This policy describes how the International Accreditation Board (IAB) collects, uses and protects the personal data of users who visit iabaccred.me, in compliance with UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018.

1. Data Controller

The data controller is the International Accreditation Board (IAB), based in London, United Kingdom. For any data protection enquiries, please contact us at: info@iabaccred.me.

2. Data Collected

We collect the following categories of personal data:

Data provided voluntarily: name, email address, phone number, subject and content of messages sent via the contact form.

Browsing data: through Google Analytics (if consented), we collect anonymous data about site usage, including pages visited, session duration, device type and browser used, and country of origin.

Certificate search data: search queries performed in the certificate registry (certificate number, country, category) are not associated with personally identifiable data.

3. Purpose and Legal Basis

Personal data is processed for the following purposes:

Responding to contact requests: legal basis — performance of pre-contractual measures or legitimate interest in providing user assistance.

Statistical analysis of web traffic: legal basis — user consent (expressed via the cookie banner).

Improving the site and services: legal basis — legitimate interest in optimising user experience.

4. Cookies

The site uses necessary technical cookies and, subject to consent, Google Analytics cookies. For detailed information about the cookies used, their purposes and how to manage them, please refer to our Cookie Policy.

5. Third-Party Services

Google Analytics: we use Google Analytics, a web analytics service provided by Google LLC. Data collected by Google Analytics is anonymous and aggregated. Google processes data in accordance with its own privacy policy. Google Analytics is only activated with user consent.

6. Data Retention

Data provided via the contact form is retained for the time necessary to handle the request and for a maximum of 24 months from collection, unless legal obligations require longer retention.

Browsing data collected via Google Analytics is retained for a period of 14 months from the date of collection.

7. Your Rights

As a data subject, you have the right to:

Access: obtain confirmation of whether your data is being processed and access your personal data.

Rectification: request correction of inaccurate or incomplete data.

Erasure: request deletion of your personal data, where the conditions provided by law are met.

Restriction: request restriction of processing in certain cases.

Portability: receive your data in a structured, commonly used format.

Objection: object to the processing of your data on legitimate grounds.

To exercise your rights, contact us at: info@iabaccred.me. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority in the United Kingdom: ico.org.uk.

8. Data Security

We adopt appropriate technical and organisational measures to protect personal data from unauthorised access, loss, destruction or alteration. The site uses HTTPS encryption for all communications and implements security headers in line with industry best practices.

9. Changes to This Policy

We reserve the right to update this policy at any time. Changes will be published on this page with the date of the last update indicated. We recommend checking this page periodically.

Cookie Policy | Contact Us

Privacy Policy