This Privacy Notice covers the processing of personal data necessary for the certification activities, including ethics and disciplinary matters, of the International Board of Lactation Consultant Examiners® (IBLCE®).
This Privacy Notice applies to you if you are an examination or assessment taker, a certificant, a person who files a complaint with us about a certificant (a “complainant”), a person who has completed Continuing Education Recognition Points (“CERPs”) through an IBLCE® CERP Provider Programme undergoing audit, or a third party whose personal data is disclosed or submitted in connection with an ethics and disciplinary proceeding.
Who We Are
We are the International Board of Lactation Consultant Examiners® (IBLCE®) and our global Headquarters are located at 10301 Democracy Lane, Suite 400, Fairfax, VA 22030, USA (Phone: +1 703-560-7330; e-mail: email@example.com). You can find a list of all our contact points HERE.
If you have any questions about how we process your personal data, please contact firstname.lastname@example.org. IBLCE® serves as the controller of the information you submit to us or we collect about you in connection with a certification exam or assessment, an application, certification and the maintenance of a certification, and any ethics and disciplinary matters, and the means through which it is processed.
a. If you are an examination or assessment taker, applicant, or certificant, the purposes of the processing activities relate to organising the certification examination and assessment, the administration of the examination and assessment, online remote assessment of the examination, managing the application process, evaluating your knowledge and preparedness for obtaining the certification, and if you become certified, maintaining and managing your certification, including any ethics and disciplinary matters. We will use your contact information for sending occasional communications necessary for the certification process and the maintenance and management of your certification, if you obtain one, and any ethics and disciplinary matters.
b. If you are an individual who has completed Continuing Education Recognition Points (“CERPs”) through an IBLCE® CERP Provider Programme undergoing audit, or a speaker in the programme, the purposes of the processing activities relate to the audit process detailed in IBLCE® CERPs programme policies and procedures, available HERE.
c. If you are a complainant or a third party whose personal data is disclosed or submitted in connection with an ethics and disciplinary proceeding, the purposes of the processing activities relate to the proceeding undertaken in connection with a complaint pursuant to our Disciplinary Procedures for the Code of Professional Conduct for IBCLCs (“E&D Procedures”) HERE.
We will use your contact information for sending occasional communications necessary for the proceedings undertaken pursuant to our E&D Procedures.
a. If you are an examination or assessment taker, applicant, or certificant, the legal basis we rely on for processing the personal data that you submit by filling out the “Examination application” form, an assessment form, or “Recertification Form” and for the creation of your online login for the administration of the test, assessment, or for recertification by CERPs is the performance of a contract to which you are party and taking steps at your request prior to entering the contract. For other processing we use a different lawful ground.
As part of the application process and during the examination or assessment, including online remote assessment, we may process special categories of data at your request (in particular data related to health when accommodations are requested and video during online proctoring may reveal special categories of data). For processing this data we rely on your consent.
Whether you are taking the examination at a testing centre or via online remote assessment, you will be subject to direct video recording. Access to the recorded material will be strictly limited to authorised personnel and retained for a period as allowed by local applicable law and only as necessary.
When taking the examination via online remote assessment, you will be monitored through your webcam, microphone, and computer or other device you are using, which will all be accessible to a remote examiner through remote access software. This means that you, your computer or other device activity, and your immediate surroundings, and anything else within range of your webcam or viewable on your computer or device screen, may be monitored, viewed, recorded, and/or audited during your examination. All of the information collected about you will be for purposes of identity verification, conducting the examination, fraud prevention, security and integrity, and as otherwise required by law.
For processing of personal data related to your activity while logged in on our website and for generally maintaining and managing your certification (if you obtain one) and to handle related ethics and disciplinary matters, we rely on our legitimate interest to prevent unauthorised access, ensure security of our online presence and of your personal data, and ensure the accuracy of your personal data. For using your contact details to keep you informed about your certification application (including the examination) and your actual certification, if you obtain one, we rely on our legitimate interest.
b. If you are an individual who has completed Continuing Education Recognition Points (“CERPs”) through an IBLCE® CERP Provider Programme undergoing audit, or a speaker in the programme, we will process your information based on our legitimate interests to implement the IBLCE® CERP Provider programme. We will not process any special categories of data about you without your consent.
c. If you are a complainant, in connection with any complaint you submit pursuant to our E&D Procedures, we may process special categories of data about you or one or more of your children (under the age of 16) at your request. This personal data may be obtained either from you, the certificant about whom you are complaining, or from third parties whom either you or the certificant identify as persons with knowledge about your complaint. For processing this data we rely on your consent.
d. If you are a third party whose personal data is disclosed or submitted in connection with an ethics and disciplinary proceeding, we will process your information based on our legitimate interests to implement the E&D Procedures. We will not process any special categories of data about you without express consent.
Categories of Personal Data
a. If you are an examination or assessment taker, applicant, or certificant, we process the personal data you submit with your application form, when contacting us to tell us about your particular situation, when making a specific request for examination or assessment accommodations, in connection with your actual certification or recertification, or in connection with any ethics and disciplinary matter, including information submitted by a complainant in a complaint against you or by a third party in relation to that complaint. The required information that is strictly necessary for the administration of the examination is marked with an asterisk in the application form. Failure to provide this information will result in the impossibility to take the certification examination or for us to certify or recertify you.
b. If you are an individual who has completed Continuing Education Recognition Points (“CERPs”) through an IBLCE® CERP Provider Programme undergoing audit, or a speaker in the programme, we may process personal data about you upon the occasion of an audit. This personal data is obtained through the IBLCE® CERP Provider undergoing audit. We will process your information based on our legitimate interests to implement the IBLCE® CERP Provider programme. We will not process any special categories of data about you without your consent.
c. If you are a complainant, we process the personal data you submit with your complaint, including personal data about any children of yours. In connection with the complaint, we may also receive personal data about you from the certificant and/or any third parties identified as persons with knowledge about your complaint during the proceedings undertaken pursuant to our E&D Procedures.
d. If you are a third party whose personal data is disclosed or submitted in connection with an ethics and disciplinary proceeding, we will process the personal data so submitted.
Recipients of Your Data
Except in connection with ethics and disciplinary proceedings under our E&D Procedures, IBLCE® does not make your personal data available to any third party, other than our vendors, who process personal data on our behalf and follow a strict mandate (they act as processors).
IBLCE® relies on vendors to support the administration of the certification examination and assessment, maintenance of certification and evaluation. Specifically, our vendors provide the following services:
- technical support for the administration of the examination and assessment (US)
- e-mail and cloud storage service provider (US)
- applicant and candidate management service provider (US)
In connection with ethics and disciplinary proceedings, if you are a certificant, complainant, or third party whose personal data is disclosed or submitted in connection with such proceedings, the information will be used and shared as necessary for the process set forth in the E&D Procedures.
According to our retention policy, we only keep personal data in our records as long as they are necessary for the purposes they have been collected and processed for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data; whether we can achieve those purposes through other means; and the applicable legal, regulatory, tax, accounting, or other retention requirements.
We adhere to our Data Retention Policy to determine how long we retain data, including personal data.
- We retain certification applications and all related materials and personal data, including any ethics and disciplinary proceedings data, for 10 years.
- We retain correspondence with you surrounding the organisation and administration of the examination for 3 years.
- We delete special categories of data you share with us for the organisation of the examination or assessment as soon as possible and we strictly restrict access to such data.
- We retain video recordings of test centre and remote examinations for a period no longer than 90 days, unless necessary for resolving and documenting any examination irregularities or other integrity issues related to your examination such as fraud, and then only for such purposes and as permitted or required by law.
- We retain names, addresses, examination scores, and certification status dates permanently.
If you are located outside of the United States, IBLCE® transfers personal data related to applications and administration of the examination or assessment to the United States. The United States has not sought nor obtained adequacy status for ensuring an equivalent level of protection of personal data, from the European Commission. There are risks associated to the transfers, but IBLCE® has put safeguards in place to protect your data after it is transferred.
To ensure the lawful transfers of personal data from the European Economic Area (EEA), IBLCE® relies on necessity for the performance of a contract as a derogation that allows international transfers to occur (Article 49 GDPR).
IBLCE® is committed to facilitate the exercise of your rights granted by data protection laws in a timely manner – the right to access your data, to ask for erasure, correction, restriction, portability of your data, or to object to the processing of your data.
In order to be able to reply to your request and if we are not certain of your identity, we may need to ask you for further identification data to be used only for the purposes of replying to your request. If you have any inquiries or requests, write to email@example.com or contact us through our postal address.
Access, Correction, and Other Requests
You have the right to obtain confirmation whether we process or not your personal data, as well as the right to obtain information about the personal data we process about you and to obtain a copy of this data.
You have the right to obtain erasure, correction (updating or completing your personal data), restriction, and portability of your personal data, under certain conditions.
Right to object
You also have the right to object at any time to receiving marketing materials from us by following the opt-out instructions in our commercial emails, as well as the right to object to the processing of your personal data based on your specific situation (only in those cases where we process the data on the basis of our legitimate interest, as detailed above). In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal obligations.
For all the processing operations that are based on your consent, as described above, you can withdraw consent at any time and we will stop those processing operations.
California Privacy Rights
California Civil Code Section §1798.83 allows California residents to ask organisations with whom they have an established business relationship to provide certain information about the organisations’ sharing of personal information with third parties for direct marketing purposes. IBLCE® does not share any California consumer personal information with third parties for marketing purposes without consent. California residents who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.
If you have any concerns or questions about how your personal data is used, please contact our Privacy Officer at firstname.lastname@example.org.
If you are located in the European Economic Area and you believe we have not been able to deal with your concern, you have a right to raise this issue with your local data protection authority. You have the right to submit a complaint in the Member State of your residence or place of work of an alleged infringement of the General Data Protection Regulation (GDPR).
Updated on April 6, 2022