Privacy policy

This policy outlines how JCQ collects, uses, and retains personal information, and the circumstances under which it may be shared.

JCQ collects and processes personal data relating to customers and member organisations under the lawful bases of legitimate interest, contractual necessity, and legal obligation, as defined by the UK General Data Protection Regulation (UK GDPR). This data is used to support JCQ’s operational functions, governance, and service delivery.

JCQ acts as a data controller in relation to this information, determining the purposes and means of processing. Where third-party providers process data on JCQ’s behalf, they do so as data processors under contractual agreements that ensure compliance with data protection legislation.

JCQ does not hold individual disaggregated student data.
JCQ maintains a separate internal privacy policy for employees and their information.
JCQ collects different types of personal data through the following three sources:

• Personal information voluntarily provided to JCQ through correspondence may include contact details, age, gender, and other personal circumstances relevant to the examination process. This data may be retained for a maximum period of 7 years where deemed necessary.
• JCQ maintains records of meeting attendees, survey respondents, service users – i.e. calls, emails, and postal interactions with our website, office, and services including the JCQ Centre Inspection Service, Access Arrangements Online, and the National Centre Number Register. These records are retained for audit, training, and service improvement purposes. Further information about these services is available on our website. This data may be retained for a maximum period of 7 years where deemed necessary.
• JCQ retains records relating to its committees and members to ensure transparency, accountability, and continuity in decision-making processes. These records may include meeting minutes, correspondence, membership details, and documentation of policy development or operational decisions. Retaining such information supports audit requirements, facilitates historical reference, and enables effective governance and collaboration across JCQ’s member bodies. This data may be retained for the life of the company where necessary due to evidence and accountability.

JCQ retains personal data only as long as necessary to complete specific tasks. Once your query is resolved, your message will be archived where necessary and deleted in accordance with relevant retention periods. 

For more information on data protection, visit: Data Protection Act 2018.  

To request access to your personal data, submit a Subject Access Request by emailing info@jcq.org.uk.  

JCQ uses secure systems managed by Cloud Direct, protected by encryption and firewalls. These systems are regularly audited. No personal data collected by JCQ is transferred overseas. 

JCQ may share personal data with regulatory bodies, UK government departments and member organisations when legally justified. Each request is reviewed on a case-by-case basis. 

JCQ uses a number of third-party systems to conduct our business. Further details are included as follows:

Microsoft Office 365

JCQ uses Microsoft Office 365 to manage communications and store certain records, including personal data. These services are hosted in secure environments and comply with UK GDPR and relevant data protection standards. Data processed via Office 365 is protected by encryption and access controls and is not transferred outside the UK by our IT managed service provider. 

TOPdesk

JCQ uses TOPdesk CRM to manage and track service requests, enquiries, and internal workflows. This system may store personal data submitted through support channels to ensure efficient handling of queries and service improvements. All data processed within TOPdesk is managed securely and in accordance with UK GDPR, with access restricted to authorised personnel only. Data is retained only for as long as necessary to fulfil its intended purpose, with a maximum retention policy of 7 years where deemed necessary. 

Mailchimp

JCQ uses Mailchimp, a third-party email marketing platform, to manage and distribute certain communications, such as newsletters or programme updates. When you subscribe to receive updates, your email address and any other relevant contact information may be stored and processed by Mailchimp.

This data is handled in accordance with UK GDPR and Mailchimp’s own privacy and security standards. JCQ ensures that Mailchimp does not use your data for any purpose other than delivering JCQ communications. You can unsubscribe at any time using the link provided in each email or by contacting us directly. 

IT managed services

JCQ uses a third-party IT managed service provider, KCS Ltd, to support its infrastructure, systems, and data security. This is covered under a strict contractual agreement that ensures compliance with UK GDPR and data protection legislation.

The provider is required to implement appropriate technical and organisational measures to safeguard personal data. All personal data processed by the provider is stored within the UK and is not transferred outside the UK. 

A2C: JCQ data transport application

JCQ is supported by Avco Systems in the delivery and maintenance of the data transport application. Avco provides technical infrastructure and services that may involve the processing of limited personal data, such as email addresses submitted for data transport updates.

All data processed by Avco on behalf of JCQ is handled under strict contractual agreements that ensure compliance with UK GDPR and data protection legislation. Avco is required to implement appropriate security measures and does not use the data for any purpose other than supporting the data transport application.

You may voluntarily subscribe to updates about the A2C Programme by providing your email address. This is not required to download specifications. Your email will only be used for this purpose and will not be shared with third parties.

To unsubscribe, email a2c@jcq.org.uk with ‘A2C updates’ in the subject line and ‘Unsubscribe’ in the body. Your request will be processed within five working days.

The JCQ website

JCQ does not collect, store, or analyse personal data from visitors browsing the public pages of our website. However, we use Google Analytics to understand which areas of our site are most frequently visited, how users arrive at our site, and which search terms are commonly used. 

Google Analytics helps us improve site navigation and accessibility. It uses cookies to collect non-personal data about website usage. 

Cookies are small files placed on your device by your browser to identify it during website use. JCQ uses the following types of cookies: 

• Session Cookies: Temporarily stored during browsing and deleted when the browser is closed. These do not identify individuals. 
• Analytical Cookies: Help us understand user interaction with our website. These cookies track visits and page views but do not collect personal data. 

You can manage or delete cookies via your browser settings.  

JCQ’s website is hosted by a third-party provider. Where personal data is stored or processed via this hosting service (e.g. through contact forms or analytics), it is done under strict contractual agreements that ensure compliance with UK GDPR. The provider is required to implement appropriate security measures to protect personal data.