We at RIGCERT value your privacy and this policy is intended to give information on how and why we collect and how we use your personal data.
This policy applies when you access our website (rigcert.education) and interact with our testing and certification platform.
Data we collect
We collect personal data from you with your consent and we ensure that your data is used only for the stated purpose.
When you interact with our website, we collect data that you provide to us directly (e.g. your name, your email address, your password, your account settings and other data about you that you decide to share with us through your profile) and data that we obtain automatically and that refers to your device and settings (operating system, approximate geographic device location, IP address, unique device identifiers, browser and browser language and other system data).
When you make purchases on our website, we collect payment information that includes your name and billing address. We use this information for invoicing purposes.
Your credit/ debit card information must be provided to our payment service providers. We do not receive and we do not store cardholder data from you.
Once you start using our services, we will collect data about tests you have taken and results and certificates you have obtained.
If you contact us for any purpose (for example by opening a ticket or by writing an email to us) we will collect data that you provide like message details, email addresses, names and other information that you decide to share with us.
What we do with your data
We use the data you provide to us in order to generate your certificate(s), after you have succesfuly passed the test(s).
If somebody tries to verify a certification (by scanning the QR code on the certificate or by introducing the number of the certificate in the search box of the Verify a certificate page), our website will provide a response that includes the name of the certified individual.
We use your data for invoicing purposes and to manage your account properly.
Personal data that you provide to us when opening a ticket or contacting us in another way, we will use to respond to your questions and concerns.
We may use your data to inform you about new products that we may offer and that may be of interest to us. However we will ask for your consent to receive promotional messages from us.
Data that we collect automatically we will use to provide a better navigation experience for you, to understand how you interact with our website and our services and to improve our offer so that it better suits the needs and expectations of our students.
With whom we share your data
Your data is processed in the European Union by us at RIGCERT, in order to provide the services that you ask from us. We do not share your data with third parties (e.g. outside reviewers, trainers, other clients of ours, affiliates, partners, agents, etc.). We do not sell your personal data.
We do not share your data with third parties for advertising purposes. In case we decide to use advertising or survey services provided by third parties, then we may share your data with those parties at the time.
If we intend to apply for the accreditation of our services (or another form of approval that involves assessment), then we will be required to share data with the appointed assessor(s) to demonstrate compliance with reference documents (e.g. ISO/IEC 17024).
We protect your data
We take appropriate measures to protect your data against unauthorized access, loss, alteration, disclosure or destruction. We implement our security controls in accordance with the provisions of internationally accepted standards for information security management (e.g. ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27701).
However no system is 100% secure so we cannot issue a guarantee that a security incident cannot happen. Your password is an important part of our security system, so please protect it accordingly.
Change your password if you have an indication that it has been compromised and contact us if you have other concerns.
Depending on your location and the legislation applicable in your jurisdiction you have rights in relation to the processing of your personal data.
Under the EU GDPR you have the following rights:
- the right to be informed about the processing of your personal data;
- the right to access your personal data (including the right to know whether your personal data is being processed by us);
- the right to request a correction of your personal data that we process;
- the right to erasure of your personal data;
- the right to limit the processing of your personal data;
- the right to data portability.
Our testing and certification process involves an online exam and the results are always reviewed by a person. The decision to grant or not a certification is never based solely on automated processing.
Regardless of where you are located you have the right to:
- request the erasure of the personal data you provided to us. You should ask for the erasure of your data by sending us an email at email@example.com. Please keep in mind that we cannot delete all your personal data for legal reasons (e.g. financial transaction records);
- request us to inform you on the personal data that we process and how we do that;
- unsubscribe from any communication we send (e.g. promotional announcemets, new services, etc.)
Retention of personal data
We keep your personal data for as long as it is necessary in order to provide you with the services. Some pesonal data may be kept for longer periods in accordance with the legislation (e.g. financial transactions records).
The results of your tests and any certifications you may have acquired are kept for as long as your certifications are valid plus one more year after the certifications have expired.
Updates and contact
The policy that is published on the website is the one in force.
If you need more information about our processing of your personal data, please get in touch with us by opening a ticket or by writing to us at firstname.lastname@example.org.