Privacy Policy

1. Who we are

Ethical Certifications is a trading name of Michael John Pengelly, operating as a self-employed individual in the United Kingdom.

For the purposes of data protection law, we are the data controller responsible for your personal data.

Contact details:
Email: info@ethicalcertifications.com

Postal address: 18 Four Acres, Bideford, EX39 3RW, United Kingdom

We take privacy seriously. As an organisation promoting ethical software development, we aim to collect only the data we genuinely need, use it responsibly, and treat all users with fairness and respect.

2. What this policy covers

This Privacy Policy explains how we collect, use, store, and protect personal data when you:

  • Create an account on our website
  • Enrol in free or paid courses
  • Complete assessments or exams
  • Receive certificates
  • Submit company accreditation forms
  • Visit and browse our website

3. The personal data we collect

Depending on how you interact with the platform, we may collect the following information:

  • Account and learning data
    • Your name
    • Email address (used as your username)
    • Course enrolments and progress
    • Exam results and assessment scores Certification data • Certificates issued
    • Certificate IDs or reference numbers
    • Dates of certification and expiry (if applicable)
  • Company accreditation data 
    • Company name and contact details
    • Responses submitted through accreditation or self-assessment forms
  • Technical and usage data
    • IP address
    • Browser and device information
    • Pages visited and actions taken on the site

We do not knowingly collect data from anyone under the age of 18.

4. How we use your data

We use your data only where there is a clear and legitimate purpose, including:

  • Creating and managing user accounts
  • Delivering courses and learning materials
  • Assessing exams and recording results
  • Issuing and verifying certificates
  • Processing company accreditation submissions
  • Improving the performance, security, and usability of the platform
  • Meeting legal and regulatory obligations

We do not use your data for profiling, automated decision-making with legal or significant effects, or behavioural manipulation.

5. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – where processing is necessary to provide courses, exams, or certification
  • Legitimate interests – to operate and improve the platform responsibly
  • Legal obligation – where required by law
  • Consent – for optional cookies and analytics

You may withdraw consent at any time where it applies.

6. Payments

Payments for courses or services are handled via PayPal or bank transfer.
We do not store or process your card or banking details ourselves. PayPal acts as an independent data controller for payment transactions and operates under its own privacy policy.

7. Third-party services

We use trusted third-party services to operate the platform, including:

  • WordPress and LearnPress for course delivery
  • CertifyMe for certificate generation and verification
  • Google Analytics to understand site usage and improve performance

These providers only receive the minimum data required to perform their function and are expected to comply with data protection law. We do not sell personal data or share it with third parties for marketing purposes.

8. Cookies and analytics

We use cookies to ensure the site functions correctly and to understand how it is used.
Analytics cookies are only used with your consent and help us improve the platform without identifying you directly. Full details are available in our Cookie Policy.

9. How we store and protect data

We take reasonable technical and organisational measures to protect personal data, including:

  • Secure hosting environments
  • Access controls and authentication
  • Limiting data access to what is strictly necessary

We retain personal data only for as long as it is needed for the purposes outlined in this policy, or to meet legal obligations.

10. Your rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (where applicable)
  • Restrict or object to certain processing
  • Request data portability
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, contact: info@ethicalcertifications.com