Privacy Policy
Who We Are
Qualify Nation operates as an online educational platform offering courses and career services. We are committed to protecting your privacy and handling your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Company Registration: 10588069
ICO Registration: ZB294348
Contact: [email protected]
Multi-Tenant Platform Structure
Our platform uses a multi-tenant architecture where educational institutions operate in logically separated environments. Personal data belonging to each Tenant Institution and its users is logically segregated from other tenants, ensuring data isolation and security.
Data We Collect
Account Information
- Name, email address, and contact details
- Account credentials (passwords are encrypted)
- Profile information you choose to provide
Payment Information
- Payment card details (processed securely via Stripe)
- Billing address and transaction history
Usage Data
- Course progress and assessment results
- Platform usage analytics
- Device and browser information
- IP address and approximate location data
AI Interaction Data
When you use our AI-powered features (chat support, voice call agents, or learning assistance), we collect:
- Chat messages and conversation history
- Voice recordings and transcriptions (when using AI voice call agents)
- Context provided to AI systems to generate responses (such as your course enrolment and progress data)
- Feedback or ratings you provide on AI responses
Important: This data is transmitted to third-party AI providers for processing (see Sub-Processors below). Do not share sensitive personal information such as financial details, passwords, government identification numbers, or health information in AI conversations.
Examination and Proctoring Data
- Webcam images and video during proctored examinations (for identity verification and integrity monitoring)
- Screen activity during proctored sessions
- Behavioural data and keystroke patterns for fraud detection
- Environment audio during proctored examinations
Assignment Submission Telemetry
To support fair assessment of written assignments, our submission tool records limited interaction signals while you are working on an assignment, including:
- Paste events (when content is pasted into the editor, and the length of pasted text)
- Editor focus time (how long the assignment editor was the active window)
- Writing-pace patterns (typing rhythm and timing, not the content of individual keystrokes)
This telemetry is accessible only to the instructor or assessor grading your submission, and is used solely to assess authorship and academic integrity. It is not used for marketing, profiling, or any automated decision-making, and is deleted when your account is deleted.
Lawful basis: Legitimate interest in protecting the integrity of assessments and the value of the qualifications we award (Article 6(1)(f) UK GDPR). Where you are enrolled through a Tenant Institution, the institution is the data controller for this telemetry and Qualify Nation acts as processor.
Recruitment and Career Services Data
If you participate in our recruitment and career placement services, we may additionally collect:
- Your CV, cover letter, and career profile information
- Job preferences including desired role, salary expectations, location, and working arrangement (remote, hybrid, on-site)
- Interview feedback and outcomes (from both you and prospective employers)
- Employment status and placement outcomes (to fulfil job guarantee obligations where applicable)
- Communications between you and our recruitment team
This data is collected only with your participation in recruitment services and is not shared with any employer without your explicit prior consent for each introduction. See our Terms and Conditions (Section 10) for full details of how recruitment services operate.
Cookies
We use the following categories of cookies:
- Strictly necessary cookies: Required for platform functionality, authentication, and security (no consent required)
- Analytics cookies: Help us understand how visitors use our site, powered by Google Analytics (with your consent)
- Marketing cookies: Used to deliver relevant advertising and track campaign effectiveness (with your consent)
You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may affect platform functionality.
How We Use Your Data and Lawful Basis
Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out how we use your data and the legal basis we rely on for each purpose.
| Purpose | Lawful Basis |
|---|---|
| Providing and delivering our educational services, including course access, labs, and examinations | Performance of contract |
| Processing payments and managing your account | Performance of contract |
| Issuing certificates and enabling third-party verification of qualifications | Performance of contract |
| AI-powered chat support, voice agents, and learning assistance | Performance of contract / Legitimate interest (service improvement) |
| Proctoring and academic integrity monitoring during examinations | Performance of contract / Legitimate interest (protecting certification value) |
| Assignment submission telemetry (paste events, editor focus time, writing-pace patterns) for authorship and integrity checks | Legitimate interest (fair assessment and protecting certification value) |
| Communicating with you about your courses, account, and services | Performance of contract |
| Recruitment and career placement services (matching you with employers, sharing your profile) | Consent (explicit opt-in before each employer introduction; you can withdraw at any time) |
| Tracking placement outcomes and fulfilling job guarantee obligations | Performance of contract (where a Job Guarantee Agreement exists) |
| Sending marketing communications about relevant courses and services | Consent (you can withdraw at any time) |
| Analysing usage patterns to improve our platform and content | Legitimate interest (service improvement) |
| Detecting and preventing fraud, abuse, and academic misconduct | Legitimate interest (platform security and certification integrity) |
| Complying with legal obligations (tax, regulatory, law enforcement requests) | Legal obligation |
Data Sharing
We share your personal data only to the extent necessary for the purposes described above. Your data may be shared with the following categories of recipients:
Third-Party Service Providers
- AI service providers: To power our chat support, voice call agents, and learning assistance features, your inputs (including messages and voice data) are processed by third-party artificial intelligence providers. These providers are based in the United States and process data under Data Processing Agreements with appropriate safeguards for international transfers.
- Cloud infrastructure providers: Our platform is hosted on managed cloud infrastructure located in the United Kingdom
- Payment processors: Payment card details and transaction data are processed by our PCI DSS-compliant payment provider and are never stored on our servers
- Email delivery services: Your name, email address, and communication preferences are shared with our email service provider to deliver transactional and marketing communications
- Analytics providers: Anonymised usage data is shared with analytics services to help us understand how our platform is used and improve our services
- Content delivery and security providers: IP addresses and request metadata are processed by our CDN and security provider to deliver content efficiently and protect against attacks
- Examination proctoring services: Webcam images, audio, and screen activity may be processed by proctoring technology providers during examinations
We maintain Data Processing Agreements (DPAs) with all third-party service providers that process personal data on our behalf. A complete list of our current sub-processors, including their names, roles, data locations, and transfer mechanisms, is available upon request by submitting a support ticket through our platform.
Prospective Employers (Recruitment Services)
If you participate in our recruitment and career placement services, we may share the following data with prospective employers:
- Your name and contact details
- Your CV and career profile
- Relevant qualification and certification details (course completed, certificate status, grade where applicable)
We will never share your data with a prospective employer without your explicit prior consent for each specific introduction. You will always be told which employer will receive your data and what data will be shared before any introduction is made. You may decline any introduction and withdraw from recruitment services at any time without affecting your course access or progress. For full details, see our Terms and Conditions (Section 10).
Other Recipients
- Tenant Institutions: If you enrol through an educational institution, your progress, assessment results, and certificate data are shared with that institution in its capacity as data controller
- Certificate Verification: Employers or institutions who verify your certificate through our systems will receive confirmation of its validity, your name, and the qualification achieved
- Legal Requirements: When required by law, court order, or to protect our rights, property, or safety
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with prior notice to affected users where practicable
Student Accounts & Institutional Data
When schools or educational institutions create student accounts through our platform, Qualify Nation acts as a data processor on behalf of that institution (the data controller). We do not directly collect data from minors without institutional involvement. Institutions are responsible for ensuring they have obtained all required parental or guardian consents and that their use of our platform complies with the UK GDPR, the Data Protection Act 2018, and the ICO’s Age Appropriate Design Code (Children’s Code) where applicable.
Your Rights
Under UK GDPR, you have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Request restriction of processing
- Data portability
- Withdraw consent at any time
To exercise these rights, contact us at [email protected].
Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Role-based permissions
- Regular security assessments
- Audit logging for tenant isolation
Apprenticeship Programme Data
Where a learner applies for or enrols on an apprenticeship programme, Qualify Nation® may collect and process additional personal data as required by the programme and applicable funding rules. This may include:
- Employer details (name, address, contact person)
- Employment information (job title, working hours, employment start date)
- Eligibility information (age, residency status, prior qualifications)
- Equality and diversity monitoring data (collected voluntarily for monitoring purposes)
- English and maths assessment records
- Progress review records and training plan documentation
- Unique Learner Number (ULN) and Individual Learner Record (ILR) data
Lawful basis: Where the processing relates to the performance of an apprenticeship agreement, the lawful basis is contractual necessity (Article 6(1)(b) UK GDPR). Where data is submitted to government bodies for funding or regulatory purposes, the lawful basis is legal obligation (Article 6(1)(c) UK GDPR). Equality and diversity monitoring data is processed under legitimate interest (Article 6(1)(f) UK GDPR) for the purpose of monitoring participation, achievement, and outcomes, and is collected with consent.
Data sharing: Apprenticeship programme data may be shared with:
- The learner’s employer (to the extent necessary for the delivery of the programme and progress reviews)
- Government funding bodies, as required by the applicable funding rules
- Regulatory and inspection bodies, where required by law or conditions of registration
- End-point assessment organisations, for the purpose of administering assessments
Retention: Apprenticeship records, including ILR data, training plans, and assessment records, are retained for a minimum of 6 years from the end of the funding year in which the programme ends, or longer where required by funding rules or regulatory obligations. Equality and diversity monitoring data is retained in anonymised aggregate form after the retention period.
All other provisions of the Qualify Nation® Privacy Policy apply to apprenticeship programme data.
Data Retention
We retain your personal data for as long as necessary to provide our services and comply with legal obligations:
- Account data: Retained for the duration of your account and for up to 12 months after account closure or licence expiration, unless you request earlier deletion
- Course completion records and certificates: Retained indefinitely for verification purposes (employers and institutions may need to verify your qualifications years after completion)
- Payment records: Retained for 7 years to comply with HMRC tax obligations
- Recruitment data: CVs, career profiles, and job application records are retained for up to 24 months after your last interaction with recruitment services, or until you request deletion, whichever is sooner. Placement outcome data may be retained longer where required to fulfil job guarantee obligations.
- AI interaction data: Chat and call logs are retained for up to 12 months for service improvement and support purposes
- Proctoring data: Examination recordings are retained for up to 6 months after the assessment, or longer if an academic misconduct investigation is in progress
You can request deletion of your account and associated data at any time by submitting a support ticket through the platform. Certain data may be retained where we have a legal obligation or legitimate need to do so (such as certificate records and financial records).
International Transfers
Several of our third-party service providers, including AI service providers, payment processors, and analytics providers, are based in the United States. This means your personal data may be transferred to, and processed in, countries outside the United Kingdom that may not offer the same level of data protection.
Where we transfer personal data outside the UK, we rely on one or more of the following safeguards:
- UK adequacy decisions: Transfers to countries that the UK government has determined provide an adequate level of data protection
- International Data Transfer Agreement (IDTA): The UK equivalent of EU Standard Contractual Clauses, incorporated into our Data Processing Agreements with relevant sub-processors
- UK GDPR Article 49 derogations: In limited circumstances, where the transfer is necessary for the performance of our contract with you (e.g., processing your payment via Stripe)
You can request further information about the specific safeguards applied to your data by contacting us at [email protected].
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Document all breaches, including those not reported to the ICO, along with the facts, effects, and remedial actions taken
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by email or through our platform.
Contact Us
If you have questions about this privacy policy or our data practices, please contact us:
Email: [email protected]
Phone: +44 7426 985335
Hours: Monday - Friday, 9:00AM - 5:00PM
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.