GDPR Compliance
CertifyMe is committed to protecting personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.
1. Our GDPR Commitment
CertifyMe processes personal data as both a Data Controller (for our own operations) and a Data Processor (on behalf of institutions that use our platform to issue credentials). We are committed to lawful, fair, and transparent processing of all personal data.
2. What Data We Process
When institutions use CertifyMe to issue credentials, we may process the following personal data of credential recipients:
- Full name
- Email address
- Credential earned, issue date, and expiry date
- Organisation or institution name
- Profile picture (if provided by the issuer)
We do not sell personal data to third parties. We do not use recipient data for advertising purposes.
3. Legal Bases for Processing
We process personal data on the following legal bases:
- Contract performance — processing necessary to deliver the credential issuance service
- Legitimate interests — for platform security, fraud prevention, and service improvement
- Legal obligation — where required by applicable law
- Consent — where we rely on consent, you may withdraw it at any time
4. Your Rights Under GDPR
If you are located in the EU/EEA or the UK, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure ("right to be forgotten") — request deletion of your data where there is no overriding legal basis to retain it
- Right to restriction of processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Rights related to automated decision-making — we do not make solely automated decisions with legal or similarly significant effects
To exercise any of these rights, please email privacy@certifyme.online.
5. Data Retention
Credential data is retained for as long as the issuing institution's account is active, or as required by law. Institutions may request deletion of recipient data at any time through the CertifyMe dashboard or by contacting our support team.
6. International Data Transfers
CertifyMe may transfer personal data to countries outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Data Processing Agreement (DPA)
Institutions that use CertifyMe to process personal data on behalf of their learners or recipients can request a Data Processing Agreement (DPA). Please contact privacy@certifyme.online to request a DPA.
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, CertifyMe will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Affected data subjects will be notified without undue delay where the breach is likely to result in a high risk to their rights.
9. Contact & DPO
For GDPR-related queries, data subject requests, or to request our DPA, please contact:
CertifyMe Privacy Team
Email: privacy@certifyme.online
Address: CertifyMe, 651 N Broad St, Suite 201, Middletown, Delaware 19709, USA
You also have the right to lodge a complaint with your local data protection supervisory authority.
