Privacy Policy

CompEx Certification Limited Privacy Statement

Introduction

This privacy policy sets out the ways in which CompEx Certification Limited collects, processes and stores your personal information.

We are committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to all requirements of data protection regulations. However, the Internet is not a totally secure medium and CompEx Certification Limited shall not be responsible for any unauthorised use, distribution, damage, or destruction of personal data, except to the extent we are required to accept such responsibility by the Data Protection Regulations.

We follow strict security procedures in the collection, processing, storage, and disclosure of information which you have provided to one of our CompEx Approved Training Providers, to prevent unauthorised access in accordance with data protection regulations. We do not sell, rent, or exchange your personal information with any third party for commercial reasons. All personal information provided by which you can be identified, will only be used in accordance with this privacy statement.

What personal information do we collect?

Candidates

To apply for any Compex course, candidates must provide the following information:

  • Full Name
  • Date of Birth
  • Nationality
  • Current Address
  • Telephone number
  • E mail Address
  • Photo Identification (Passport/Driving Licence) for Identification Verification Purposes
  • Qualifications or evidence of relevant knowledge, skills, and experience as detailed in the Competency Pathway document https://compexcertification.com/centres/resource-centre/
  • Employer Details & Job Role
  • Photograph (for display on CompEx Certification) • All candidates who register for a CompEx qualification will be required to undergo Identification verification. (Further details in ‘How is your information processed and stored section’) Any prospective candidate that fails to provide the required information will be unable to undertake any CompEx assessments or receive Certification.

Registered Instructors/Assessors

For any applications for a position as a Registered Instructor, Assessor or both, applicants must provide the following data:

  • Application
  • Full Name
  • Date of Birth
  • Nationality
  • Current Address
  • Telephone Number
  • E mail Address
  • Qualifications
  • Curriculum Vitae
  • Reference Letters (Previous & Current Employer).
  • Photo Identification (Passport/Driving Licence) for Identification Verification Purposes

CompEx Approved Training Providers

For applications received in regard to becoming a Licensed CompEx ATP, the following information will be requested as part of the relevant due diligence documentation listed in the CompEx ATP Application process (CCL3007).

  • Registered Company Name/Legal Entity
  • Registered Company Number
  • Company Address
  • Full Names/Dates of Birth/Nationality of all staff directly connected to the delivery of CompEx.
  • Telephone Number
  • E Mail Address * Documents will be requested regularly from existing ATP’s to maintain due diligence

Service Users

For any individuals that register with or submit enquires to any of the CompEx services listed below the following data will be requested and stored: *

  • Name
  • Date of Birth
  • Address
  • Company Name
  • Telephone Number
  • E Mail Address

Services:

  • CompEx Website Enquiry Form
  • CompEx Certification Verification Portal
  • Submission of Enquiry to CompEx Certification Limited via E Mail/Telephone or in Writing
  • CompEx Store
  • CompEx LMS System
  • CompEx App * Details requested will vary dependent upon the service being utilised.

How is your information processed and stored?

Candidates

CompEx ATPs are required to collect, process, and store the above listed personal data on behalf of, and in compliance with the requirements of CompEx Certification Limited. ATP’s must hold this data for the period of certification (5 years). Any further data collection, storage or transfer to a 3rd party that is not detailed above and is not a requirement of the CompEx Scheme must be agreed between the CompEx ATP and the candidate. Furthermore, for the transfer of candidate data (such as personal information, learning progress, assessment results and/or qualification status) to a 3rd party, the ATP must have their own data sharing agreement in place, with the relevant 3rd party. Implementation of the CompEx Scheme requires information to be processed using paper based and electronic registration forms which are completed by candidates, processed by the CompEx ATP, and forwarded to CompEx Certification Limited for the candidate to be registered for assessment. All Candidates who register for a CompEx Course will be required to undergo Identification Verification. These checks will be conducted by Creditsafe and their delivery partner Credas.

All data will be stored in compliance with Data Protection Regulations specified in the below documents:

https://www.creditsafe.com/gb/en/legal/privacy-policy.html

GDPR compliance statement

Candidates/Users registered onto the CompEx LMS system will be required to provide their information as detailed in the CompEx LMS Platform section to gain access to the CompEx Pre-learning/support material. For candidates these details will already be provided as part of the registration process. This service is hosted by an external provider Amazon Web Services through their delivery partner Titus. All data will be stored in compliance with Data Protection Regulations specified in the below documents:

https://aws.amazon.com/privacy/

Privacy Policy

Instructor/Assessors:

Applications made to CompEx Certification Limited in relation to becoming a registered instructor or assessor must be accompanied by the documentation listed in the Registered Instructors/Assessors section. However, there is no requirement by CompEx for ATPs to store the data once processed unless the Centre employs them directly and has the correct data policies in place between themselves and their employee. Application Data is held solely by the Data Controller CompEx Certification Limited and is specific to the Instructor/Assessor registration process. This data is then held on secure servers and all paperwork is archived under Data Protection Regulations. All Instructors and/or Assessors who apply for or are licensed to deliver CompEx qualifications will be required to undergo Identification Verification. These checks will be conducted by Creditsafe and their delivery partner Credas.

All data will be stored in compliance with Data Protection Regulations specified in the below documents:

https://www.creditsafe.com/gb/en/legal/privacy-policy.html

GDPR compliance statement

Approved Training Providers

Applications made to the CompEx Certification Limited in relation to becoming a CompEx ATP must be accompanied by the documentation listed in the CompEx ATP Application Guide (CCL3007). Application Data is held solely by the Data Controller CompEx Certification Limited and is specific to Instructor/Assessor registration purposes. This data is then held on secure servers and all paperwork is archived under Data Protection Regulations. During the application process Centres will be subject to checks relating to international trade and financial sanctions. Centre staff directly involved in the delivery of CompEx will also undergo Identification Verification. These checks will be conducted by Creditsafe and their delivery partner Credas.

All data will be stored in compliance with Data Protection Regulations specified in the below documents:

https://www.creditsafe.com/gb/en/legal/privacy-policy.html

https://credas.com/gdpr-compliance-statement/ • Service Users: Service User data will be retained solely by CompEx Certification Limited and the JTL Group and will be stored on secure servers under Data Protection Regulations with the exception of the CompEx shop and CompEx App. Individuals purchasing goods from CompEx will be processed via Shopify and subject to screening relating to international trade and financial sanctions. These checks will be conducted by Creditsafe.

All data will be stored in compliance with Data Protection Regulations specified in the below documents:

https://www.shopify.com/uk/legal/privacy

https://www.creditsafe.com/gb/en/legal/privacy-policy.html

Data of Individuals downloading the CompEx App will be processed by appypie

All data will be stored in compliance with Data Protection Regulations specified in the below documents:

Privacy policy (appypie.com) CompEx Certification Limited will retain a record of your personal and certification information indefinitely. This is done for verification, validation, registration, and product analysis purposes. We will retain your information in accordance with Data Protection law and regulations.

What do we use personal information for?

We may use the information we hold about you in the following ways:

  • Internal Record Keeping
  • Verification of Candidates/Service Users
  • Validation of Certification
  • Contact you to provide you with information about JTL Group products, services, and developments.
  • Provide industry information.
  • Surveys
  • If it is necessary to contact you, for any reason relating to the provision of certification.
  • Use of aggregate information and statistics for the purposes of the development of our sites and services
  • Instructor/Assessor Registration purposes
  • Registration onto the CompEx LEDA Knowledge Hub (LEDA) where the chosen qualification has mandatory enrolment requirements.
  • Contact you directly in relation to our quality assurance processes, investigations, complaints, and appeals. Disclosure of your personal information We will not sell or license your personal information to any third party. However, we may disclose your personal information:
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation to do so
  • If our business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business
  • In line with the Certification Body Regulations and to support any CompEx Compliance ongoing investigation, Employers may be approached for further information where it is suspected that an individual working for them has made a false or misleading claim to CompEx Certification. Where the Compliance Investigation proves beyond doubt that the individual has made a false or misleading claim to CompEx Certification, then the employer will be informed of the outcome.
  • Where you have given your permission for CompEx to share your personal information with your employer, to feedback on your learning progress, the results of your assessment, and the status of your certification (i.e. where your learning and assessment has been funded by your employer).

Your Rights

Under the GDPR, you have various rights with respect to our use of your personal data. Details are listed below and clarify these rights and the contact process for both EU and Non-EU citizens. We have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include our company name in any correspondence you send to our Representative.

Removal of personal information

Individuals have a right to have personal information erased and to prevent processing in specific circumstances as detailed below:

  • Where the personal information is no longer necessary in relation to the purpose for which it was originally collected/processed.
  • When the individual withdraws permission, however this will result in any current certification being withdrawn.
  • The personal data must be erased to comply with a legal obligation. The right to remove personal information does not provide an absolute ‘right to be forgotten’. There are some specific circumstances where the right to removal does not apply and CompEx Certification Limited would provide details as to why on request.

Access to information

You have the right to request a copy of the information we hold about you at any time by contacting us at: Non-EU Citizens – privacy@compex-cert.com EU Citizens – eurep@itgovernance.eu

We will send you a subject access request to fill and return to us. There is no fee applicable to this request, however, a ‘reasonable fee’ will be applied when a request is manifestly unfounded or excessive, particularly if it is repetitive.

Amendments, corrections and withdrawal of permissions

To request any updates or corrections to information held or request the withdrawal of information please contact us at: Non-EU Citizens – privacy@compex-cert.com EU Citizens – eurep@itgovernance.eu For any of the above we will send out a data rectification form to complete and return to us along with supporting ID documentation. No amendments or withdrawals can be actioned without proof of identification.

Unsubscribing

You may unsubscribe from marketing communications at any time by contacting us at: Non-EU Citizens – privacy@compex-cert.com EU Citizens – eurep@itgovernance.eu Please state clearly in the correspondence that you wish to opt out.

Changes to our privacy statement

Any future changes or updates to this privacy policy will be posted on this page.

Back to top of page