Privacy Policy


IAOCR Privacy Policy


IAOCR Limited (company number 07677372) (“IAOCR”, “we”, “us” or “our”) is committed to protecting the privacy of its clients, participants of its accreditation programs and users of its website. We want to provide a safe and secure user experience. We will ensure that the information you submit to us, or which we collect, via various channels (including our website, through written correspondence (including e-mail), conversations or meetings with our employees), is only used for the purposes set out in this policy.

Through this Privacy Policy we aim to inform you about the types of personal data we collect from you, the purposes for which we use the data and the ways in which the data is handled. We also aim to satisfy the obligation of transparency.

For the purpose of this Privacy Policy the controller of personal data is IAOCR and our contact details are set out in the Contact section at the end of this Privacy Policy.


Your Right To Object

You have a legal right to object at any time to:

  • use of your personal information for direct marketing purposes; and
  • processing of your personal information which is based on our legitimate interests, unless there are compelling legitimate ground for our continued processing.


The Information we Collect

We will collect your first name, surname, email address and your date of birth. We will not collect sensitive personal information.

We may obtain further personal information about you during the course of our relationship with you.  This information may be obtained from you directly or from third parties, such as organisations you direct us to as part of the services we provide to you, e.g. your employing organisation.


How we use your Personal Information

We will hold, use and disclose your personal information, for our legitimate business purposes including to:

  1. Provide our services to you;
  2. Maintain our business relationship with you;
  3. Fulfil contractual obligations to you; and
  4. Release personal information to regulatory or law enforcement agencies, if we are required or permitted to do so.


The Legal Basis for Processing your Personal Information

Under data privacy laws, the main grounds that we rely upon in order to process personal information of our clients and their learners are the following:

(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;

(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data.   We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;

(c) Necessary for the purposes of legitimate interests –  we will need to process your personal data for the purposes of our legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected.  Our legitimate interests include responding to requests and enquiries from you, optimising our website and customer experience and ensuring that our operations are conducted in an appropriate and efficient manner;

(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.


How we Store your Personal Information

We do not have any servers of our own. The security of your personal data is important to us so your personal data is only held on servers owned by reputable third parties. Where a third party’s server is located outside the United Kingdom, the contract with the third party will contain the Standard Contractual Clauses and comply with the European Commission’s adequacy decisions as applicable.


How we Share your Personal Information

In certain, limited, circumstances we will share your personal information with other parties.  Details of those parties are set out below along with the reasons for sharing it.


Trusted Third Parties

We will share your personal information with third parties who perform functions on our behalf and provide services to us such as providing information to third parties for accreditation purposes as part of the system for complying with the requirements of any relevant qualifications and credits frameworks.

We require minimum standards of confidentiality and data protection from such third parties.  In the unlikely event that any personal information is provided to third parties outside the United Kingdom, or who will access the information from outside the United Kingdom, we will ensure that approved safeguards are in place.


Regulatory and Law Enforcement Agencies

As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted by law, we may disclose certain personal information to such bodies or agencies.


New Business Owners

If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors.  If this happens, you will be sent notice of such event.


How Long we will Hold your Information

The length of time we will hold or store your personal information for will depend on the services we perform for you and for how long you require these but we will not hold this information for longer than we deem necessary. We conduct regular data-cleansing and updating exercises to ensure that

(a) the data that we hold is accurate; and

(b) we are not holding data for too long.


Your Rights on Information we Hold About You

You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below.  We will require evidence of your identity before we are able to act on your request.


Right of Access

You have the right at any time to ask us for a copy of the personal information about you that we hold.  Where we have good reason, and if the law permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.


Right of Correction or Completion

If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.  You can let us know by contacting us using any of the methods in the Contact section below


Right of Erasure

In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.


Right to Object to Or Restrict Processing

In certain circumstances, you have the right to object to our processing of your personal information by contacting us using any of the methods in the Contact section below.  For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests.   You also have the right to object to use of your personal information for direct marketing purposes.

You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.


Right of Data Portability

In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.

You can ask us to transmit that information to you or directly to a third party organisation.

The above right exists only in respect of personal information that:

  • you have provided to us previously; and
  • is processed by us using automated means.

While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.

You can exercise any of the above rights by contacting us using any of the methods in the Contact section below.

Most of the above rights are subject to limitations and exceptions.  We will provide reasons if we are unable to comply with any request for the exercise of your rights.




To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.  You can do this by contacting us using the details in the Contact section below.


Use of Cookies

Like most websites, when you visit our sites we place cookies on your computer or other device.  For the most part, these cookies are used to enable the websites’ functionality, improve the user experience or help us to optimise our website, measure traffic and other internal management purposes.

You can find out more about our use of cookies, including how to reject cookies, in our Cookie Policy.




If you are unhappy about our use of your personal information, you can contact us using the details in the Contact section below.

You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:

Telephone: 0303 123 11113  Website:


Post:    Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


Internet-based Transfers

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


Changes to our Privacy Policy

This privacy policy can be changed by IAOCR at any time. If we change our privacy policy in the future, we will advise you of material changes or updates to our privacy policy by email.



If you have any enquires or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us either by email or letter to the following address:-


Post: IAOCR Ltd, Bray Business Centre, Weir Bank, Monkey Island Lane, Bray, Berkshire, England, SL6 2ED


If you have a complaint please contact us either by email or letter to the following address:-

Contact name: Vicki Booth


Post: IAOCR Ltd, Bray Business Centre, Weir Bank, Monkey Island Lane, Bray, Berkshire, England, SL6 2ED


When you contact us, we will ask you to verify your identity.

Our registered office is at IAOCR Limited, Bray Business Centre Weir Bank, Monkey Island Lane, Bray, Berkshire, England, SL6 2ED.


This privacy policy was updated 20th December 2022.