Privacy notice

Last updated: 14 April 2026

Who we are

CertAlert provides workforce compliance tracking for employers and compliance consultants. For GDPR purposes, customer organisations are usually data controllers and CertAlert acts as a data processor for worker records stored in the service.

Data we process

  • Account data: user name, work email, authentication details.
  • Organisation data: organisation name, industry, policy configuration.
  • Worker data: names, contact details, role, department, notes.
  • Certification data: type, issue/expiry dates, status, references, uploads metadata.
  • Operational logs: imports, compliance workflow actions, service diagnostics.

Why we process personal data

  • To provide the CertAlert service and contractual functionality.
  • To support compliance monitoring, renewal workflows, and reporting.
  • To secure the service, prevent abuse, and troubleshoot incidents.
  • To communicate essential service messages.

Lawful bases

Depending on context, processing is carried out under contractual necessity and/or legitimate interests. Customer organisations are responsible for selecting and documenting appropriate lawful bases as data controllers for their workforce data.

Retention

Personal data is retained only as long as needed for service delivery, legal obligations, and dispute handling. Customer organisations can request deletion of workforce records and account data when no longer required.

Data sharing and processors

CertAlert uses technical providers for hosting, storage, and delivery functions. Personal data is not sold. Data is only shared where required to run the service, meet legal obligations, or on documented customer instruction.

International transfers

Where data is transferred internationally, appropriate safeguards are used (for example, UK IDTA or equivalent contractual safeguards) where legally required.

Data subject rights

Individuals may have rights to access, correct, erase, restrict, object, or request portability of personal data. Requests can be submitted by contacting the relevant employer/controller and CertAlert support.

Security

CertAlert applies proportionate technical and organisational measures including access controls, encrypted transport, and environment separation for development and production.

Contact and complaints

Contact support for data protection queries and rights requests. You also have the right to complain to the UK Information Commissioner's Office (ICO) if you believe data has been handled unlawfully.