send us a message at customerservice@peoplecert.org.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name(s), last name(s), email address, telephone number, voice data, other information related to a support request | Performance of a contract with you; our legitimate interests in providing services |
Online chats, emails and contact forms are retained for two (2) years after the submission of the written request. Telephone recordings are retained for fifteen (15) days. |
k. Surveys
From time-to-time PeopleCert may run surveys, polls and similar initiatives (“Surveys”), to request information from Users to assist us to improve our products, services and operating practices. Participation in Surveys is always voluntary, and Personal Data provided in Survey responses will always remain strictly confidential. The results of Surveys may be aggregated, and anonymised, and such anonymised information may be shared with third parties.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| Email address, case number, date of rate, comment(s) | Our legitimate interests in improving our services; in certain cases, your consent | Personal Data are retained for one (1) year. |
l. Suppliers
We collect data on suppliers of good and services to manage our relationships with the suppliers. The information may include personal details of supplier representatives.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| Full name of company representative, VAT number, phone number, email address, bank accounts | Our legitimate interests in managing our supplier relationships; performance of a contract with you | Personal Data are retained for twenty (20) years from the termination of the contract. |
m. Marketing communications
If you have opted in to receiving marketing communications, PeopleCert may occasionally contact you via various means (e.g., email, SMS) to inform you of new PeopleCert products and services, and other PeopleCert developments. Our partners and Test Owners are not permitted to use your Personal Data for marketing or similar purposes unless specific consent has been given by you. You have the option of opting out of such communications at any time, by using the “unsubscribe” links in the communications or by contacting us at dataprotection@peoplecert.org. Additionally, we may collect directly or indirectly (from our partners) your contact details during corporate events and we may contact you in order to promote our new products or/and services.
| Type of data | Legal basis | Retention Period |
|---|---|---|
| First/Middle name, last name, email address, telephone number | Consent; Our legitimate interest in promoting our products and services | Up to three (3) years from the data subject’s consent or until you request deletion of your Personal Data. |
n. Cookies
PeopleCert uses cookies on its websites to optimise user experience, enhance security and combat fraudulent and/or malicious web activity. You can adjust your browser settings to refuse or accept cookies. For more information about cookies, please check our Cookie Policy
3. With whom PeopleCert shares your Personal Data
We never sell your Personal Data or disclose it to third parties for marketing purposes (if Test Owners whose examinations you take market other services to you, it is their responsibility to comply with applicable data protection legislation). We may disclose Personal Data to third parties in the following circumstances:
- to other PeopleCert companies
- if we have obtained your consent to do so
- as part of the Certification Services, including:
- during examination sessions, through contact between Candidates and examination staff
- sharing with Test Owners
- by disclosing your examination results:
- as part of a Certificate Verification Service (CVS)
- to a Partner through which you took your examination, for sharing with you
- as requested by your employer or other person or entity who booked an examination on your behalf (directly or via a Partner)
- to providers who support PeopleCert’s services, with appropriate agreements to ensure the Personal Data is used only for these supporting services and in accordance with this Privacy Policy,
- when we are required by law or court order, or requested by a regulatory or governmental authority legally authorised to request such disclosure
- where we suspect fraudulent activity on SELT exams, we will share your information with the UK Home Office who will take appropriate enforcement action
- if you are suspected and/or investigated for examination malpractice
- to the UK Home Office, if you have participated in Secure English Language Tests (SELT) in order to obtain a visa in the UK
- if required to protect the rights, property or safety of PeopleCert, its business partners or Test Owners.
4. Transfers of Personal Data to third countries
Whenever we transfer your Personal Data out of the European Economic Area (EEA), we ensure that your Personal Data is protected in accordance with applicable law, including through contractual commitments where required.
If you or the Partner through which you took your examination are based outside the EEA, we transfer your Personal Data to you or the Partner in order to establish or perform a contract with you, or otherwise with your consent.
In other circumstances, we will only transfer your Personal Data to third countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or where there are appropriate safeguards or other bases for transfer under applicable law. For example, we may transfer your Personal Data to the United Kingdom based on the adequacy decision for the United Kingdom. Appropriate safeguards to protect your Personal Data may include Standard Contractual Clauses adopted by the European Commission.
5. Your rights
If you wish to exercise any of the rights set out below, please complete the GDPR Data Request Form and send it to the PeopleCert Data Protection Officer contact us at dataprotection@peoplecert.org.
| Legal rights | Description |
|---|---|
| Right to be informed | PeopleCert is publishing this Privacy Policy to let you know what we do with your personal information. We strive to be transparent about how we use your Personal Data. |
| Right to access | You may request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. |
| Right to rectification | You may request rectification of the personal data that we hold about you. This enables you to correct any incomplete or inaccurate data we hold about you , though we may need to verify the accuracy of the new data you provide. |
| Right to erasure | You may request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data. Note, however, that we may not always be able to satisfy your request of erasure for specific legal reasons which will be communicated to you, if applicable, at the time of your request. |
| Right to object | You have the right to object to the processing of your Personal Data based on our legitimate interests. Note, however that we may continue the processing if we have a compelling reason for doing so which will be communicated to you, if applicable, at the time of your request. |
| Right to restrict processing | You may request us to restrict / suspend processing your Personal Data in certain situations specified in GDPR. This may permit us to store the data but not further process it. |
| Right to data portability | You may request the portability (transfer) of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. |
| Right to withdraw consent | You may withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. |
6. How we protect your Personal Data (Data Security)
We use appropriate technical and organisational measures to protect Personal Data from unauthorised use, access, disclosure, alteration or destruction. These precautions include physical, electronic and operational procedures in compliance with the ISO 27001 and Cyber Essentials standards. These are indicatively:
- measures to ensure that data processing systems cannot be used by unauthorised persons
- measures to ensure that persons authorised to use data processing systems have access only to the data for which they have been authorised
- measures to ensure that during electronic transmission, or during transfer, or recording, personal data may not be transmitted, copied, altered or removed by unauthorised persons
- measures to verify whether and by whom personal data have been entered, modified or deleted in data processing systems
- measures that ensure that personal data processed by third parties are processed only in accordance with our instructions
- measures to ensure that data collected for different purposes, are processed separately.
7. Laws in Other Countries
At PeopleCert, we are committed to complying with all applicable privacy laws in the countries where we operate our services. Some countries have privacy laws or regulations that may grant you additional rights beyond what is stated in this Privacy Policy. If you believe that you have such rights, please inform us. We are committed to addressing any valid privacy requests promptly and in accordance with the relevant laws.
a) US Family Educational and Privacy Act (“FERPA”)
PeopleCert complies with FERPA where it is applicable. In this section, “Education Record” and “Directory Information” have the definitions provided in FERPA. In particular, we:
- do not disclose a student’s Education Record without obtainingthe prior written consent of the student or the student’s parent, unless disclosure falls within one of the exceptions listed below in this section 7;
- may disclose personal data that is part of an Education Record where the informationis shared with (i) a school official with a legitimate educational interest in the record, (ii) an official for an audit or evaluation, (iii) appropriate parties in connection with financial aid, (iv) appropriate officials pursuant to a health or safety emergency, (v) juvenile justice authorities under state law, (vi) accrediting agencies and/or (vii) an organisation conducting certain studies for or on behalf of the school, or pursuant to a judicial order or subpoena;
- may disclose Directory Informationwithout prior consent of the student or the student’s parent, subject to applicable rights to restrict the disclosure of such information.
8. Third Party Links
Our websites may include links to third-party websites or applications. Clicking on those links may allow third parties to collect or share your data. We do not control these third-party websites and applications and are not responsible for their privacy notices. We encourage you to read the privacy notices of third-party sites that you visit.
9. Amendments to the Privacy Policy
This Policy is updated when necessary. If there are significant changes in our Policy, we will make reasonable efforts to inform you (by any appropriate means) before the changes take effect.
We encourage you to read this Data Privacy Policy from time to time to stay informed about the processing of your personal data by PeopleCert. This Data Privacy Policy was last modified on 06/11/2023.
10. Contact details and complaints
For any questions, requests, clarifications or complaints about the processing of your personal data, please contact the PeopleCert Data Protection Officer:
By letter: to any of the addresses in section 1 of this Policy
By e-mail: dataprotection@peoplecert.org
If you believe that we have not addressed a problem with processing of your Personal Data, you may lodge a complaint before the data protection authorities in your country.
