Privacy Policy

BSERI (Beyond Systems Excellence and Reliability Institute) is committed to protecting the privacy and confidentiality of all personal information collected during our certification activities.

This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with ISO/IEC 17024 requirements for personnel certification bodies and applicable data protection laws.

As a professional certification body, we recognize our special responsibility to maintain the highest standards of data protection and confidentiality for all certification candidates and certified persons.

Personal Information

• Full name, date of birth, and contact information
• Educational qualifications and professional experience
• Employment history and current position details
• Identification documents for verification purposes
• Professional references and recommendations
• Payment and billing information

Certification-Related Information

• Application forms and supporting documentation
• Examination results and assessment records
• Training completion certificates
• Continuing professional development records
• Surveillance and maintenance activities
• Complaint and appeal records

Technical Information

• Website usage data and cookies
• Communication records (emails, phone calls)
• System access logs and security data

Primary Purposes

• Certification Processing: Evaluating applications, conducting assessments, and issuing certificates
• Verification Services: Confirming certification status to employers and third parties
• Competence Maintenance: Monitoring continuing professional development and surveillance activities
• Quality Assurance: Maintaining certification program integrity and compliance

Administrative Purposes

• Processing payments and managing accounts
• Communicating about certification activities and requirements
• Handling complaints, appeals, and customer service inquiries
• Statistical analysis and program improvement

Legal and Regulatory Compliance

• Meeting ISO/IEC 17024 requirements for personnel certification
• Complying with accreditation body requirements
• Responding to legal obligations and regulatory requests
• Maintaining certification program records as required by law

Authorized Sharing

• Accreditation Bodies: Required reporting and oversight activities
• Examination Partners: Qualified service providers under confidentiality agreements
• Verification Requests: Confirmation of certification status to authorized requesters
• Legal Requirements: Court orders, regulatory investigations, or legal obligations

Consent-Based Sharing

• Certificate holder directories (with explicit consent)
• Professional networking and recognition programs
• Marketing testimonials and case studies
• Research and industry analysis (anonymized data)

Prohibited Sharing

• Sale or rental of personal information to third parties
• Sharing with competitors or commercial entities without consent
• Disclosure of examination content or individual results
• Any use inconsistent with the purposes outlined in this policy

Technical Safeguards

• Encrypted data transmission and storage
• Secure servers with regular security updates
• Multi-factor authentication for system access
• Regular security audits and vulnerability assessments
• Backup and disaster recovery procedures

Administrative Safeguards

• Staff training on data protection and confidentiality
• Access controls based on need-to-know principles
• Confidentiality agreements with all personnel
• Regular privacy impact assessments
• Incident response and breach notification procedures

Physical Safeguards

• Secured office premises and data centers
• Restricted access to areas containing personal information
• Secure disposal of physical documents
• Environmental controls for equipment protection

Retention Periods

• Active Certification Records: Duration of certification plus 3 years
• Application Records: 7 years from final decision
• Examination Records: 5 years from examination date
• Complaint/Appeal Records: 10 years from resolution
• Financial Records: 7 years as required by law

Your Rights

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate information
• Portability: Request transfer of your data in machine-readable format
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests

For questions about this Privacy Policy or to exercise your rights, please contact us:

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will:

• Notify affected parties of material changes via email or website notice
• Provide at least 30 days notice before implementing significant changes
• Maintain previous versions for reference and comparison
• Update the "Last Modified" date at the top of this policy