QA Assessor (“QA Assessor”, “we”, “us”, “our”) provides training and related services globally from our operations in London, United Kingdom and Uttar Pradesh, India.

We act as the data controller under UK data protection law and as the data fiduciary under India’s Digital Personal Data Protection Act, 2023 (DPDPA) for the personal data we collect in connection with our services.

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at: info@qaassessor.com.

This Privacy Policy explains how we collect, use, store and protect personal data when you:

• Visit or use our websites and online platforms
• Enrol in or attend our training courses or exams
• Communicate with us by email, phone, WhatsApp, LinkedIn or other channels
• Receive marketing communications from us

It also explains your rights under UK data protection law and India’s Digital Personal Data Protection Act, 2023.

We collect and process only the personal data necessary for client contracts, service delivery, training and legal compliance.

When you enquire about, enrol in, or attend our training, we may collect:

• Name
• Email address
• Contact number
• Country and, where relevant, address details
• Curriculum Vitae (CV) or professional profile, to verify competence and experience for lead auditor and similar courses
• Course enrolment details and attendance information
• Evaluation, exam results, certificates and training records
• Payment-related information such as amount, date and reference (your full card or bank details are handled directly by Wise, PayPal and local banks, not stored by us)

For organisations that engage us, we may collect:

• Name and contact details of key contacts
• Role, organisation and business contact information
• Contract, proposal and invoicing details

When you use our websites or online tools (for example Moodle or Zoom), we may collect:

• Technical data such as IP address, browser type, device information and approximate location
• Usage data such as pages visited, time spent and interactions with our content
• Information you submit through online forms (enquiries, registrations, feedback)

We use hosting and infrastructure services provided by Namecheap and IONOS, which means your data may be stored securely on their servers acting as our service providers.

If you contact us or subscribe to communications, we may collect:

• Email address, phone number, WhatsApp number or LinkedIn profile
• Your communication preferences and consent status
• Records of communications (for example emails and messages)
• Marketing engagement data, such as opens and clicks, when we send emails via tools like Mailjet

We only use your personal data when we have a clear purpose and a lawful basis to do so.

We use your data to:

• Process enquiries and registrations
• Assess your eligibility and competency for lead auditor and other courses (based on CV and experience)
• Deliver training, exams and related services, including via Moodle, Zoom and Microsoft Office tools
• Issue certificates, confirmations and related documents
• Provide learner support and respond to your requests

Legal basis: performance of a contract or steps taken at your request before entering into a contract (UK GDPR); necessity for providing services you request (DPDPA).

We also use data to:

• Maintain accurate financial and training records
• Issue invoices and manage payments through Wise, PayPal and local banks
• Comply with tax, accounting and other legal obligations in the UK and India
• Maintain security, backups and logs to protect our systems and services

Legal basis: legal obligation and our legitimate interests in effective business administration and security.

We may:

• Send you information about courses, services and updates that are relevant to you
• Communicate with you via email, WhatsApp, LinkedIn or other channels you use with us
• Manage your marketing preferences and opt-outs

For individuals, we rely on your consent where required (for example, newsletter sign-ups) or on our legitimate interests in promoting our services, always giving you a clear option to opt out at any time.

We do not sell or share your personal data with any third party for their own independent marketing or commercial purposes.

We only share personal data with trusted service providers who support our operations and act on our instructions, including:

• Hosting and infrastructure: Namecheap, IONOS and similar providers (website, email and domain services)
• Learning and communication tools: Moodle (LMS), Zoom (online training), Microsoft Office / Microsoft 365, WhatsApp, LinkedIn
• Email and messaging: Mailjet and similar email delivery services
• Payments: Wise, PayPal and local banks for processing payments

These providers act as our processors or service providers and only process personal data under our instructions and for our purposes, with appropriate contractual and security measures in place.

We offer services globally from the UK and India, which may involve storing or accessing personal data on servers located in other countries, depending on the providers used (for example hosting or email infrastructure).

When we transfer personal data from the UK to countries outside the UK, we rely on adequacy regulations where applicable or appropriate safeguards such as standard contractual clauses or equivalent protections.

For India DPDPA, we follow any restrictions or notifications issued by the Central Government regarding transfers to specific countries and ensure reasonable security safeguards are in place.

We keep personal data only for as long as necessary for the purposes described in this Policy or as required by applicable law.

• Training and learner records (including CV, enrolment details, exam results, certificates): kept for a minimum of 5 years from the date of your last interaction or course, to evidence training, respond to queries and meet contractual and legal requirements.
• Invoices and financial records: kept for at least 5 years or longer if required by UK or Indian tax and accounting laws.
• Marketing contact details: kept while you remain subscribed or engaged. If you unsubscribe or we detect long-term inactivity, we will either delete or appropriately anonymise your details, unless we need to retain basic information to respect your opt-out choice.

We may keep data for longer where necessary in connection with ongoing disputes, audits, regulatory investigations or to protect our legal rights.

Our websites and online platforms may use cookies and similar technologies to:

• Enable the site and platforms to function properly
• Understand how visitors use our website and improve performance
• Remember preferences where applicable

Where required, we will display a cookie notice or banner explaining the types of cookies used and how you can manage your preferences through your browser or other tools.

If you are in the UK (or where UK GDPR applies), you have rights over your personal data, subject to legal conditions and exemptions, including:

• Right to be informed about how we use your data
• Right of access to your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) in certain circumstances
• Right to restrict processing in certain situations
• Right to data portability for certain data
• Right to object to certain processing, including marketing
• Right not to be subject to automated decision-making producing legal or similarly significant effects (we do not currently use such automated decisions)

If DPDPA applies to you as a Data Principal, you have rights including:

• The right to obtain a summary of your personal data processed by us
• The right to correct, complete, update and erase your personal data in accordance with the Act
• The right to withdraw consent where processing is based on consent
• The right to grievance redressal

We will ensure that requests are handled in line with applicable laws and within the timelines prescribed.

To exercise any of your rights or to raise a privacy-related concern or complaint, please contact us at:

Email: info@qaassessor.com

To help us process your request, please:

• Explain which right you want to exercise or what information you require
• Provide enough information for us to identify you and locate your data (for example, courses attended, dates, email used)

We may need to ask for additional information to verify your identity where allowed or required by law.

If you are not satisfied with our response:

• In the UK: you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Details are available at www.ico.org.uk.
• In India: once the Data Protection Board of India is fully operational, you may raise a complaint in accordance with procedures prescribed under the DPDPA.

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure.

• Use of reputable hosting and infrastructure providers such as Namecheap and IONOS
• Access controls and role-based access on a need-to-know basis
• Use of established platforms such as Moodle, Zoom and Microsoft Office with reasonable security settings
• Backups and monitoring where appropriate

No system is completely secure, but we work continuously to reduce risks to a level appropriate to the nature of the data and our operations.

Our services are aimed at adult professionals. We do not knowingly offer training services to children under 18 or knowingly collect their personal data.

If you believe we have collected personal data about a child, please contact us at info@qaassessor.com so we can investigate and take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal requirements or how we handle personal data.

When we make significant changes, we will update the “Last updated” date and, where appropriate, notify you by email or by a notice on our website.

Last updated: 28 February 2026.