Apply/Renew CSCS Card

Privacy Policy

AWARDING ORGANISATION POLICY

GQA PRIVACY POLICY (AOP-004)

GQA Qualifications – Our Mission and Values

GQA Qualifications Limited is an Awarding Body for specialist sectors and occupational roles. Our current qualifications cover a wide range of sectors, including the Glass and Fenestration Industries, Construction, Print, Automotive Glazing, Polymers, Nuclear, Chimney Occupations, Paper, Meteorology and Print. Our aim is to work with industries where we have access to knowledge either within GQA or by developing strong working relationships with sector specialists, giving us a real ability to discuss specific qualifications with both centres and employers. Qualification development is carried out in accordance with regulatory and Sector Skill Council requirements, using industry experts throughout the development and consultation processes. At GQA, our purpose is simple: to add life to a lifetime of learning. We believe that every learning opportunity is a chance for a personal breakthrough. That’s why our colleagues are committed to creating vibrant and enriching learning experiences designed for real-life impact.

Contents

1. Policy scope 2. Policy statement 3. Regulatory reference 4. Review Date

1. Policy Scope

This privacy policy sets out the way in which any personal information you provide to us is used and kept secure by us. It applies whenever and however we collect your personal data so please read it carefully.

2. Policy Statement

GQA Qualifications Ltd takes your privacy very seriously and is committed to protecting your personal information. For the purposes of applicable data protection law, including the General Data Protection Act 2018 (DPA), GQA Qualifications are “controllers” of learner and apprentice personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.

About this privacy policy

GQA is dedicated to ensuring data security and the fair and transparent processing of personal data. This privacy notice outlines how we handle the personal data of learners and apprentices. If you are a learner registered with GQA for learning purposes or an apprentice registered for end-point assessment, please read this notice carefully as it contains crucial information regarding who we are, how and why we collect, store, use, and share your personal data, your rights concerning your personal data, how to contact us, and how to contact supervisory authorities should you wish to report a concern about our processing of your personal data. This privacy policy also details the measures we take to safeguard your data. Please be aware that our website and other digital platforms may include links to third-party websites and digital platforms for your convenience. We are solely responsible for the privacy practices and security of our own digital platforms. We advise you to review the privacy and security policies of each website or digital platform you visit.

Legal basis for collecting data

We use and share your information:
  • to fulfil our role as a regulated awarding organisation/body in the UK
  • for public interest tasks
  • to meet legal obligations
  • with your consent, when given
  • for contract-related purposes
Special category data, such as health information, is used:
  • to fulfil our educational duties under relevant Acts
  • for substantial public interest tasks
  • to comply with legal obligations.

Information we collect and what we use it for

We collect your name, gender, date of birth, and any other personal data which is necessary in relation to a specific qualification or programme, apprenticeship, apprenticeship standard or framework, or assessment. We may also collect personal data if required to administer our quality assurance processes, investigations, complaints and appeals. This personal data is provided to us by centres, customers, employers, employer providers, training providers, awarding bodies, or other industry bodies you have registered and/or contracted with to receive learning, training, assessment, and/or certification products and/or services provided by us. In some circumstances, we may also collect and/or be provided with special category data, such as data about your physical or mental health or condition, to enable us to administer requests for reasonable adjustments, or in relation to an investigation, complaint, or appeal. Such data should only be collected and/or provided to us if you have provided your explicit consent or if we are otherwise permitted to receive and process it under the applicable data protection law. We assign a unique number to each learner and apprentice at the point of enrolment or registration, which we also use in relation to your learning, training, assessment, and/or certification. GQA Qualifications cannot operate without obtaining specific personal data. We will only collect personal information about you that is necessary to allow us to carry out our function as an Awarding Organisation/Body, for example issuing certificates, monitoring and quality assuring qualification delivery. Data can be collected directly from you, or in some cases from GQA approved training providers, colleges or partner organisations such as CSCS, CITB, Trade Federations etc. The personal data we collect could include, but is not limited to:
  • personal names, postal addresses, telephone numbers, email addresses, I.D photographs and other similar data
  • demographic details such as your postcode, age, gender, ethnicity etc.

How we process your personal data

We will process personal data on the basis of legitimate interests, i.e. provide you with information, products or services in line with contracts and service level agreements where applicable. GQA Qualifications will comply with our obligations under GDPR by keeping personal data up to date and stored and destroyed securely. Personal data will also be protected from loss, misuse and unauthorised disclosure. GQA will ensure that appropriate technical measures are in place to protect personal data. All personal information that we collect about you will be recorded, used, and protected by us in accordance with applicable data protection legislation and this privacy policy. We may supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations, for example, our approved centres and trade bodies.

Special category data

We may collect and/or be provided with special category data, such as data about your physical or mental health or condition. For example, we may collect and/or be provided with special category data to enable us to administer requests for reasonable adjustments, or in relation to an investigation, complaint, or appeal. With respect to special category data, we may also process such data if necessary for reasons of substantial public interest, including for the prevention or detection of unlawful acts or in compliance with, or to assist third parties to comply with, any regulatory requirements relating to the investigation of unlawful acts, dishonesty or malpractice.

Sharing of data

We may share your personal data with relevant third parties, where necessary, in relation to your learning, assessment, certification, or the verification of your learning, assessment or certification, and associated research and analytical activities, including:
  • regulatory authorities, sector skills councils, professional bodies and similar industry bodies; such as the Department for Education and the examinations regulators (e.g. Ofqual in England), other local authorities and the Universities and Colleges Admissions Service (UCAS).
  • skills certification schemes and bodies;
  • consortiums, authorised representatives, and partners; and
  • centres, customers, employers, employer providers, training providers, awarding bodies and similar third parties.
GQA collaborate with other awarding organisations, including sharing learner results data for statistical analysis and purposes including standardisation across general and vocational qualifications. An awarding body may also use information about you to investigate cheating and other examination malpractice and will share information about malpractice with other awarding bodies. We may also share your personal data with trusted third-party service providers, including:
  • legal and other professional advisers, consultants, and professional experts;
  • service providers contracted to us in connection with the provision of learning, assessment, and training products and/or services such as markers, moderators, invigilators, assessors, certification or credentialing providers, IT services and customer relationship management services;
  • our digital credential partner platform and
  • analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will ensure that there is a contract in place with such third-party service providers, which includes obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them, and which upholds your rights and freedoms with respect to personal data. Where a third party recipient is located outside the UK, European Economic Area, or any other approved country or territory, we will ensure that the transfer of personal data is protected by appropriate safeguards, including international data transfer agreements in the UK, and the use of standard data protection clauses adopted or approved by the European Commission when applicable. We will not share any personal data or information about you to third parties for advertising and marketing purposes. We may share some personal data where this is necessary for GQA Qualifications to carry out its legitimate business and comply with contracts and service level agreements. Other than these reasons we will not disclose any of your personal information to a third party, unless we believe, in good faith, that the law requires it or that the rights or property of GQA Qualifications need to be protected.

How long we keep your personal information

We will keep personal data relating to your learning, training, assessment, and/or certification in order to:
  • provide information about your learning, training, assessment and/or certification;
  • provide replacement certification;
  • respond to any questions, complaints or claims made by you, on your behalf or about you;
  • comply with any relevant third-party record retention requirements (e.g. those of a regulator); and
  • comply with any contractual, legal, audit, and other regulatory requirements, or any orders from competent courts or authorities.
We will also keep personal data relating to our quality assurance processes, investigations, appeals and complaints, in order to comply with applicable contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities. We retain your personal information for as long as necessary to provide the services you have requested, and where we have an ongoing legitimate business need to do so, such as complying with our legal obligations, resolving disputes, and enforcing our policies. Data retention periods may also be dictated by legal obligations, e.g. accounts are required to be retained for seven years, and GQA staff details are retained for seven years after employment ceases. GQA keeps personal data for no longer than is necessary for the above purposes.

How we protect your personal information

We take all reasonable steps to ensure that both we and our third-party service providers protect your personal data. This includes ensuring that our staff are aware of their information security obligations, providing training, and limiting access to your personal data to staff who have a genuine business need to know. We also take reasonable steps to protect your personal data from loss or destruction and have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Furthermore, our change control process includes a structured assessment of information security and data privacy risks. This process aims to ensure that all proposed system changes of GQA from time to time fully align with data protection requirements and good practice to uphold data subjects’ rights and freedoms with respect to personal data. We store personal data in secure data centres in the UK or European Union. We will take all reasonable steps to protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. We also have procedures in place to deal with any security breaches, we will notify you and any applicable regulator of a suspected security breach where we are legally required to do so. We encourage you to review each Third Party Website’s privacy policy before disclosing any personally identifiable information.

Your Rights

Right of access

You have the right to request a copy of the personal data that we hold about you by contacting us, please include with your request information that will enable us to verify your identity. We will respond within 30 days of the request. Please note that there are exceptions to this right.

Right to rectification

We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes so that we can keep your personal data up-to-date.

Right to be informed

You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR. This Privacy Policy provides you with information including our purposes for processing your personal data, your retention periods for that personal data, and who it will be shared with.

Right to erasure

You may request that we erase the personal data we hold about you in the following circumstances:
  • It is no longer necessary for us to hold that personal data with respect to the purpose for which it was originally collected;
  • You object to us holding and processing your personal data and there is no overriding legitimate interest for us to continue to process your personal data;
  • Your personal data has been processed unlawfully;
  • Your personal data needs to be erased in order for us to comply with a particular legal obligation.

Right to object

You may have the right to object to us processing your personal data based on legitimate interests and there is no overriding legitimate interest for us to continue. If you would like to object to the processing of your personal data, please contact us.

Right to restrict processing

You may request that we cease or restrict processing the personal data we hold about you e.g. where there is no legitimate interest for us to continue processing your personal data.

Right to data portability

In certain circumstances, you have the right to request that your personal data be transferred to another data controller. If you would like to request that your personal data be transferred, please contact us. The GDPR has exceptions to these rights, if we are unable to complete the transfer we will explain why.

Contact

If you have any questions about this privacy policy or your personal data or wish to request a readable copy of the personal data we hold on you please email us at info@gqaqualifications.com or write to us at the following address and we will endeavour to respond within seven working days: GQA Qualifications Ltd Unit 1 12 O’clock Court Attercliffe Road Sheffield S4 7WW If you are unhappy with how GQA are processing your data, you can make a complaint to the Information Commissioner’s Office. You can contact them in the following ways:
  • Email: casework@ico.org.uk
  • Phone: 0303 123 1113
  • Live chat on their website: https://ico.org.uk/global/contact-us/live-chat
  • By post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to Privacy Policy

Any changes we may make to this privacy policy in the future will be posted on our website, www.gqaqualifications.com, or where appropriate by email. Please check back frequently to see any updates or changes to our notice. This policy replaces GQA 28.

3. Regulatory References

Regulator Regulatory or guidance source Regulatory condition, criteria or principle
OFQUAL General Conditions of Recognition A1
SQA Regulatory Principles (2021) 3, 5, 6, 9

4. Policy Reference Information

Policy Reference No: AOP-04
Owner/author Responsible Officer
Date of issue 21/3/2025
Review date March 2026
Format for circulation PDF