[{"data":1,"prerenderedAt":63},["ShallowReactive",2],{"policy-data-protection-policy":3},{"html":4,"meta":5,"toc":24,"summary":61,"error":62},"\n\u003Ch2 id=\"1-purpose-and-scope\">1. Purpose and Scope\u003C\u002Fh2>\n\u003Cp>This Data Protection Policy establishes Qualitect Ltd's commitment to protecting \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"personal-data\" data-glossary-term=\"Personal data\" aria-label=\"Definition: Personal data\">personal data\u003C\u002Fbutton> in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. The policy applies to all personal data processing activities conducted through the Qualitect platform and by Qualitect Ltd. Qualitect Limited is registered with the Information Commissioner's Office under registration reference ZC182035.\u003C\u002Fp>\n\u003Ch2 id=\"2-data-protection-principles\">2. Data Protection Principles\u003C\u002Fh2>\n\u003Ch3 id=\"2-1-lawfulness-fairness-and-transparency\">2.1 Lawfulness, Fairness and Transparency\u003C\u002Fh3>\n\u003Cp>Qualitect processes personal data lawfully, fairly and transparently with clear legal bases for all processing activities.\u003C\u002Fp>\n\u003Ch3 id=\"2-2-purpose-limitation\">2.2 Purpose Limitation\u003C\u002Fh3>\n\u003Cp>Personal data is collected for specified, explicit and legitimate purposes.\u003C\u002Fp>\n\u003Ch3 id=\"2-3-data-minimisation\">2.3 Data Minimisation\u003C\u002Fh3>\n\u003Cp>Only adequate, relevant and necessary personal data is collected and processed.\u003C\u002Fp>\n\u003Ch3 id=\"2-4-accuracy\">2.4 Accuracy\u003C\u002Fh3>\n\u003Cp>Personal data is kept accurate and up to date.\u003C\u002Fp>\n\u003Ch3 id=\"2-5-storage-limitation\">2.5 Storage Limitation\u003C\u002Fh3>\n\u003Cp>\u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"audit-trail\" data-glossary-term=\"Audit trail\" aria-label=\"Definition: Audit trail\">Audit trail\u003C\u002Fbutton> data is retained for seven years minimum to support Platform Users' compliance with the documentation requirements of the relevant \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"educational-standards\" data-glossary-term=\"Educational standards\" aria-label=\"Definition: Educational standards\">educational standards\u003C\u002Fbutton> and regulatory frameworks and to meet Qualitect's own legal and contractual obligations.\u003C\u002Fp>\n\u003Ch3 id=\"2-6-integrity-and-confidentiality\">2.6 Integrity and Confidentiality\u003C\u002Fh3>\n\u003Cp>Personal data is processed securely using AES-256 encryption at rest and \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"tls\" data-glossary-term=\"TLS\" aria-label=\"Definition: TLS\">TLS\u003C\u002Fbutton> 1.3 in transit.\u003C\u002Fp>\n\u003Ch3 id=\"2-7-accountability\">2.7 Accountability\u003C\u002Fh3>\n\u003Cp>Our accountability framework is designed to align with the requirements of ISO 27001. Qualitect is working towards formal accreditation against ISO standards relevant to its operations. References to ISO alignment describe the framework adopted and do not indicate current certification.\u003C\u002Fp>\n\u003Ch2 id=\"3-lawful-bases-for-processing\">3. Lawful Bases for Processing\u003C\u002Fh2>\n\u003Ch3 id=\"3-1-contract-performance\">3.1 Contract Performance\u003C\u002Fh3>\n\u003Cp>Delivering services, user authentication, \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"qualification\" data-glossary-term=\"Qualification\" aria-label=\"Definition: Qualification\">qualification\u003C\u002Fbutton> generation, where applicable \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"assessment\" data-glossary-term=\"Assessment\" aria-label=\"Definition: Assessment\">assessment\u003C\u002Fbutton> management and service delivery communications.\u003C\u002Fp>\n\u003Ch3 id=\"3-2-legitimate-interests\">3.2 Legitimate Interests\u003C\u002Fh3>\n\u003Cp>Platform security monitoring, service improvement, fraud prevention and business analytics.\u003C\u002Fp>\n\u003Ch3 id=\"3-3-legal-obligations\">3.3 Legal Obligations\u003C\u002Fh3>\n\u003Cp>Maintaining audit trail data to support Platform Users' compliance with documentation requirements, responding to lawful requests from regulatory or law enforcement authorities and financial record-keeping obligations.\u003C\u002Fp>\n\u003Ch3 id=\"3-4-consent\">3.4 Consent\u003C\u002Fh3>\n\u003Cp>Optional marketing communications and cookies.\u003C\u002Fp>\n\u003Ch2 id=\"4-categories-of-personal-data-processed\">4. Categories of Personal Data Processed\u003C\u002Fh2>\n\u003Ch3 id=\"4-1-user-registration-data\">4.1 User Registration Data\u003C\u002Fh3>\n\u003Cp>Names, email addresses, job titles, organisation details, professional credentials.\u003C\u002Fp>\n\u003Ch3 id=\"4-2-assessment-and-qualification-data\">4.2 Assessment and Qualification Data\u003C\u002Fh3>\n\u003Cp>Qualification content, compliance checks and audit findings, where applicable assessment submissions and \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"quality-assurance\" data-glossary-term=\"Quality assurance\" aria-label=\"Definition: Quality assurance\">quality assurance\u003C\u002Fbutton> reports.\u003C\u002Fp>\n\u003Ch3 id=\"4-3-evidence-files\">4.3 Evidence Files\u003C\u002Fh3>\n\u003Cp>Training records, witness statements, where applicable assessment evidence and portfolio submissions.\u003C\u002Fp>\n\u003Ch3 id=\"4-4-audit-trail-data\">4.4 Audit Trail Data\u003C\u002Fh3>\n\u003Cp>User actions, timestamps, IP addresses and system interactions.\u003C\u002Fp>\n\u003Ch3 id=\"4-5-ai-generation-logs\">4.5 AI Generation Logs\u003C\u002Fh3>\n\u003Cp>Prompts, model responses, \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"token-usage-metrics\" data-glossary-term=\"Token usage metrics\" aria-label=\"Definition: Token usage metrics\">token usage metrics\u003C\u002Fbutton> and generation parameters for service delivery and improvement.\u003C\u002Fp>\n\u003Ch3 id=\"4-6-learning-services-data\">4.6 Learning Services Data\u003C\u002Fh3>\n\u003Cp>Where customer organisations use learning services provided by Qualitect, \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"learner\" data-glossary-term=\"Learner\" aria-label=\"Definition: Learner\">learner\u003C\u002Fbutton> enrolment, progress and achievement records are processed on the organisation's behalf under the \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"data-processing-agreement\" data-glossary-term=\"Data Processing Agreement\" aria-label=\"Definition: Data Processing Agreement\">Data Processing Agreement\u003C\u002Fbutton>.\u003C\u002Fp>\n\u003Ch2 id=\"5-data-protection-by-design\">5. Data Protection by Design\u003C\u002Fh2>\n\u003Cp>The platform implements privacy by design through database \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"row-level-security\" data-glossary-term=\"Row-level security\" aria-label=\"Definition: Row-level security\">row-level security\u003C\u002Fbutton>, \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"encryption-at-rest-and-in-transit\" data-glossary-term=\"Encryption at rest and in transit\" aria-label=\"Definition: Encryption at rest and in transit\">encryption at rest and in transit\u003C\u002Fbutton> and role-based access controls.\u003C\u002Fp>\n\u003Ch2 id=\"6-data-protection-impact-assessments\">6. Data Protection Impact Assessments\u003C\u002Fh2>\n\u003Cp>Qualitect conducts DPIAs for processing activities likely to result in high risk including new AI processing features and novel data processing activities.\u003C\u002Fp>\n\u003Ch2 id=\"7-data-processor-relationships\">7. Data Processor Relationships\u003C\u002Fh2>\n\u003Ch3 id=\"7-1-cloud-hosting\">7.1 Cloud Hosting\u003C\u002Fh3>\n\u003Cp>Amazon Web Services UK regions under comprehensive data processing agreements.\u003C\u002Fp>\n\u003Ch3 id=\"7-2-ai-model-providers\">7.2 AI Model Providers\u003C\u002Fh3>\n\u003Cp>Relationships are governed by data processing agreements that limit data use, provide that data is retained only for a limited period for abuse monitoring and is then deleted except where retention is required by law, and prohibit model training on submitted data.\u003C\u002Fp>\n\u003Ch3 id=\"7-3-third-party-integrations\">7.3 Third-Party Integrations\u003C\u002Fh3>\n\u003Cp>Email delivery is provided by Postmark as our processor under a data processing agreement, handling account and service email only. Qualitect does not currently use a third-party payment processor or analytics service that processes personal data. This section is updated before any such provider is introduced.\u003C\u002Fp>\n\u003Ch2 id=\"8-international-data-transfers\">8. International Data Transfers\u003C\u002Fh2>\n\u003Cp>Transfers to countries without UK adequacy decisions rely on an approved UK transfer mechanism, the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. AI model providers are subject to additional safeguards including encryption, data minimisation and time-limited retention with deletion.\u003C\u002Fp>\n\u003Ch2 id=\"9-data-breach-procedures\">9. Data Breach Procedures\u003C\u002Fh2>\n\u003Cp>Continuous monitoring detects potential personal data breaches. Initial response activates within one hour of detection. Breaches likely to result in high risk trigger notification to the ICO within 72 hours.\u003C\u002Fp>\n\u003Ch2 id=\"10-data-subject-rights\">10. Data Subject Rights\u003C\u002Fh2>\n\u003Cp>Under UK \u003Cbutton type=\"button\" class=\"q-glossary-trigger\" data-glossary-slug=\"gdpr\" data-glossary-term=\"GDPR\" aria-label=\"Definition: GDPR\">GDPR\u003C\u002Fbutton>, data subjects have rights of access, rectification, erasure, restriction, portability and the right to object. All requests are acknowledged within 48 hours.\u003C\u002Fp>\n\u003Ch2 id=\"11-related-policies\">11. Related Policies\u003C\u002Fh2>\n\u003Cp>Privacy Policy, Information Security Policy, AI Use and Transparency Policy, Data Processing Agreement.\u003C\u002Fp>\n\u003Ch2 id=\"12-contact-information\">12. Contact Information\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>Data protection contact:\u003C\u002Fstrong> dataprotection@qualitect.co.uk\u003Cbr>\u003Cstrong>General:\u003C\u002Fstrong> hello@qualitect.co.uk\u003Cbr>\u003Cstrong>Complaints:\u003C\u002Fstrong> complaints@qualitect.co.uk\u003Cbr>\u003Cstrong>Registered office:\u003C\u002Fstrong> Qualitect Limited, 32 Willoughby Road, London, N8 0JG\u003Cbr>\u003Cstrong>Trading address:\u003C\u002Fstrong> 8a Stafford Street, London, W1S 4RU\u003Cbr>\u003Cstrong>Website:\u003C\u002Fstrong> qualitect.co.uk\u003C\u002Fp>",[6,9,12,15,18,21],{"k":7,"v":8},"Version","2.0",{"k":10,"v":11},"Status","Live",{"k":13,"v":14},"Effective Date","13 July 2026",{"k":16,"v":17},"Review Date","13 July 2027",{"k":19,"v":20},"Policy Owner","Compliance and Accreditation Lead",{"k":22,"v":23},"Approved By","Chief Executive Officer",[25,28,31,34,37,40,43,46,49,52,55,58],{"id":26,"text":27},"1-purpose-and-scope","1. Purpose and Scope",{"id":29,"text":30},"2-data-protection-principles","2. Data Protection Principles",{"id":32,"text":33},"3-lawful-bases-for-processing","3. Lawful Bases for Processing",{"id":35,"text":36},"4-categories-of-personal-data-processed","4. Categories of Personal Data Processed",{"id":38,"text":39},"5-data-protection-by-design","5. Data Protection by Design",{"id":41,"text":42},"6-data-protection-impact-assessments","6. Data Protection Impact Assessments",{"id":44,"text":45},"7-data-processor-relationships","7. Data Processor Relationships",{"id":47,"text":48},"8-international-data-transfers","8. International Data Transfers",{"id":50,"text":51},"9-data-breach-procedures","9. Data Breach Procedures",{"id":53,"text":54},"10-data-subject-rights","10. Data Subject Rights",{"id":56,"text":57},"11-related-policies","11. Related Policies",{"id":59,"text":60},"12-contact-information","12. Contact Information","This Data Protection Policy establishes Qualitect Ltd's commitment to protecting personal data in accordance with the UK General Data Protection Regul",false,1784287572391]