Certifi Logo
0%
Certifi Logo
Menu

Legal

Privacy Policy

Last Updated: 4 June 2026

1. Introduction

Certifi World Ltd (“Certifi.World”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our website, platform, and related services (together, the “Platform”).

We take your privacy seriously and handle your data in accordance with the applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and any other relevant legislation.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, you should refrain from using our services.

2. Who We Are

Certifi World Ltd is a company incorporated in England and Wales, providing a digital platform for the issuance, management, and verification of digital credentials and awards.

We are the data controller for the purposes of UK data protection law, which means we determine the purposes and means of processing your personal data when you use our Platform.

  • Company Name: Certifi World Ltd
  • Company Number: 15978582
  • Registered Office: Clockwise Offices, Bromley Old Town Hall, 30 Tweedy Road, Bromley, United Kingdom, BR1 3FE
  • Contact Email: info@certifi.world
  • Data Protection Officer (DPO): Desmond Agyekumhene

If you have any questions about this Privacy Policy or our data handling practices, you may contact us using the details above.

3. Scope of This Policy

This Privacy Policy applies to all personal data processed by Certifi World Ltd in connection with:

  • Use of our website and platform at https://certifi.world;
  • Registration and management of user accounts;
  • Issuance, storage, and sharing of digital credentials or awards;
  • Communication with our support, sales, or legal teams;
  • Participation in events, surveys, beta features, or marketing campaigns;
  • Interaction with our services through third-party integrations or APIs.

This Policy applies to all users of the Platform, including Award Issuers, Award Recipients, institutional clients, and casual visitors. It does not apply to information that cannot be used to identify an individual (anonymous or aggregated data), or to third-party websites or services that may be linked from our Platform.

We may provide additional privacy notices where required for specific services or processing activities. Those notices should be read together with this Privacy Policy.

4. What Personal Data We Collect

We may collect and process the following categories of personal data, depending on your interaction with the Platform:

a) Identity Data

  • Full name
  • Title
  • Organisation name (if applicable)
  • Role or position

b) Contact Data

  • Email address
  • Telephone number (if provided)
  • Mailing address (for enterprise clients or legal communications)

c) Account and Access Data

  • Username or login ID
  • Encrypted passwords or authentication tokens
  • Account preferences and settings
  • Usage logs (login dates, IP addresses)

d) Credential Data

  • Information included in issued or received digital awards (e.g. award name, issuer, achievement details, date of issue)
  • Public metadata used for verification or validation
  • Optional profile data (e.g. biography, photo)

e) Technical Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Time zone setting and location
  • Platform usage data (e.g. pages visited, interactions, error reports)

f) Marketing and Communications Data

  • Marketing preferences
  • Communication history
  • Responses to surveys or feedback forms

g) Payment and Transaction Data (only if applicable)

  • Billing address
  • Payment method details (via third-party processor)
  • Transaction records (e.g. purchases of platform features or subscriptions)

h) Support and Correspondence Data

  • Communications with our customer support or legal team
  • Records of complaints, enquiries, or requests

We do not intentionally collect or process special category data (e.g. health, religious beliefs) or data relating to children unless explicitly required for a lawful purpose and with appropriate safeguards.

5. How We Collect Your Data

We collect personal data from you through a variety of methods, including:

a) Direct Interactions

You may provide data to us directly when you:

  • Register for an account on the Platform;
  • Create or receive a digital credential;
  • Complete forms, surveys, or feedback requests;
  • Contact us by email, phone, or through our support channels;
  • Subscribe to newsletters or marketing communications;
  • Participate in events, promotions, or beta programmes.

b) Automated Technologies

As you interact with the Platform, we automatically collect certain technical and usage data using:

  • Cookies and similar tracking technologies;
  • Server logs and diagnostic tools;
  • Analytics services (e.g., Google Analytics).

This helps us understand how users engage with the Platform and allows us to improve performance, security, and usability.

c) Third Parties and Public Sources

We may receive personal data about you from third-party sources, such as:

  • Your employer, institution, or credentialing body (if they use our services to issue credentials to you);
  • Third-party integration platforms (e.g., single sign-on providers or API partners);
  • Publicly available sources (e.g., LinkedIn or academic registries, where appropriate).

We ensure that any third-party data we process is obtained and used lawfully, with appropriate user notice or consent where required.

6. Purposes and Lawful Bases for Processing

We process your personal data only where we have a lawful basis to do so under the UK GDPR. The table below sets out the main purposes for which we use personal data and the corresponding legal bases:

PurposeType of DataLawful Basis
To create and manage your accountIdentity, Contact, Account DataPerformance of a contract
To issue, receive, or manage digital credentialsIdentity, Credential, Contact, Technical DataPerformance of a contract; Legitimate interests (e.g., enabling verification)
To provide customer support or respond to enquiriesIdentity, Contact, Support DataPerformance of a contract; Legitimate interests
To deliver platform features and ensure securityTechnical, Account, Usage DataLegitimate interests; Legal obligation
To analyse usage and improve the PlatformTechnical, Analytics DataLegitimate interests (e.g., service improvement)
To process payments and provide invoices (if applicable)Identity, Payment, Contact, Transaction DataPerformance of a contract; Legal obligation
To send service communications and system notificationsContact, Account DataPerformance of a contract
To send marketing communications (where opted in)Contact, Marketing PreferencesConsent
To comply with legal obligationsAll relevant dataLegal obligation
To enforce our Terms or investigate fraud/misuseAccount, Credential, Technical, Contact DataLegitimate interests; Legal obligation

Where we rely on consent as the lawful basis, you may withdraw it at any time by contacting us or updating your preferences. Where we rely on legitimate interests, we always consider your rights and expectations and ensure the processing is proportionate.

7. How We Use Your Data

We use the personal data we collect for the following purposes:

a) Account Creation and Management

To register you as a user, set up your account, maintain your preferences, and enable secure login.

b) Credential Issuance and Verification

To facilitate the creation, issuance, receipt, and public or private verification of digital credentials and awards.

c) Service Delivery and Functionality

To operate, maintain, and improve the Platform, including customising your user experience and enabling features such as search, filtering, notifications, and account integrations.

d) User Support and Communication

To provide responses to technical issues, user enquiries, or complaints, and to send essential updates such as changes to terms, system alerts, or policy notices.

e) Analytics and Platform Optimisation

To analyse usage patterns, monitor system performance, detect errors or abuse, and make data-driven improvements to the functionality and security of the Platform.

f) Marketing and Communications

To send you updates, newsletters, or promotional content where you have opted in, and to measure the effectiveness of our marketing efforts.

g) Legal and Compliance Obligations

To comply with legal requirements (e.g. financial recordkeeping, fraud prevention) and respond to law enforcement requests or court orders.

h) Platform Integrity and Fraud Prevention

To monitor, investigate, and mitigate unauthorised access, abuse of the system, or misrepresentation in relation to credential issuance or sharing.

We do not use your personal data for automated decision-making or profiling that has a legal or similarly significant effect, unless explicitly disclosed and lawfully authorised (see Clause 15).

8. Data Sharing and Third-Party Processors

8.1 Internal Access

Your personal data is accessible only to authorised personnel within Certifi.World who require it to perform their job functions. Access is strictly limited and managed based on role and necessity.

8.2 Third-Party Processors

We may share your personal data with trusted third-party service providers who assist us in delivering the Platform and associated services. These include:

  • Cloud hosting and data storage providers
  • Payment processors
  • Customer support tools
  • Email and communication platforms
  • Analytics and monitoring services
  • Credential design or template providers (where integrated)
  • Partners (Creators and Community Owners)

All third parties are required to process your data in accordance with our instructions, maintain confidentiality, and implement appropriate security measures. We enter into formal data processing agreements with all such providers.

8.3 Credential Verification and Public Records

Where a digital credential is intended to be publicly shareable or verifiable, certain personal information (e.g. name, award title, issuing organisation) may be made available via a public verification page or embedded metadata, depending on issuer configuration and user consent.

8.4 Legal Compliance and Protection

We may disclose personal data where required to comply with applicable laws, legal obligations, or valid legal processes (e.g., court orders, regulatory requests). We may also disclose data to protect the rights, property, or safety of Certifi.World, our users, or others.

8.5 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate confidentiality protections.

8.6 No Sale of Data

We do not sell your personal data to third parties for commercial purposes under any circumstances.

9. International Data Transfers

9.1 Data Hosting and Transfers

Certifi.World is based in the United Kingdom, but some of our third-party service providers (e.g., cloud hosting, analytics, communications platforms) may operate or store data in jurisdictions outside the UK or the European Economic Area (EEA). Where we transfer your personal data internationally, we ensure that appropriate safeguards are in place to protect it in accordance with applicable data protection laws.

9.2 Adequacy Decisions

Where personal data is transferred to a country that has been formally recognised by the UK government as providing an adequate level of data protection, we rely on that adequacy decision as the lawful basis for transfer.

9.3 Standard Contractual Clauses

For transfers to countries not covered by an adequacy decision, we implement Standard Contractual Clauses (SCCs) or other appropriate contractual measures approved by the UK Information Commissioner’s Office (ICO) to ensure your data remains protected.

9.4 Additional Safeguards

Where necessary, we assess and implement additional safeguards (e.g., encryption in transit and at rest, limited access permissions) to protect your data during and after transfer.

9.5 User Consent (if applicable)

In limited circumstances, and only where other safeguards do not apply, we may rely on your explicit consent to transfer your data internationally. In such cases, we will inform you of the potential risks and seek your agreement before proceeding.

10. Data Retention

10.1 Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Providing access to and management of your account and credentials;
  • Complying with our legal, regulatory, tax, accounting, and reporting obligations;
  • Resolving disputes and enforcing our agreements.

The specific retention period depends on the type of data and the reason for its collection. For example:

  • Account and credential records are typically retained for the duration of your use of the Platform, and for a period of up to six (6) years thereafter;
  • Technical logs may be retained for up to 12 months for security and auditing purposes;
  • Financial transaction data is retained for at least six (6) years, in line with UK tax laws.

10.2 Credential Data

Credential-related information (such as digital certificates or badges) may be stored indefinitely to support long-term access and verification, unless you or the issuer request removal, or we are required to delete it by law.

10.3 Deletion and Anonymisation

Once the applicable retention period has expired, we will securely delete or anonymise personal data so that it can no longer be associated with you. In some cases, we may retain anonymised data for analytical or statistical purposes without further notice to you.

10.4 User Requests for Deletion

You may request the deletion of your personal data at any time (see Clause 11: Your Data Protection Rights). We will honour such requests unless we are required to retain the data for legal or operational reasons.

11. Your Data Protection Rights

Under the UK General Data Protection Regulation (UK GDPR) and related legislation, you have several important rights in relation to your personal data. These rights include:

11.1 Right to Access

You have the right to request access to the personal data we hold about you, including confirmation of whether we process your data and, if so, access to that data and certain related information.

11.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

11.3 Right to Erasure (“Right to be Forgotten”)

In certain circumstances, you may request that we delete your personal data. This right is not absolute and may be limited where we are required to retain data for legal or legitimate purposes.

11.4 Right to Restrict Processing

You have the right to ask us to suspend the processing of your personal data in specific situations—for example, if you contest its accuracy or object to our use of it.

11.5 Right to Data Portability

You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

11.6 Right to Object

You may object to the processing of your personal data where we rely on legitimate interests as the lawful basis. We will stop processing your data unless we have compelling legitimate grounds to continue, or where processing is required for legal claims.

11.7 Right to Withdraw Consent

Where processing is based on your consent (e.g. for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

11.8 Right to Lodge a Complaint

If you believe we have breached data protection laws, you have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office (ICO), or with your local supervisory authority if located outside the UK.

To exercise any of these rights, please contact us at:

📧 info@certifi.world

We aim to respond to all requests within one calendar month. We may need to verify your identity before fulfilling your request.

12. Cookies and Similar Technologies

12.1 Use of Cookies

We use cookies and similar technologies (such as web beacons, pixels, and local storage) to provide, enhance, and secure our Platform. These technologies help us:

  • Recognise you when you return to our Platform;
  • Keep you signed in to your account;
  • Understand how users interact with our services;
  • Personalise your experience;
  • Monitor the performance and reliability of the Platform;
  • Deliver relevant marketing content (with your consent, where required).

12.2 Types of Cookies Used

We use the following types of cookies:

  • Strictly Necessary Cookies – Essential for Platform functionality and security.
  • Performance and Analytics Cookies – Used to understand user behaviour and improve Platform performance.
  • Functionality Cookies – Enable personalisation and remember preferences.
  • Advertising and Targeting Cookies – Support delivery of tailored advertising (if applicable and where consented).

12.3 Managing Cookies

You can control or disable cookies via your browser settings or through the cookie consent tool available on our website. However, blocking some types of cookies may affect your experience and the availability of certain features.

12.4 Third-Party Cookies

Some cookies are set by third-party services integrated into the Platform (e.g., Google Analytics, Meta Pixel). These providers may collect information about your browsing activity across different sites. Please refer to their respective privacy and cookie policies for more details.

12.5 Cookie Policy

For full details, please refer to our separate Cookies Policy, which is incorporated into this Privacy Policy by reference.

13. Security of Your Personal Data

13.1 Security Measures

We take the protection of your personal data seriously and implement appropriate technical and organisational measures to safeguard it against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure user authentication and role-based access controls
  • Firewalls and network monitoring
  • Regular security audits and vulnerability assessments
  • Staff training and confidentiality obligations

13.2 Access Restrictions

Access to your personal data is limited to authorised personnel who require it for legitimate business purposes. All access is subject to strict confidentiality and data handling protocols.

13.3 Incident Response

We have robust procedures in place to detect, investigate, and respond to suspected data breaches. In the unlikely event of a breach that affects your rights or freedoms, we will notify you and the relevant supervisory authority (such as the ICO) in accordance with legal requirements.

13.4 User Responsibility

You are responsible for keeping your account credentials secure. We recommend using strong, unique passwords and logging out after use, especially when accessing the Platform from public or shared devices.

13.5 No Guarantee

While we take all reasonable steps to protect your data, no system can be guaranteed to be completely secure. You acknowledge that you provide your personal data at your own risk.

14. Children’s Privacy

14.1 Platform Not Intended for Children Under 13

The Certifi.World Platform is not intended for use by children under the age of 13, and we do not knowingly collect personal data from anyone under this age. If you are under 13, please do not use the Platform or provide any personal information.

14.2 Parental Consent for Users Aged 13–17

If you are aged 13 to 17, you may only use the Platform with the knowledge and consent of a parent or legal guardian. In such cases, we may require verification of parental consent in accordance with applicable data protection laws.

14.3 Requests for Data Removal

If we become aware that we have inadvertently collected personal data from a child under 13 without the appropriate consent, we will delete that data promptly. Parents or guardians who believe their child has submitted personal information may contact us at info@certifi.world to request its deletion.

14.4 Educational and Institutional Use

Where the Platform is used by schools, colleges, or training providers to issue credentials to minors, it is the responsibility of those institutions to ensure appropriate legal bases and consents are in place for any personal data submitted to us.

15. Automated Decision-Making and Profiling

15.1 No Legal or Significant Effects

Certifi.World does not use your personal data to make decisions that have legal or similarly significant effects on you based solely on automated processing, including profiling, within the meaning of UK GDPR Article 22.

15.2 Analytics and Personalisation

We may use limited forms of automated analysis (e.g., usage analytics or behavioural patterns) to improve our services, customise user experience, or provide tailored content. These processes do not result in decisions that significantly affect your legal rights or status.

15.3 Credential Metadata

Any metadata used to support the verification or presentation of a digital credential (such as timestamps or category tags) is generated automatically for functional purposes only and is not used to profile individuals or assess performance.

15.4 Your Rights

If we introduce any automated decision-making that does have legal or similarly significant effects, we will notify you and ensure that appropriate safeguards are in place, including your right to human intervention, to express your point of view, and to contest the decision.

17. Changes to This Privacy Policy

17.1 Right to Update

We may update or amend this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or service features. Any changes will be posted on this page with a revised “Last Updated” date at the top of the policy.

17.2 Notification of Material Changes

If we make material changes that significantly affect your rights or the way we process your personal data, we will take reasonable steps to notify you. This may include a prominent notice on the Platform, an email notification, or an in-account alert.

17.3 Reviewing the Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

17.4 Continued Use Constitutes Acceptance

Your continued use of the Platform after any changes to this Privacy Policy are published constitutes your acceptance of those changes, provided that you have been given a reasonable opportunity to review them.

18. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you can contact us using the details below:

Certifi World Ltd
Clockwise Offices, Bromley Old Town Hall, 30 Tweedy Road, Bromley, United Kingdom, BR1 3FE
📧 Email: info@certifi.world
Data Protection Officer: Desmond Agyekumhene

We aim to respond to all legitimate requests within one calendar month. For complex or high-volume requests, this period may be extended in accordance with UK GDPR.

19. Complaints and Regulatory Contact Information

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK’s supervisory authority for data protection:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
📞 Telephone: 0303 123 1113
🌐 Website: https://www.ico.org.uk

We would, however, appreciate the chance to deal with your concerns directly before you approach the ICO, so please contact us in the first instance.