Skip to content
All governance documents

Core Legal

Privacy Policy

Version
2.0
Status
Live
Effective Date
13 July 2026
Review Date
13 July 2027
Policy Owner
Compliance and Accreditation Lead
Approved By
Chief Executive Officer

1. Purpose and Scope

This Privacy Policy explains how Qualitect Ltd ("Qualitect", "we", "us", "our") collects, uses, stores and protects your when you use the Qualitect platform and related services.

Qualitect is a digital design platform that enables organisations and individuals to design qualifications aligned to recognised .

This policy applies to all users of the Qualitect platform, including representatives of training providers, awarding organisations, universities and colleges, professional associations, governments and public sector bodies, private sector organisations and individuals using the platform in a personal capacity. It covers all personal data processing activities conducted by Qualitect in connection with our services.

Qualitect Limited is registered with the Information Commissioner's Office under registration reference ZC182035. Our registered office is at 32 Willoughby Road, London, N8 0JG. Our trading address is 8a Stafford Street, London, W1S 4RU.

2. Data Controller Information

: Qualitect Ltd
Registered office: Qualitect Limited, 32 Willoughby Road, London, N8 0JG
Trading address: 8a Stafford Street, London, W1S 4RU
Company Registration: Registered in England and Wales
Website: qualitect.co.uk
General Contact: hello@qualitect.co.uk
Data protection contact: dataprotection@qualitect.co.uk
Complaints: complaints@qualitect.co.uk

Our data protection contact is available to answer questions about this policy and your data protection rights.

3. What Personal Data We Collect

We collect and process several categories of personal data to provide our qualification design services.

3.1 Registration and Account Data

When you create an account on Qualitect, we collect: full name and preferred name, email address, job title and role designation, organisation affiliation, contact telephone number, professional qualifications and experience where relevant to your role, account authentication credentials (securely hashed passwords).

3.2 Profile and Identification Data

Depending on your user role, we may collect: professional registration numbers where relevant to your role and region, regulatory body memberships, educational background and expertise areas, profile photographs (optional), digital signatures for compliance documentation.

3.3 Usage and Technical Data

We automatically collect technical information when you use our platform: IP addresses and geographic location data, browser type, version and operating system, device identifiers and characteristics, login timestamps and session duration, pages visited and features accessed, search queries within the platform, file upload and download activities, usage patterns and response times.

3.4 Qualification and Assessment Data

Where the following data types are collected through the platform, they are processed as described below: qualification content including and , compliance checks and audit findings, where applicable submissions, results and reports.

3.5 Evidence Files and Documents

The platform handles various document types containing personal data: identity verification documents, training records and CPD logs, witness statements and employer references, where applicable assessment evidence, portfolio submissions and certificates of achievement.

3.6 Communication Data

We retain records of: messages sent through platform messaging systems, support ticket correspondence, email communications related to your account, training session recordings where applicable.

3.7 Payment and Billing Data

For subscription and transaction processing: billing addresses and contact details, purchase order numbers and payment references, invoice histories and payment statuses, bank account details (securely processed through third-party payment providers).

3.8 Learning Services Data

Where you use learning services provided by Qualitect directly, we also process your enrolment, progress and achievement records.

4. Lawful Bases for Processing

We process your personal data under several lawful bases established by the UK General Data Protection Regulation (UK ).

4.1 Contract Performance

We process data necessary to perform our contract with you or your organisation. This includes: providing access to the Qualitect platform, delivering qualification design services, where applicable processing assessment submissions and results, maintaining audit trails, providing customer support and technical assistance.

4.2 Legitimate Interests

We process data for legitimate business interests which include: platform security monitoring and fraud prevention, service improvement and feature development, usage analytics to optimise platform performance, marketing communications to existing customers, network and system administration, business intelligence and reporting. We have conducted legitimate interests assessments to ensure these interests do not override your fundamental rights and freedoms.

We process data to comply with legal requirements: maintaining data to support Platform Users' compliance with the documentation requirements of the relevant educational standards and regulatory frameworks and to meet Qualitect's own legal and contractual obligations, responding to lawful requests from regulatory or law enforcement authorities, compliance with financial record-keeping requirements, data retention for legal and regulatory purposes.

We obtain your explicit consent for: optional marketing communications about new features and services, use of cookies and tracking technologies (see our Cookie Policy), processing where applicable, international data transfers requiring consent. You can withdraw consent at any time through your account settings or by contacting our data protection contact.

5. How We Use Your Data

5.1 Core Platform Services

We use your data to deliver our primary qualification design services: authenticating your identity and managing account access, generating qualifications using AI-powered tools, conducting automated compliance checks against relevant educational standards, where applicable facilitating assessment processes and result recording, where applicable enabling quality assurance workflows through built-in compliance reporting and audit trail functionality, maintaining comprehensive audit trails.

5.2 AI-Powered Content Generation

Qualitect uses artificial intelligence models to assist with qualification design and compliance checking. Our AI systems access: qualification titles, levels and subject areas, learning outcomes and assessment criteria, regulatory framework requirements, user input prompts and refinement instructions. We implement data governance controls around AI processing. The data sent to AI models is limited to qualification parameters, prompts and extracts from uploaded evidence. Platform Users should minimise the personal data included in uploaded material; where personal data is included, it is processed as described in this policy and, for customer organisations, the . Our AI providers do not use Qualitect data to train their models, and data processed for generation is retained by providers only for a limited period for abuse monitoring and is then deleted, except where retention is required by law. All AI- undergoes before approval.

5.3 Quality Assurance and Compliance

We process data to support : maintaining audit trails and evidence bases for qualification design decisions, generating compliance reports aligned to the relevant educational standards for each qualification, facilitating regulatory inspections and audits where lawfully required, where applicable supporting the identification of irregularities in qualification content or platform use.

5.4 Platform Improvement and Analytics

We analyse usage patterns to improve our services: identifying popular features and workflow bottlenecks, optimising platform performance and response times, developing new functionality based on user behaviour, conducting A/B tests for interface improvements, generating anonymised usage statistics.

5.5 Communication and Support

We use your contact information for: sending service-related notifications and updates, providing technical support and troubleshooting assistance, delivering training and onboarding materials, sharing important regulatory or compliance updates, responding to enquiries and feedback.

6. Data Sharing and Third-Party Disclosure

We share personal data with carefully selected third parties to deliver our services effectively and comply with legal obligations.

6.1 Cloud Infrastructure Providers

Qualitect uses Amazon Web Services (AWS) UK regions (eu-west-2) for hosting and data storage. AWS acts as a under our Data Processing Agreement, which includes standard contractual clauses and technical safeguards.

6.2 AI Model Providers

We integrate with artificial intelligence services from approved AI model providers. The data sent to AI providers is limited to qualification parameters, prompts and extracts from uploaded evidence. Platform Users should minimise the personal data included in uploaded material; where personal data is included, it is processed as described in this policy and, for customer organisations, the Data Processing Agreement. We maintain Data Processing Agreements with all AI providers that include appropriate safeguards and usage restrictions.

6.3 Payment Processing Services

Payment transactions are processed through secure third-party providers. These providers operate under strict PCI DSS compliance standards and maintain separate privacy policies for payment data.

6.4 Regulatory and Law Enforcement Authorities

We may share data with regulatory or law enforcement authorities where required by law. Where a lawful request is received from a regulatory authority we will respond in accordance with our legal obligations and notify affected users where permitted to do so.

6.5 Platform Users

Platform Users can access qualification content they own or have been granted permission to access. All access is controlled through role-based permissions configured by the account administrator.

6.6 Service Providers and Contractors

We engage specialist contractors for technical development, customer support, security testing and data analytics. All contractors operate under confidentiality agreements and data processing terms.

7. International Data Transfers

Some of our service providers operate outside the United Kingdom. We ensure appropriate safeguards protect your data during international transfers. Where possible, we transfer data to countries with UK adequacy decisions. For transfers to countries without adequacy decisions, we implement Standard Contractual Clauses approved by the UK Information Commissioner's Office. Our AI model providers operating outside the UK are subject to Data Processing Agreements with enhanced privacy terms, technical measures to minimise data exposure and contractual commitments to UK data protection standards.

8. Data Retention Periods

8.1 Audit Trail Data

Audit trail data is retained for a minimum of seven years to support Platform Users' compliance with the documentation requirements of the relevant educational standards and regulatory frameworks and to meet Qualitect's own legal and contractual obligations. Audit data is stored in append-only database structures with technical controls preventing modification or deletion during the retention period.

8.2 Assessment Evidence and Learner Files

For customer organisations, retention and deletion on termination are governed by the Data Processing Agreement. For individual users, where assessment evidence or submissions are handled through the platform, the following retention periods will apply: during active subscription periods, for six months after subscription termination to allow data recovery, for extended periods where required by the policies of the responsible for the qualification, for seven years minimum where files form part of the audit trail.

8.3 Account and Profile Data

User account information is retained: throughout your active use of the platform, for twelve months after account closure for technical support purposes, for extended periods where required for legal proceedings or regulatory investigations.

8.4 Communication Records

Support correspondence, training materials and platform messages are retained for three years to maintain service quality and resolve disputes.

8.5 Technical and Usage Data

Log files, analytics data and technical records are typically retained for two years unless required for longer periods for security incident investigation or regulatory compliance.

9. Your Data Protection Rights

Under the UK GDPR and Data Protection Act 2018, you have several rights regarding your personal data: right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object and rights related to automated decision-making. To exercise these rights, contact our data protection contact at dataprotection@qualitect.co.uk. We respond to valid requests within one month of receipt.

10. Cookies and Tracking Technologies

Qualitect uses cookies and similar technologies to provide and improve our services. Detailed information is available in our Cookie Policy.

11. Children's Data

The Qualitect platform is designed for professional use in qualification design and delivery and our services are not directed at children. We recognise that learners of any age, including individuals under 18, may use our services or be referenced within content processed on the platform. We apply protections appropriate to each situation.

Where individuals under 18 access our services directly, Qualitect is the controller of their data. We apply safeguards appropriate to their age, including parental or guardian consent where required, data minimisation and privacy-protective default settings, taking account of applicable codes of practice for children's data.

Where learners access learning services provided by Qualitect under a customer organisation's arrangement, the customer organisation is responsible for the lawful basis and for informing learners about the processing. Qualitect processes learner data on the organisation's behalf with appropriate safeguards, taking account of applicable codes of practice for children's data.

Where learners undertake learning through a customer organisation's own systems, including content exported from the platform, Qualitect does not process learner data and responsibility for learners rests with that organisation.

If you believe we hold a child's data without appropriate arrangements in place, contact dataprotection@qualitect.co.uk.

12. Data Security Measures

We implement comprehensive technical and organisational measures including AES-256 encryption at rest, 1.3 in transit, PostgreSQL databases with , multi-factor authentication, regular security audits and penetration testing and data protection impact assessments for high-risk processing. Our data is hosted in AWS UK regions with ISO 27001 certified data centres.

13. Data Breach Notification

In the event of a personal data breach, we will contain and assess the breach within 24 hours, notify the ICO within 72 hours where required, inform affected individuals without undue delay if there is high risk to their rights and freedoms and document all breaches and remedial actions.

14. Data Protection Impact Assessments

We conduct DPIAs for processing activities that present high risks to rights and freedoms, including new AI processing capabilities, automated decision-making systems, large-scale processing of sensitive data, systematic monitoring of platform user activities and new data sharing arrangements.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes through email notifications and platform notices. The next scheduled review date is 5 June 2027.

16. Complaints and Regulatory Contact

Contact our data protection contact at dataprotection@qualitect.co.uk or our complaints team at complaints@qualitect.co.uk. You have the right to lodge complaints with the Information Commissioner's Office: ico.org.uk, telephone 0303 123 1113, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

This Privacy Policy should be read in conjunction with: Cookie Policy, Data Protection Policy, AI Use and Transparency Policy, Data Processing Agreement.