The General Data Protection Regulation (GDPR) defines data privacy laws across the European Union. It gives individuals control over their personal data and requires organisations to protect that data when shaping their services. The provisions of the EU GDPR were incorporated directly into UK law following the UK’s departure from the EU. The UK GDPR sits alongside the Data Protection Act 2018 with some technical amendments so that it works in a UK-only context.
At Qualification Check we have reviewed our internal procedures, security framework, terms and policies, and we are pleased to provide you with more information and choices regarding your personal data.
How we use personal data
We only use personal data of individuals subject to a verification check to perform our services. We do not sell, or in way share such personal information with third-parties for advertising or marketing purposes.
We store personal data of individuals subject to a verification check on the systems of our secure cloud provider based in the UK.
Length of data retention
We keep personal data of individuals subject to a verification check for as long as necessary to perform our services, but, in any case, for no longer than 12 months from completion of the verification.
Users are always free to contact us and request a shorter retention period for personal data of the individuals subject to verification checks
In order to be able to defend ourselves from future claims, we may need to retain some of the personal information regarding your organisation, contract, payment and verification history with us for up to 6 years after the performance of our obligations to you.
Please contact us if you wish to learn more about which personal data we are holding about you.
Why and when we share personal data
To perform a verification check we will share personal data of the individual subject to a verification check ( name, biographical data and other personal data regarding qualifications) with the university or institution from which they have obtained their qualification.
We may share personal data of individuals outside the EEA but only in limited circumstances: (i) if an individual subject to a verification check holds a qualification obtained outside the EEA; (ii) or has entered into an agreement with a QC client that requires his/her qualification to be sent to a destination outside the EEA.
In both cases, we will transfer the individual personal data outside the EEA on the basis that: (a) the individual has consented explicitly to the transfer of his/her personal data outside the EEA; (b) the individual is aware of the possible risks of transferring his/her personal data to a country outside of the EEA, where there may be an inadequate legislative and regulatory framework to protect privacy and Personal Data.
We also have subsidiaries located outside of the EEA with access through our internal systems to Personal Data of individuals. All QC subsidiaries behave in accordance with the GDPR despite their location.
Automated decision making
Whilst part of our processing of personal data is made through automatic means (e.g. software), all decision making regarding personal data is human made. Therefore, there is no automated decision making at any stage of our processing of personal data.
We protect personal data with encryption while they are processed and stored within our systems. We have also designed our processes to keep your personal data encrypted for as long as possible when (and if) we need to share it with third parties (such as universities and other educational institution).