PeopleCert Privacy Policy

This section provides a description of the categories of Personal Data we collect about you, the ways we use your Personal Data, the legal bases on which we rely and the period of time we retain your Personal Data.

a. Online account

PeopleCert examination candidates (“Candidates”) must have an online account (“Account”), which is created and accessible via the PeopleCert website. Users who are not Candidates also may voluntarily create Accounts. Your Account contains some or all the Personal Data that we hold about you and makes it easier for you to use our services. If the User of the Account is a child below the age of 16 years, we will request consent for the collection and processing of Personal Data from a holder of parental responsibility over the child.

PeopleCert’s MyAxelos membership service is available to you with an active membership to the service https://my.axelos.com. Subscribers are required to create an account during the subscription process. After subscribing you can use these login credentials to access the service, as long as your subscription remains active.

b. Examination and certification services

PeopleCert provides examination and certification services (“Certification Services”) as a Personnel Certification Body and Accredited Examination Institute. Some of our Certification Services are offered in cooperation with (i) organisations (including public authorities) that provide examination content or otherwise authorise examinations (“Test Owners”) and/or (ii) organisations who are authorised and approved by PeopleCert for delivery of Certification Services (“Partners”). Some authorised Partners may also provide training services related to PeopleCert certifications.

PeopleCert also maintains a registry containing details of all certified persons. As a Personnel Certification Body and Accredited Examination Institute we operate publicly available a Certificate Verification Service (“CVS”) accessible via our CVS websites for PeopleCert,and Axelos.The CVS allows Users and third parties (e.g., employers) to confirm the authenticity and accuracy of any PeopleCert certificate by entering the serial number of the relevant certificate.

c. Online proctoring

PeopleCert offers examinations through PeopleCert Online Proctoring (OLP) services, allowing Candidates to take an online exam at their preferred time and location (i.e., almost anywhere they have internet access and a suitable room). PeopleCert OLP connects Candidates via webcam directly to an authorised PeopleCert proctor (invigilator), who guides them and monitors the exam session. We record the exam session, ensuring its security and integrity. For OLP examinations we also take a photograph of the Candidate for ongoing identification purposes and inclusion in the examination statement of results if it is required. PeopleCert may use your Personal Data to investigate malpractice and/or mismanagement during the examination process. The examination process is monitored by authorised internal teams who have access to the recorded material (video).

d. Biometric verification of identity

PeopleCert verifies the identity of examination candidates. Identity verification processes include ID document verification, liveness detection, facial recognition and/or voice recognition. The ID Verification tool checks the validity and authentication of the provided identification document. The liveness detection check determines whether credentials supplied to pass a biometrics identity check represent a live person rather than a high-tech imitation. The facial recognition verification tool can identify a human face in the digital copy of your provided identification document and compare it to the person taking the exam and/or PeopleCert database. In case of regulated exams which include assessments that are subject to the control of government or regulatory authorities, such as language certification examinations, PeopleCert uses biometric measurements. This practice ensures the highest standards of security and integrity, serving the substantial public interest. For unregulated exams which do not fall under the purview of government or regulatory bodies, such as Business & IT examinations, PeopleCert may use biometric measurements only upon candidate’s consent.

e. Internal Training

PeopleCert may use the personal data collected during the examination process for internal training purposes in order to improve its services and to prevent malpractice.

f. Books and e-books

PeopleCert sells and provides physical and electronic books related to its certification services. To access your e-book, you are being redirected to the virtual environment of our e-book provider Vitalsource, but we do not share your Personal Data with Vitalsource.

g. Canvas Learning Management System

PeopleCert provides access to the Canvas Learning Management System to deliver our Official Training Materials and enhance robust digital learning. To access the Canvas LMS, you are redirected to the services of our provider Instructure. You may find more information in the Instructure Privacy Policy at Product Privacy | Policy | Instructure.

PeopleCert also supports and enables users to use the Canvas LMS and provides advice if users experience difficulties with the platform.

h. Oral exams using interlocutors

PeopleCert conducts oral exams for physically present candidates through the PeopleCert Interlocutor Application. Interlocutors access a session, select the candidate to examine from an existing list and record the oral part of the exam session.

i. Online purchases

PeopleCert offers products, exams and services for purchase remotely and electronically. Payments are processed securely by our selected payment processors. PeopleCert does not store or have access to credit or debit card information. This information is securely provided by Users directly to our payment processors at the time of purchase. Where users opt to store credit or debit card information, PeopleCert’s payment processors will use this data for the sole purpose of facilitating further purchases by the users. To ensure the safety of electronic purchases, PeopleCert complies with PCI-DSS (Payment Card Industry – Data Security Standard).

i. Customer support

PeopleCert offers 24/7 customer service support to Users (both organisations and individual Candidates) to handle their requests. You may submit your request through email, telephone and online chat. Telephone calls and online chats may be recorded in order to ensure proof of transactions. If you do not wish to contact us by the above means, you can always send us a message at customerservice@peoplecert.org.

k. Surveys

From time-to-time PeopleCert may run surveys, polls and similar initiatives (“Surveys”), to request information from Users to assist us to improve our products, services and operating practices. Participation in Surveys is always voluntary, and Personal Data provided in Survey responses will always remain strictly confidential. The results of Surveys may be aggregated, and anonymised, and such anonymised information may be shared with third parties.

l. Suppliers

We collect data on suppliers of good and services to manage our relationships with the suppliers. The information may include personal details of supplier representatives.

m. Marketing communications

If you have opted in to receiving marketing communications, PeopleCert may occasionally contact you via various means (e.g., email, SMS) to inform you of new PeopleCert products and services, and other PeopleCert developments. Our partners and Test Owners are not permitted to use your Personal Data for marketing or similar purposes unless specific consent has been given by you. You have the option of opting out of such communications at any time, by using the “unsubscribe” links in the communications or by contacting us at dataprotection@peoplecert.org. Additionally, we may collect directly or indirectly (from our partners) your contact details during corporate events and we may contact you in order to promote our new products or/and services.

n. Cookies

PeopleCert uses cookies on its websites to optimise user experience, enhance security and combat fraudulent and/or malicious web activity. You can adjust your browser settings to refuse or accept cookies. For more information about cookies, please check our Cookie Policy

3 With whom PeopleCert shares your Personal Data

We never sell your Personal Data or disclose it to third parties for marketing purposes (if Test Owners whose examinations you take market other services to you, it is their responsibility to comply with applicable data protection legislation). We may disclose Personal Data to third parties in the following circumstances:

•  to other PeopleCert companies
•  if we have obtained your consent to do so
•  as part of the Certification Services, including:
  •  during examination sessions, through contact between Candidates and examination staff
  •  sharing with Test Owners
•  by disclosing your examination results:
  •  as part of a Certificate Verification Service (CVS)
  •  to a Partner through which you took your examination, for sharing with you
  •  as requested by your employer or other person or entity who booked an examination on your behalf (directly or via a Partner)
•  to providers who support PeopleCert’s services, with appropriate agreements to ensure the Personal Data is used only for these supporting services and in accordance with this Privacy Policy,
•  when we are required by law or court order, or requested by a regulatory or governmental authority legally authorised to request such disclosure
  •  where we suspect fraudulent activity on SELT exams, we will share your information with the UK Home Office who will take appropriate enforcement action
•  if you are suspected and/or investigated for examination malpractice
•  to the UK Home Office, if you have participated in Secure English Language Tests (SELT) in order to obtain a visa in the UK
•  if required to protect the rights, property or safety of PeopleCert, its business partners or Test Owners.

4 Transfers of Personal Data to third countries

Whenever we transfer your Personal Data out of the European Economic Area (EEA), we ensure that your Personal Data is protected in accordance with applicable law, including through contractual commitments where required.

If you or the Partner through which you took your examination are based outside the EEA, we transfer your Personal Data to you or the Partner in order to establish or perform a contract with you, or otherwise with your consent.

In other circumstances, we will only transfer your Personal Data to third countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or where there are appropriate safeguards or other bases for transfer under applicable law. For example, we may transfer your Personal Data to the United Kingdom based on the adequacy decision for the United Kingdom. Appropriate safeguards to protect your Personal Data may include Standard Contractual Clauses adopted by the European Commission.

5 Your rights

If you wish to exercise any of the rights set out below, please complete the GDPR Data Request Form and send it to the PeopleCert Data Protection Officer contact us at  dataprotection@peoplecert.org.

6 How we protect your Personal Data (Data Security)

We use appropriate technical and organisational measures to protect Personal Data from unauthorised use, access, disclosure, alteration or destruction. These precautions include physical, electronic and operational procedures in compliance with the ISO 27001 and Cyber Essentials standards. These are indicatively:

• measures to ensure that data processing systems cannot be used by unauthorised persons
• measures to ensure that persons authorised to use data processing systems have access only to the data for which they have been authorised
• measures to ensure that during electronic transmission, or during transfer, or recording, personal data may not be transmitted, copied, altered or removed by unauthorised persons
• measures to verify whether and by whom personal data have been entered, modified or deleted in data processing systems
• measures that ensure that personal data processed by third parties are processed only in accordance with our instructions
• measures to ensure that data collected for different purposes, are processed separately.

7 Laws in Other Countries

At PeopleCert, we are committed to complying with all applicable privacy laws in the countries where we operate our services. Some countries have privacy laws or regulations that may grant you additional rights beyond what is stated in this Privacy Policy. If you believe that you have such rights, please inform us. We are committed to addressing any valid privacy requests promptly and in accordance with the relevant laws.

a)  US Family Educational and Privacy Act (“FERPA”)

PeopleCert complies with FERPA where it is applicable. In this section, “Education Record” and “Directory Information” have the definitions provided in FERPA. In particular, we:

• do not disclose a student’s Education Record without obtainingthe prior written consent of the student or the student’s parent, unless disclosure falls within one of the exceptions listed below in this section 7;
• may disclose personal data that is part of an Education Record where the informationis shared with (i) a school official with a legitimate educational interest in the record, (ii) an official for an audit or evaluation, (iii) appropriate parties in connection with financial aid, (iv) appropriate officials pursuant to a health or safety emergency, (v) juvenile justice authorities under state law, (vi) accrediting agencies and/or (vii) an organisation conducting certain studies for or on behalf of the school, or pursuant to a judicial order or subpoena;
• may disclose Directory Informationwithout prior consent of the student or the student’s parent, subject to applicable rights to restrict the disclosure of such information.

8 Third Party Links

Our websites may include links to third-party websites or applications. Clicking on those links may allow third parties to collect or share your data. We do not control these third-party websites and applications and are not responsible for their privacy notices. We encourage you to read the privacy notices of third-party sites that you visit.

9 Amendments to the Privacy Policy

This Policy is updated when necessary. If there are significant changes in our Policy, we will make reasonable efforts to inform you (by any appropriate means) before the changes take effect.

We encourage you to read this Data Privacy Policy from time to time to stay informed about the processing of your personal data by PeopleCert. This Data Privacy Policy was last modified on 06/11/2023.

10 Contact details and complaints

For any questions, requests, clarifications or complaints about the processing of your personal data, please contact the PeopleCert Data Protection Officer:

By letter: to any of the addresses in section 1 of this Policy

By e-mail: dataprotection@peoplecert.org

If you believe that we have not addressed a problem with processing of your Personal Data, you may lodge a complaint before the data protection authorities in your country.