Become ATP

Privacy Policy

Effective Date: Jan 1, 2026

Last Updated: February 10, 2026

Welcome to the Privacy Policy of ICPQ (International Certification & Qualifications Partnership) (“Privacy Policy”).​

ICPQ is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you interact with our website (www.icpq.co.uk), apply to become an Authorised Training Partner (ATP), submit student records for certification, or use our services.

This website and our services are not intended for children under 16, and we do not knowingly collect data from children. Please read this Privacy Policy carefully, together with any other privacy information we provide, to understand our practices.​

 

Who We Are

Controller: Pofessional Qualifications Board Ltd (Company number 16609339) is the data controller for the personal data we process. Our registered office is “71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.”

We are registered with the Information Commissioner’s Office (ICO) under registration number [ZC046560].​

Data Privacy Contact: dpo@icpq.co.uk.

You have the right to complain to the ICO (www.ico.org.uk). We encourage you to contact us first to resolve concerns.​

Changes to this Policy: We review this policy regularly. Changes will be posted here with the updated date. Significant changes may be notified via email or website notice. Please check periodically. You must keep your data accurate and inform us of changes.​

Third-Party Links: Our site links to third-party sites (e.g., institute websites). We are not responsible for their privacy practices.​

 

Data We Collect

Personal data is information identifying you as an individual. We do not collect anonymised data under this policy.​

Categories:

  • Identity Data: Name, professional qualifications.
  • Contact Data: Work email, phone, business address, institute details.
  • ATP Data: Institute name, business license, accreditation application details, course quality assurance records, website address
  • Student Data (provided by ATPs): Student full name, certificate ID, course name/title, completion date, ATP institute name.
  • Technical Data: IP address, browser type, device info, usage patterns.
  • Marketing Data: Preferences for communications.

We do not collect special category data (e.g., health, ethnicity) or criminal offence data.​

Aggregated Data: We may anonymise data (e.g., course completion stats) for analysis; this is not personal data.​

If You Fail to Provide Data: Required data (e.g., ATP application) is needed for services; failure may prevent processing.​

 

How We Collect Data

  • Directly: Forms (ATP applications), emails (student CSVs), phone/email enquiries, website contact forms.​
  • From ATPs: Student records via secure CSV/email for certificates.
  • Third Parties/Public: Companies House for institute verification, analytics (e.g., Google Analytics).​

 

How We Use Your Data

We use data only where lawful. Common bases: contract performance, legitimate interests, legal obligations, consent (rare).

Purpose/Activity

Data Types

Lawful Basis

ATP applications, accreditation assessment, quality assurance of courses

Identity, Contact, ATP Data

Performance of a contract or steps taken prior to entering a contract (Art. 6(1)(b)); Legitimate interests in operating and maintaining our accreditation framework (Art. 6(1)(f))

Listing ATPs on website (searchable by ID), marketing ATP status

ATP Data

Performance of a contract (Art. 6(1)(b)); Legitimate interests in promoting and validating accredited partners (Art. 6(1)(f))

Generate/host digital certificates (searchable by ID), verification

Student Data

Legitimate interests in maintaining qualification integrity and enabling third-party verification (Art. 6(1)(f)); Performance of a contract with the ATP (Art. 6(1)(b))

Manage relationship (updates, surveys, feedback)

Identity, Contact, Marketing

Performance of a contract (Art. 6(1)(b)); Legitimate interests in maintaining accurate records and improving services (Art. 6(1)(f)); Legal obligations where applicable (Art. 6(1)(c))

Administer business/website (security, maintenance, analytics)

All (excl. Student for analytics)

Legitimate interests in ensuring network security, preventing fraud, and improving website functionality (Art. 6(1)(f)); Legal obligations (Art. 6(1)(c))

Marketing to institutes (newsletters, events)

Contact, Marketing

Legitimate interests in developing and promoting our services to professional organisations (Art. 6(1)(f)); Consent where required by applicable marketing laws (Art. 6(1)(a))

Compliance with legal and regulatory obligations (audits, complaints, dispute resolution)

Relevant data

Compliance with a legal obligation (Art. 6(1)(c))

 

 

Change of Purpose: Only compatible uses; we’ll notify if new basis needed.​

Marketing Opt-Out: Unsubscribe via links or email dpo@icpq.co.uk.

 

Sharing Your Data

We share only as necessary:

  • Service Providers: Hosting (e.g., website and server hosting), email (secure CSV handling), analytics (Google), payment processors – all under DPA.
  • ATPs/Joint Controllers: Student data shared back for records (joint controller arrangements).​
  • Professional Advisers: Lawyers, auditors (UK-based).​
  • Authorities: ICO, police, HMRC if required.​
  • Business Transfers: In mergers/sales.​

Third parties must follow our instructions and confidentiality duties.​

 

International Transfers

Data is primarily UK/EEA-based. Transfers (e.g., to ATPs in GCC/EU) use UK International Data Transfer Agreement (IDTA), adequacy decisions, or safeguards. Contact us for specifics.

 

Data Security

We use appropriate measures: encryption (TLS), access controls, firewalls, regular audits, staff training, breach procedures. Access limited to need-to-know. Report breaches promptly.

Transmission over internet is not 100% secure; we cannot guarantee it fully.

 

Data Retention

  • ATP Data: Duration of relationship + 6-7 years (legal/tax).
  • Student Data: Lifetime of qualification (verification needs) or as required; reviewed periodically.​
  • Enquiries: 2 years.​
  • Technical: 26 months (analytics).​

Delete securely when no longer needed; anonymise where possible.​

 

Your Rights

Under UK GDPR:​

  • Access, rectification, erasure (“right to be forgotten”), restriction, objection, portability.
  • Withdraw consent (if basis).
  • No fee usually; may charge for excessive requests.
  • Respond within 1 month (extensions possible).

Email dpo@icpq.co.uk with ID proof. We’ll explain any limits (e.g., legal retention).

Quick Links:
Address:

71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Support:

info@icpq.co.uk

Phone:

+44 7404 522230

© 2025 – All Rights Reserved.

Linkedin-in

Privacy Policy

Become ATP