Privacy Policy
Kevron Group CBT Platform — Effective: 17 July 2026
1. Data Controller
Kevron Group Limited ("Kevron", "we", "us") is the data controller for personal data collected through the Computer-Based Testing (CBT) Platform. Contact: dpo@kevrongroup.com.
2. Data We Collect
We collect: full name, email address, candidate ID, organisation membership, exam attempt data, IP address, device/browser details, session events, consent timestamps, and certificate records.
3. Purpose of Processing
We process your data to: authenticate and verify your identity; administer and record exam results; issue certificates; investigate malpractice; comply with regulatory obligations; improve platform security.
4. Sharing of Data
Your data may be shared with: your sponsoring organisation (limited to your own results); regulatory bodies where required by law; third-party email providers used solely for sending notifications. We do not sell personal data.
5. Data Retention
Exam attempt and result data are retained for a minimum of 5 years for regulatory compliance. Certificate data is retained indefinitely for public verification purposes. Account data may be requested for deletion after the retention period.
6. Security Measures
We employ: bcrypt password hashing; CSRF protection; rate limiting; session isolation; encrypted storage for sensitive tokens; audit logging for all sensitive actions.
7. Your Rights
You have the right to: access your data; correct inaccurate data; request erasure (where not restricted by regulation); object to processing; data portability. Submit requests to dpo@kevrongroup.com.
8. Contact
For privacy queries, contact our Data Protection Officer at dpo@kevrongroup.com.