Privacy Policy

Last Updated: October 2025

1. Introduction

SkillCertify (operating as the digital platform for GTS Services (UK) Ltd) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data when you use our website, mobile application, and WhatsApp services ("the Service").

We are the Data Controller for your information. Company Name: GTS Services (UK) Ltd Contact Email: [Insert Admin Email, e.g., admin@skillcertify.co.uk]

2. Information We Collect

To provide our qualification and assessment services, we collect the following types of data:

A. Information You Provide

  • Identity Data: Name, Date of Birth, National Insurance (NI) Number, and photographs (for CSCS card and GQA registration).
  • Contact Data: Email address, phone number, and mailing address.
  • Assessment Evidence: Videos, photos, and audio recordings of your work, and transcripts of professional discussions.
  • Identity Verification: Images of your government ID (passport/driving licence) and facial scans for liveness checks.

B. Information from Third Parties

CSCS: We may verify your existing card status or Health, Safety & Environment (HS&E) test results via the CSCS Smart Check API.

C. Information Collected Automatically

  • Meta/WhatsApp Data: When you interact with our WhatsApp bot, we receive your phone number and message content to process your bookings and provide support.
  • Usage Data: IP address, browser type, and interaction logs to improve our platform security.

3. How We Use Your Data

We use your data strictly to deliver your qualification and card. We do not sell your data.

  • Qualification Delivery: To register you with the Awarding Body (GQA Qualifications) and process your NVQ/Certificate.
  • Card Application: To apply for your CSCS card (Red, Blue, or Gold) on your behalf.
  • Identity Verification: To prove to the Awarding Body that you are the person taking the assessment (via SumSub).
  • Communication: To send booking confirmations, assessment feedback, and results via Email and WhatsApp.
  • Payments: To process fees and generate invoices (via Stripe or GoCardless).

4. Data Sharing (Third Parties)

We share data only with the essential partners required to deliver your service:

  • GQA Qualifications: The Awarding Body (for registration and certification).
  • Meta (WhatsApp): To facilitate our automated booking and notification system.
  • Stripe / GoCardless: For secure payment processing.
  • Mux: For secure hosting and streaming of your assessment video evidence.
  • SumSub: For automated identity verification.
  • OpenAI: For transcribing assessment videos (audio-to-text) to assist assessors.

5. Your Data & Meta (WhatsApp)

We use the WhatsApp Business API (via Meta) to communicate with you.

  • Purpose: We use WhatsApp to send "Authentication" (verification codes), "Utility" (booking confirmations, payment receipts), and "Service" (support) messages.
  • Consent: By booking a course or enrolling in an NVQ, you consent to receive transactional messages related to your service. You may opt-out of marketing messages at any time by replying "STOP".
  • Data Security: Your messages are processed securely and are not shared with third parties for advertising purposes.

6. Data Retention

  • Assessment Evidence (Video/Photo): Retained for 180 days after certification (or as required by GQA audit rules), then securely deleted.
  • Remote Test Recordings: Retained for 12 months (per GQA Policy AOP-026).
  • User Profile & Certification Records: Retained for 5 years to allow for replacement card requests and regulatory audits.

7. Your Rights (GDPR)

Under UK GDPR, you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request corrections to wrong information.
  • Deletion: Request deletion of your data (where it is not required by law/GQA to be kept for audit).
  • Portability: Receive your data in a structured format.

To exercise these rights: Please contact us at [Insert Admin Email].

8. User Data Deletion (Meta Requirement)

If you wish to remove your data from our WhatsApp application:

  • Email us at [Insert Admin Email] with the subject "Data Deletion Request".
  • Include your phone number used on WhatsApp.
  • We will remove your WhatsApp interaction history from our active servers within 30 days, unless retention is required for an active qualification audit.

9. Changes to This Policy

We may update this policy to reflect changes in our service or regulations. The latest version will always be available on this page.