Privacy Policy

Effective Date: 6 November 2025

Last Updated: 6 November 2025

Training Intelligence (TIQ) Ltd ("we," "us," or "our") operates the TIQ Admin platform (the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you use our website or application, in compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

1. Data Controller

Training Intelligence (TIQ) Ltd is the data controller responsible for your personal data. Our contact details are:

Training Intelligence (TIQ) Ltd
Email: myaccount@tiqplus.com
Data Protection Officer: dpo@tiqplus.com

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Full name, email address, password (hashed), organization name, role/job title
• Profile Information: Department, custom user attributes, learning preferences
• Learning Data: Course enrollments, lesson progress, assessment responses, quiz scores, certificates
• Skills Data: Competency assessments, skill levels, professional development records
• Payment Data: Billing address, payment method details (processed by our PCI-compliant payment processor)

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on lessons, button clicks, navigation patterns
• Technical Data: IP address, browser type and version, device identifiers, operating system, screen resolution
• Session Data: Login timestamps, session duration, authentication tokens (encrypted)
• Audit Logs: System actions, data access logs, security events

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies. For detailed information, see our Cookie Policy. You can manage your cookie preferences in your Privacy Settings.

3. Legal Basis for Processing

Under UK GDPR, we must have a legal basis to process your personal data. We process your data based on:

• Contract: Processing necessary to provide the Service to you (e.g., account creation, course delivery, assessments)
• Consent: For optional features like analytics cookies, marketing communications, and employer data sharing (you can withdraw consent at any time)
• Legal Obligation: To comply with UK laws (e.g., tax records, training provider regulations, audit logs)
• Legitimate Interests: For fraud prevention, security monitoring, and improving our Service (balanced against your rights and freedoms)

4. How We Use Your Information

• Service Delivery: To provide, maintain, and improve the learning platform
• Authentication & Security: To verify your identity and protect your account
• Learning Management: To track your progress, issue certificates, and personalize your learning experience
• Communication: To send important updates, security alerts, course reminders, and support messages
• Analytics: To understand how users interact with the platform and improve features (only with your consent)
• Marketing: To send information about new courses and features (only with your consent - you can opt-out anytime)
• Employer Reporting: To share your learning progress with your employer (only with your explicit consent)
• Compliance: To meet legal obligations and maintain audit trails

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share your data with trusted service providers who assist us in operating the Service:

• AWS (Amazon Web Services): Cloud hosting and database services (UK region: eu-west-2 London)
• Payment Processors: For handling transactions (PCI-DSS compliant)
• Email Service Providers: For sending transactional and marketing emails
• Analytics Providers: Only if you consent to analytics cookies

All service providers are contractually required to protect your data and use it only for specified purposes.

5.2 Employer Data Sharing (B2B Learners)

If you are enrolled through your employer, we may share your learning progress, assessment scores, and completion status with your employer only if you have given explicit consent in your Privacy Settings. You can withdraw this consent at any time.

5.3 Legal Requirements

We may disclose your data if required by law, to:

• Comply with legal obligations or court orders
• Respond to lawful requests from regulatory authorities
• Protect our rights, property, or safety, or that of others
• Detect, prevent, or investigate fraud or security issues

5.4 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you and ensure the new entity honors this Privacy Policy.

5.5 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

6.1 Right to Access (Article 15)

You can request a copy of all personal data we hold about you. Visit your Privacy Settings and click "Download My Data" to receive a JSON file containing all your information.

6.2 Right to Rectification (Article 16)

You can update or correct your personal information at any time through your account settings.

6.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request permanent deletion of your account and associated data. Visit your Privacy Settings and follow the account deletion process. Please note:

• Some data must be retained for legal compliance (e.g., certificates for 7 years per training provider regulations)
• Audit logs will be anonymized rather than deleted (legal requirement)
• This action is irreversible

6.4 Right to Restrict Processing (Article 18)

You can request that we limit how we use your data while we investigate a dispute or concern. Contact us at myaccount@tiqplus.com.

6.5 Right to Data Portability (Article 20)

You can receive your data in a structured, machine-readable format (JSON) for transfer to another service. Use the "Download My Data" feature in your Privacy Settings.

6.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing. Manage your preferences in your Privacy Settings.

6.7 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing. Update your consent preferences in your Privacy Settings.

6.8 Right to Lodge a Complaint

If you believe we have not handled your data properly, you have the right to complain to the UK Information Commissioner's Office (ICO):

ICO Contact Details:
Website: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

7. Data Security

We implement comprehensive security measures to protect your personal data:

• Encryption: Data encrypted in transit (HTTPS/TLS) and at rest (AES-256)
• Authentication: Strong password requirements, session management, MFA support
• Access Controls: Role-based access control (RBAC), least privilege principle
• Infrastructure: AWS security best practices, VPC isolation, regular security patches
• Monitoring: Continuous security monitoring, intrusion detection, audit logging
• Backup: Regular encrypted backups with disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary:

• Account Data: Until you delete your account + 30 days for backup purging
• Learning Progress: 7 years after course completion (training provider legal requirement)
• Certificates: 7 years (regulatory compliance - may be anonymized if you delete your account)
• Assessment Records: 7 years (quality assurance and awarding body requirements)
• Audit Logs: 7 years (legal obligation - anonymized if you delete your account)
• Session Logs: 90 days (security monitoring)
• Marketing Consent: Until withdrawn or account deleted

9. International Data Transfers

All your data is stored in the United Kingdom (AWS eu-west-2 London region). We do not transfer your data outside the UK or European Economic Area (EEA), ensuring full compliance with UK GDPR.

If we ever need to transfer data internationally, we will use appropriate safeguards such as:

• Adequacy decisions from the UK government
• Standard Contractual Clauses (SCCs) approved by the ICO
• Binding Corporate Rules (BCRs)

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it.

11. Automated Decision-Making and Profiling

We may use automated processing for:

• AI-Generated Assessments: Questions are generated by AI based on course topics. You have the right to request human review of any assessment results.
• Learning Recommendations: We may suggest courses based on your skills and progress. These are recommendations only and do not affect your access to any features.
• Skills Assessment: Automated competency scoring based on your responses. You can contest any automated decisions.

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. If you have concerns about automated decisions, contact us at myaccount@tiqplus.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or a prominent notice on the Service
• Request your renewed consent if required by law

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Training Intelligence (TIQ) Ltd
Email: myaccount@tiqplus.com
Data Protection Officer: dpo@tiqplus.com

We will respond to your request within 30 days.