Privacy Policy

CSC Scheme Privacy Policy

What is Personally Identifiable Information (PII)?

PII refers to any data that can identify, contact, or locate an individual, either alone or in combination with other information. This includes details such as:

• Name

• Address

• Date of Birth

• Telephone Number

• Email Address

• IP Address (your unique online identifier)

• Unique identifier numbers assigned by the Construction Industry Training Board (CITB)

PII may also include sensitive or special category data, such as health information, racial or ethnic origins, political opinions, religious beliefs, trade union membership, genetic or biometric data, or sexual orientation.

To provide our services, we require the following PII:

• Name

• Address

• Date of Birth

• Telephone Number

• Email Address

• IP Address

• CITB-assigned unique identifiers

Your Rights Under GDPR

You have the following legal rights regarding your PII:

• Right to be Informed: Understand how your PII is collected, stored, and used.

• Right to Access: Request access to your PII.

• Right to Object or Restrict: Object to or limit the processing of your PII.

• Right to Erasure: Request deletion of your PII.

• Right to Data Portability: Obtain an electronic copy of your PII.

• Right to Rectification: Correct inaccurate or incomplete PII.

To exercise these rights, submit a Subject Access Request (SAR) to our Data Protection Representative at info@cscscheme.co.uk. There is no fee for processing SARs unless requests are repetitive, unfounded, or excessive, in which case a reasonable administrative fee may apply. If we cannot fully meet your request due to exceptional circumstances, we will maintain open and timely communication as required by GDPR.

Payment Information

CSC Scheme does not process or store payment details directly. Upon confirming your purchase, you are redirected to our secure payment merchant’s platform. For details on their data handling practices, refer to their privacy policy, accessible on their website.

How We Process Your PII

To fulfill our contractual obligations, we collect and process the PII listed above. This is necessary for delivering the services you request, such as booking tests or processing card applications. We share your PII with the following trusted partners to complete these services:

• NCS Pearson Inc.: For test administration (Privacy Policy: https://home.pearsonvue.com/Legal/Privacy-and-cookies-policy.aspx#information-policy-relating-to-test-center-applications)

• HSS Training: For training services (Privacy Policy: https://www.hss.com/hire/privacy-policy)

Except as noted above, we do not share your PII with any other individuals or organizations, nor do we use it for marketing or profiling purposes.

Data Retention

Once our contractual obligations are fulfilled, we have no legal basis to retain your PII. However, for administrative purposes (e.g., addressing future inquiries or supporting repeat business), we retain your PII for 6 months. After this period, your data is automatically deleted from our database, and any related email correspondence is manually removed.

Data Storage

Your PII is stored on an encrypted server hosting our website database, managed under a controller-processor agreement. This agreement ensures our server provider securely stores and backs up your data without accessing or sharing it, adhering strictly to their role as a processor.

Data Security

We prioritize the security of your PII through:

• Regular security audits to identify and address vulnerabilities.

• Encrypted servers and Secure Socket Layer (SSL) technology for data submitted via our site (verifiable by the padlock symbol next to our URL).

• Secure payment processing through a third-party gateway, ensuring we do not store or process payment details.

When We Collect Information

We collect PII when you:

• Place an order.

• Complete a form.

• Enter information on our website.

Use of Cookies

We use cookies—small files stored on your device via your browser—to enhance your experience. Cookies help us:

• Manage shopping cart functionality.

• Understand user preferences based on site activity.

• Analyze aggregate site traffic and interaction data to improve our services.

We may use trusted third-party services, such as Google Analytics, to track this data. You can configure your browser to warn you about cookies or disable them entirely, though this may impact site functionality. Check your browser’s Help Menu for instructions.

Third-Party Disclosure

Aside from sharing data with NCS Pearson Inc. and HSS Training to fulfill services, we do not sell, trade, or transfer your PII to external parties.

Third-Party Links

Our website may include links to third-party products or services, which have independent privacy policies. We are not responsible for the content or activities of these sites but strive to maintain our site’s integrity and welcome feedback about linked sites.

Google Advertising

We use Google AdSense, which employs cookies (e.g., DART cookie) to serve ads based on your prior visits to our site or other websites. Google’s Advertising Principles ensure a positive user experience (see: https://support.google.com/adwordspolicy/answer/1316548?hl=en). You can opt out of personalized ads via:

• Google Ad Settings

• Network Advertising Initiative Opt-Out page

• Google Analytics Opt-Out Browser Add-On

We use first-party cookies (e.g., Google Analytics) and third-party cookies (e.g., DoubleClick) to track ad interactions and site performance.

Do Not Track Signals

We honor Do Not Track (DNT) signals and refrain from planting cookies or using advertising when a DNT mechanism is active in your browser.

Third-Party Behavioral Tracking

We do not permit third-party behavioral tracking.

Children’s Online Privacy Protection Act (COPPA)

Under COPPA, enforced by the U.S. Federal Trade Commission, websites must protect the privacy of children under 13. We do not market to or collect PII from children under 13, nor do we allow third-party ad networks or plug-ins to collect PII from them.

Fair Information Practices

In alignment with Fair Information Practices, we will notify you of any data breach via:

• Email within 7 business days.

• In-site notification within 7 business days.

We adhere to the Individual Redress Principle, allowing you to pursue enforceable rights against data collectors or processors who violate privacy laws, including recourse to courts or government agencies.

CAN-SPAM Act

The CAN-SPAM Act governs commercial email practices. We collect your email address solely to fulfill service-related communications. To unsubscribe from future emails, contact us at info@cscscheme.co.uk, and we will promptly remove you from all correspondence.

Contact Us

For questions about this Privacy Policy, reach out to:

• Website: cscscheme.co.uk

• Email: info@cscscheme.co.uk