Back

Privacy Policy

This Privacy Policy (“Policy”) explains how IAQCert (“IAQCert,” “Company,” “we,” “us”) collects, uses, discloses, and protects personal information when you use our sites, courses, assessments, or related services (the “Services”).

We operate globally and align this Policy with PIPEDA (Canada), Quebec Law 25, and where applicable the GDPR/UK GDPR and other privacy laws. Marketing communications comply with CASL.

1. Scope & Roles

This Policy applies to personal information we process about visitors, learners, instructors, and other users of our Services. IAQCert generally acts as a controller (PIPEDA/GDPR equivalent) for your account, course enrollment, and certification data. For certain features (e.g., proctoring/ID verification), third-party providers act as our processors, processing data on our instructions.

2. Information We Collect

2.1 Information you provide

  • Account & Profile: name, email, password, contact details, country/region, employer (if provided), role/title.
  • Course & Assessment: course selections, progress, attempts, scores, feedback, support messages.
  • Payments: we receive payment confirmations from processors (e.g., transaction ID, success/fail). We do not store full card numbers.
  • User Content: posts, reviews, uploads, or submissions you choose to provide.

2.2 Information collected automatically

  • Usage & Device Data: IP address, device type, browser type/version, operating system, time zone, referring URLs, pages viewed, clicks, crash logs.
  • Cookies & Local Storage: see Section 4.

2.3 Information from third parties

  • Proctoring/Verification Providers: results of identity checks, session logs, rule triggers.
  • Payment Processors: payment status, transaction identifiers (no full card data).
  • Anti-Fraud & Security Tools: signals used to prevent abuse.

3. How We Use Information (Purposes & Legal Bases)

We use personal information for the following purposes and legal bases (GDPR/UK GDPR where applicable; similar principles under PIPEDA/Law 25):

  • Provide the Services & Customer Support (contract / legitimate interests).
  • Operate Courses & Assessments including attempts, scoring, certification, integrity controls (contract / legitimate interests).
  • Identity Verification & Proctoring to protect exam integrity and prevent fraud (legitimate interests / legal obligations / consent where required).
  • Service Improvement, Debugging & Analytics (legitimate interests / consent where required).
  • Security & Abuse Prevention (legitimate interests / legal obligations).
  • Transactional Communications such as receipts, exam notices, policy updates (contract / legal obligations).
  • Marketing Communications with your opt-in consent under CASL/GDPR; you can withdraw any time (consent).
  • Legal Compliance, Disputes & Enforcements (legal obligations / legitimate interests).

4. Cookies, Analytics & Similar Technologies

We use cookies and similar technologies to run the site and understand usage. Categories include:

  • Strictly Necessary: essential for login, security, and core features.
  • Functional: remember preferences (e.g., language).
  • Analytics: measure usage and performance; we use aggregated reports to improve the Services.

Choices: You can control cookies through your browser settings. Some browsers offer “Do Not Track” or global privacy controls; we will treat legally recognized signals as requests to limit certain tracking where required by law. Disabling certain cookies may affect Service functionality.

We do not currently use third-party advertising networks on our site.

5. Assessments, Proctoring & Identity Verification

For specific courses and exams, we may enable proctoring or identity verification to protect assessment integrity and deter fraud. Depending on configuration, the provider may collect:

  • Session metadata (timestamps, IP, device/browser),
  • Screen and/or camera capture, audio where permitted,
  • Exam event logs (tab switching, flags),
  • ID document images and limited data points required to confirm identity.

What we do not do: IAQCert does not create or store biometric templates, nor do we use facial recognition to uniquely identify you. If a vendor performs automated matching for anti-fraud, it is limited to integrity purposes and under our instructions.

Retention: Proctoring session media is retained for a limited period (typically up to 90 days), unless extended for investigations, appeals, or legal obligations. Identity verification data is retained only as long as necessary to complete verification and for audit/legal requirements. Exact retention may vary by provider configuration; details are available on request.

6. Disclosure to Service Providers & Partners

We share personal information with service providers who process it on our behalf for the purposes above, including:

  • Hosting & Infrastructure (e.g., cloud platforms),
  • Learning & Assessment Tools (LMS, exam engines, proctoring, ID verification),
  • Payments (payment processors; we do not store full card data),
  • Support & Communications (email delivery, ticketing),
  • Analytics & Security (fraud prevention, performance monitoring).

We require providers to protect data and use it only for our documented instructions. We may also disclose information if required by law, to protect rights/safety, or in connection with a business transaction (merger, acquisition, reorganization).

7. International Transfers

We may transfer personal information to countries other than where you reside (including the United States, Canada, EU/UK). Where applicable, transfers rely on mechanisms such as Standard Contractual Clauses (SCCs) and comparable safeguards, plus supplementary measures as needed.

8. Security

We implement reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information (e.g., encryption in transit, access controls, logging). No system is 100% secure; we cannot guarantee absolute security.

9. Data Retention

We retain personal information only as long as necessary for the purposes outlined, and as required by law. Typical periods:

  • Account & Course Records: for the life of your account plus up to 24 months for audits/disputes.
  • Assessment Logs & Scores: up to 5 years to preserve credential integrity and handle challenges.
  • Proctoring Media: typically up to 90 days unless extended for investigations or legal needs.
  • Payment Metadata: per financial recordkeeping requirements (generally 7 years max in many jurisdictions).
  • Support Tickets: up to 24 months after closure.

10. Your Privacy Rights & Choices

Depending on your location, you may have rights to request: access, correction, deletion, portability, restriction/objection to processing, and withdrawal of consent. You can exercise rights by contacting support@iaqcert.com. We may request information to verify your identity. You also have the right to lodge a complaint with your local supervisory authority.

11. Electronic Communications & Marketing (CASL)

Transactional emails (e.g., receipts, exam notices, policy updates) are necessary for the Services. Marketing emails require your opt-in consent; you can withdraw consent at any time using the unsubscribe link or by contacting us. Your choices do not affect transactional communications.

12. Certificates & Public/Private Verification Directory

To support credential validation and deter fraud, IAQCert may maintain a verification directory. With your consent (obtained during certification workflows), we may display your name, certificate type, and status (active/revoked). You may request updates or opt-out where permitted by law; certain verification uses may be required to protect credential integrity.

13. Children & Minimum Age

Our Services are intended for individuals 18+ (or the age of majority in your jurisdiction). We do not knowingly collect personal information from individuals under 18. If you believe a minor provided personal information, contact us and we will delete it.

15. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with a new “Last Updated” date. If required by law, we will notify you and, where applicable, request your consent.

16. Contact & Controller Information

IAQCert
support@iaqcert.com

Last Updated:

Back to top ↑

Privacy Policy

How IAQCert collects, uses, discloses, and protects personal information globally (PIPEDA, Law 25, GDPR/UK GDPR, CASL aware).

1. Scope & Roles

Applies to visitors/learners/instructors using our Services. IAQCert is generally the controller; certain tools (e.g., proctoring) operate as our processors under instruction.

2. Information We Collect

You provide: name, email, contact, course data, attempts/scores, feedback, support tickets, and payment confirmations from processors (no full card data).

Automatic: IP, device/browser, OS, logs, pages viewed, cookies/local storage.

Third parties: proctoring/ID results, payment status, anti-fraud/security signals.

3. Uses & Legal Bases

Provide and support Services; operate courses/assessments; verify identity/proctor; improve and secure Services; send transactional emails; send marketing with consent; comply with law; manage disputes. Legal bases: contract, legitimate interests, consent, legal obligations.

4. Cookies & Analytics

We use strictly necessary, functional, and analytics cookies. You can control cookies in your browser. We honor legally recognized privacy signals where required. No advertising networks currently.

5. Proctoring & ID

May capture session metadata, screen/camera, exam event logs, and ID images to protect integrity. We do not create biometric templates or use facial recognition. Typical retention: up to 90 days unless needed longer for investigations or legal obligations.

6. Service Providers

Hosting, learning/assessment tools, proctoring/ID, payments, support/email, analytics/security. Providers act under contract and data protection safeguards.

7. Transfers

Data may be transferred internationally with appropriate safeguards (e.g., SCCs) and supplementary measures as needed.

8. Security

Reasonable administrative, technical, and physical safeguards (e.g., encryption in transit, access controls). No system is 100% secure.

9. Retention

Account/course records: life of account + up to 24 months; assessment logs: up to 5 years; proctoring media: typically up to 90 days; payment metadata: up to 7 years; support tickets: up to 24 months.

10. Rights

Rights may include access, correction, deletion, portability, restriction/objection, and withdrawing consent. Email support@iaqcert.com. You may lodge a complaint with your authority.

11. E-Comms & Marketing

Transactional emails are required to run the Services. Marketing emails require your opt-in consent; unsubscribe anytime.

12. Verification Directory

With your consent, we may display your name, certificate type, and status (active/revoked) for credential validation. Opt-out where permitted; some verification may be required to protect credentials.

13. Children

Intended for individuals 18+. We do not knowingly collect data from those under 18. Contact us to remove any such data.

15. Changes

We may update this Policy. Material changes will be posted here with a new date; we will notify you and request consent where required.

16. Contact

IAQCert
support@iaqcert.com

Last Updated:

Back to top ↑