Scroll down this page to view all aspects of our Privacy Protection Notice and Methods.
COOKIE POLICY
This Cookie Policy explains how [Your Organisation Name] (“we”, “us”, “our”) uses cookies and similar technologies on our website www.examcentre.org and associated sub-domains. This policy complies with the Privacy and Electronic Communications Regulations (PECR), the UK GDPR, the Data Protection Act 2018, and guidance from the Information Commissioner’s Office (ICO).
This Cookie Policy is separate from our Data Protection / GDPR Policy.
1. What Are Cookies?
Cookies are small text files stored on your device (computer, tablet, mobile) when you visit a website. They allow websites to recognise your device and store some information about your preferences or past actions.
We use cookies to make our website function correctly, improve site performance, understand how visitors use our services, and personalise content.
Cookies may be:
Session cookies: deleted when you close your browser
Persistent cookies: kept until they expire or are removed
First-party cookies: placed by our website
Third-party cookies: placed by external service providers (e.g., Google, YouTube, Stripe)
2. Legal Basis for Cookie Use
Under PECR, cookies that are not strictly necessary require prior informed consent from the user.
This includes analytics, advertising, tracking, or personalisation cookies.
Strictly necessary cookies do not require consent.
Your cookie preferences are recorded and stored for compliance purposes.
3. How We Obtain Your Consent
When you first visit our website, and in the rare event that we are collecting cookie data, you will see a cookie banner that:
Clearly states that we use cookies Provides a link to this Cookie Policy Allows you to accept all, reject all, or customise preferences
You may change or withdraw your consent at any time by clicking the Cookie Settings link in the website footer.
We record proof of consent as required under UK GDPR Article 7.
4. Types of Cookies We Use
Below is a full description of cookies that may be used across our website.
4.1. Strictly Necessary Cookies (No Consent Required)
These cookies are essential for the website to function and cannot be disabled.
Examples include:
Security and authentication cookies
Online payment cookies (e.g., Stripe session cookies)
Form submission cookies
Load-balancing and server performance cookies
Purpose:
Enable navigation, secure login, payment processing, fraud prevention, and site stability.
4.2. Performance & Analytics Cookies (Consent Required)
If used, these cookies help us understand how visitors interact with the website.
Typical providers include:
Google Analytics 4 (GA4)
Cloudflare Analytics
Server-side traffic logs
Data collected may include:
Pages visited
Time spent on site
Device type
Browser type
Approximate geographic region (not precise location)
Purpose:
Improve website usability, track broken links, and analyse service interest.
These cookies do not collect names, email addresses, or exam booking details.
4.3. Functionality Cookies (Consent Required)
If used, these cookies enable enhanced website features, such as:
Remembering login details
Saving form progress
Keeping accessibility preferences
Allowing embedded content (e.g., YouTube videos)
If disabled, certain features may not work properly.
4.4. Advertising & Social Media Cookies (Consent Required)
If used, these are from third-party providers such as:
Google Ads
Facebook Pixel
Instagram or TikTok pixels
YouTube tracking cookies
Purpose:
Measure advertising performance and deliver relevant content.
We currently do not actively run targeted ads, but third-party embedded content (e.g., YouTube) may still place cookies.
5. Third-Party Cookies
Some cookies are set by services we may use (from time-to-time) to support site functionality, including:
Google (Analytics, reCAPTCHA, YouTube)
Analytics measurements
Spam prevention
Video embedding
Stripe Payments
Fraud prevention
Transaction security
Payment processing
Cloudflare
Security
Traffic routing
Performance optimisation
Each third party has its own privacy/cookie policies.
6. Cookies We May Use
| Cookie Name | Type | Provider | Purpose | Duration |
|---|---|---|---|---|
| _GRECAPTCHA | Necessary | Bot prevention | Session | |
| __cf_bm | Necessary | Cloudflare | Security & fraud protection | 30 mins |
| __stripe_mid | Necessary | Stripe | Payment processing | 1 year |
| __stripe_sid | Necessary | Stripe | Payment processing | Session |
| _ga | Analytics | Visitor statistics | 2 years | |
| _gid | Analytics | Traffic analysis | 24 hours | |
| YSC | Advertising/YouTube | Video interaction | Session | |
| VISITOR_INFO1_LIVE | Advertising/YouTube | Bandwidth estimation | 6 months |
7. How to Control or Delete Cookies
You may:
Accept all cookies Reject all cookies (except strictly necessary cookies) Customise cookie categories Withdraw consent at any time
Browser settings
Most browsers allow you to block, delete, or restrict cookies.
Instructions:
Chrome: chrome://settings/cookies
Safari: Preferences → Privacy
Firefox: Preferences → Privacy & Security
Edge: Settings → Site Permissions → Cookies
Blocking cookies may affect website functionality.
8. Do We Use Cookies to Process Personal Data?
Some cookies (e.g., analytics or advertising) may indirectly process pseudonymised data, such as unique IDs.
We do not combine cookie data with exam records, student information, parent contact details, or staff files.
Where cookies process personal data, we comply with:
UK GDPR Articles 5, 6, 13, 14
PECR Regulation 6 (Consent for Cookies)
ICO Guidance on Cookies (2023)
9. International Transfers
Some third-party cookie providers (e.g., Google, Stripe, YouTube) store data outside the UK/EU.
Transfers rely on:
UK Adequacy Regulations
ICO-approved International Data Transfer Agreements (IDTAs)
Contractual safeguards
Full details are available in our Privacy & GDPR Policy.
10. Updates to This Cookie Policy
We may update this policy to reflect:
Changes in technology
Changes to UK GDPR or PECR
Changes in services we offer
Cookie banner updates
Changes will be posted with a new “Last Updated” date.
11. Contact Us
If you have questions about this Cookie Policy or your data rights, contact us:
Email: info@examcentre.org
Website: https://www.examcentre.org
Supervisory Authority: Information Commissioner’s Office (ICO)
DATA PROTECTION & INFORMATION HANDLING POLICY
For ExamCentre.org
A. Purpose and Scope of This Policy
ExamCentre.org (the “Centre”) processes personal information belonging to examination candidates, external applicants, parents/guardians, and authorised staff.
This document explains:
why personal data is collected,
the legal grounds permitting its use,
how long different categories of information are retained, and
the protective measures in place to ensure compliance with:
UK GDPR, Data Protection Act 2018 (DPA 2018),
and the Information Commissioner’s Office (ICO) statutory guidance.
This policy applies to all digital and paper-based data processed by the Centre.
B. Legal Foundations for Processing
The Centre processes personal data under the following lawful bases:
Article 6(1)(b) UK GDPR – processing necessary for performance of a contract (exam registration, payment processing, issuing results).
Article 6(1)(c) UK GDPR – compliance with legal obligations (record keeping required by the Tax Authorities).
Article 6(1)(f) UK GDPR – legitimate interests (maintaining examination records, responding to awarding-body queries, fraud prevention).
Article 6(1)(a) UK GDPR – consent (email notifications not relating to exam operations).
Article 9(2)(g) UK GDPR – processing safeguarding information for substantial public interest.
DPA 2018, Schedule 1, Part 2, Paragraph 4 – safeguarding and regulatory compliance.
C. Categories of Data the Centre Processes
1. Application and Pre-Registration Data
Collected through exam application forms.
Includes identification data, contact details, access-arrangements information, and exam entries.
Legal basis:
Article 6(1)(b): necessary for exam registration.
Article 6(1)(c): safeguarding and regulatory duties.
2. Examination Records and Grades
Stored after examination sitting, including mark sheets, awarding-body results, and correspondence.
Legal basis:
Article 6(1)(f): legitimate interest in confirming past exam attendance.
Article 6(1)(c): compliance with awarding-body and statutory audit requirements.
3. Financial and Accounting Information
Invoices, fee payments, refunds, fraud-prevention data.
Legal basis:
Article 6(1)(c): Companies Act 2006, HMRC regulations.
POCA 2002 & Money Laundering Regulations 2017 (financial crime prevention).
4. Safeguarding Information
Any data relating to protection of minors or vulnerable candidates.
Legal basis:
Article 6(1)(c) and Article 9(2)(g).
“Working Together to Safeguard Children” (DfE 2023).
DPA 2018 Schedule 1, Part 2.
D. How Data Is Processed
1. Collection
Data is gathered through:
secure online exam entry forms,
identity verification at the Centre,
awarding-body documentation.
2. Storage
All personal data is stored:
on encrypted servers,
with access restricted to authorised staff only,
in accordance with Article 32 UK GDPR (security of processing).
3. Use
Data is only used for:
exam administration,
issuing results and certificates,
verifying past attendance,
responding to awarding-body or regulatory enquiries.
No data is ever sold or shared with marketing organisations.
4. Sharing (Limited and Lawful Only)
Data may be shared with:
awarding bodies (for exam entry),
HMRC (when legally required),
safeguarding authorities.
All sharing adheres to Article 5(1)(c) UK GDPR – data minimisation.
E. Data Retention Schedule
This table is completely rewritten and differently structured from the original.
| Type of Data | Retention Period | Legal Basis / Reference |
|---|---|---|
| Exam Application Forms | 6 years after final entry | UK GDPR Art. 5(1)(e); Legitimate Interest Art. 6(1)(f) |
| Exam Records & Grades | 6 years minimum | DPA 2018 Sch.1 Pt.2; Awarding-body audit rules |
| Safeguarding Reports | Until candidate turns 25 | “Working Together to Safeguard Children” (DfE 2023) |
| Financial/Payment Data | 6 years after financial year-end | Companies Act 2006; HMRC Rules; Finance Act 1998 |
| Payroll & Staff Records | 6 years post-employment | Income Tax (PAYE) Regulations 2003; Article 6(1)(c) |
| CCTV (if applicable) | 30 days unless needed for an investigation | ICO CCTV Code; Article 6(1)(f) |
| Unsuccessful Exam/Job Applicants | 6 months only | ICO Code (2021); Article 6(1)(f) |
| Email Subscription Lists | Until withdrawal of consent | Article 6(1)(a) |
F. Right to Erasure (Article 17 UK GDPR)
Applicants may request deletion of their data, except where legal exemptions apply.
Erasure cannot be granted where data is required for:
HMRC compliance (Companies Act 2006; Finance Act 1998),
fraud monitoring (POCA 2002),
statutory record keeping (Money Laundering Regulations 2017),
safeguarding records (DfE 2023 guidance),
confirming past exam attendance (legitimate interest, Art. 6(1)(f)).
Therefore, while general contact details may be deleted upon request, financial and safeguarding data must be retained for the periods set out above.
G. Our Security Measures
To comply with Article 32 UK GDPR, the Centre ensures:
encrypted storage systems,
password-controlled access tiers,
breach reporting procedures compliant with Articles 33–34,
annual policy reviews under Article 5(2) (accountability),
mandatory staff training in data protection.
H. Annual Review and Accountability
The Centre records all processing activities as required under:
Article 30 UK GDPR (Record of Processing Activities),
DPA 2018 Accountability Framework.
This policy is reviewed annually or upon changes to UK data-protection law.
I. Key Legislation Referenced
UK GDPR, Data Protection Act 2018, Companies Act 2006, HMRC Record Keeping Regulations, Finance Act 1998, Income Tax (PAYE) Regulations 2003, Proceeds of Crime Act 2002, Money Laundering & Transfer of Funds Regulations 2017, Working Together to Safeguard Children (DfE 2023), ICO Employment Practices Code (2021)
Data Protection Officer: Mr Alan Felding. Email: info@examcentre.org. The Information Commissioner’s Office (ICO) can be reached on: https://ico.org.uk/make-a-complaint/