4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data in order to carry out our mission as a non-profit organisation. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you, such as our obligations to you in connection with your rights as to certification, for example.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data because we do not generally send third party marketing communications to the European Economic Area (EEA). In any event, if we send you any communications, you will have the opportunity to Opt-Out.
LAWFUL BASIS
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact the Chief Privacy Officer if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity
|
Type of data
|
Lawful basis for processing including basis of legitimate interest
|
| To register you as a candidate, , examination or assessment taker, certificant or recertificant
|
(a) Identity
(b) Contact
|
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to certify you and maintain your certification)
|
| To process and deliver your activities (certifications etc.), including:
(a) Manage payments, fees and charges (b) Collect and recover money owed to us
|
(a) Identity
(b) Contact (d) Transaction (e) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary for our legitimate interests to inform you about examination or assessment administration details, to inform you about the maintenance requirements of your certification, to recover debts due to us, etc.)
|
| To manage our relationship with you which will include:
(a) Notifying you about changes to our policies or terms of service
|
(a) Identity
(b) Contact (c) Profile (d) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and maintain your certification eligibility and validation information)
|
| To administer and protect our operations and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
(a) Identity
(b) Contact (c) Technical
|
(a) Necessary for our legitimate interests (for running our operation, administering examinations or assessments, maintaining certifications, provision of administration and IT services, network security, to prevent fraud etc.)
(b) Necessary to comply with a legal obligation
|
| To use data analytics to improve our website and visitor experiences
|
(a) Technical
(b) Usage
|
Necessary for our legitimate interests (to keep our website updated and relevant)
|
MARKETING
We do not conduct digital or email marketing to noncertificants. All marketing to certificants is done in connection with the certification programmeme opportunities (updates, etc.) in the EEA and each EEA certificant will have the opportunity to Opt-Out from such marketing.
OPTING OUT
You can ask us to stop sending you marketing messages by following the opt-out links on any marketing message sent to you or by contacting the Chief Privacy Officer. Please allow a reasonable time for us to respond to your request.
COOKIES
A cookie is a small text file that can be stored on your computer when you visit websites. Information is saved in this text file to ensure a smooth and interactive experience on the internet. Cookies usually also have an expiration date. For example, some cookies are automatically deleted when you close your browser (so-called session cookies), while others can be stored longer on your computer, sometimes until you delete them manually (so-called permanent cookies).
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Statement.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.