Skip to Content
Legal Document

Privacy Policy

Kevron Group CBT Platform — Effective: 17 July 2026

1. Data Controller

Kevron Group Limited ("Kevron", "we", "us") is the data controller for personal data collected through the Computer-Based Testing (CBT) Platform. Contact: dpo@kevrongroup.com.

2. Data We Collect

We collect: full name, email address, candidate ID, organisation membership, exam attempt data, IP address, device/browser details, session events, consent timestamps, and certificate records.

3. Purpose of Processing

We process your data to: authenticate and verify your identity; administer and record exam results; issue certificates; investigate malpractice; comply with regulatory obligations; improve platform security.

4. Sharing of Data

Your data may be shared with: your sponsoring organisation (limited to your own results); regulatory bodies where required by law; third-party email providers used solely for sending notifications. We do not sell personal data.

5. Data Retention

Exam attempt and result data are retained for a minimum of 5 years for regulatory compliance. Certificate data is retained indefinitely for public verification purposes. Account data may be requested for deletion after the retention period.

6. Security Measures

We employ: bcrypt password hashing; CSRF protection; rate limiting; session isolation; encrypted storage for sensitive tokens; audit logging for all sensitive actions.

7. Your Rights

You have the right to: access your data; correct inaccurate data; request erasure (where not restricted by regulation); object to processing; data portability. Submit requests to dpo@kevrongroup.com.

8. Contact

For privacy queries, contact our Data Protection Officer at dpo@kevrongroup.com.