Privacy Policy

FireQual Privacy Policy

Collecting Data

FireQual collects personal data typically:

  • When an individual provides it themselves, for example when making an enquiry or communicating with FireQual via electronic, written and/or telephonic means
  • When the details of an individual are provided to us by a third party, for example staff members of an Approved Training Centre or candidates working towards the achievement of a FireQual qualification under the umbrella of an Approved Training Centre
  • When details are available through public forums whether electronic or hard copy
  • When an individual visits the FireQual website or other electronic communication, eg. social media channels:
    • Google Analytics - For statistical purposes only, we use Google Analytics to monitor how many individual unique users the FireQual website receives and how often they visit the website. This anonymous data tells us which of the pages are most frequently visited and by which types of users and from which countries. 
    • Social Media - Some cookies may be used regarding FireQual’s social media accounts, but do not use/track any visitor behaviour.

Where FireQual makes use of cookies, their use can be amended within the cookie settings or removed at any time by using the setting options within the chosen web browser, eg. Chrome, Safari, etc.

FireQual is constantly working on the end user experience and through cookies we can monitor user/visitor behaviour on the website. Personal/individual data is not captured, and our analytics data is treated as anonymous users.

Please note denying the use of or removing cookies may impact the FireQual website experience and some services may not work as desired.

This privacy notice does not cover the links within the FireQual site or social media channels linking to other websites or social media channels. We encourage you to read the privacy policies on the other websites or social media channels you visit.

Legal Basis for Holding Data

FireQual is required to rely on one or more lawful bases to use personal information. We consider the grounds listed below to be relevant:

  • Where consent has been provided by an individual to use their personal information in a certain way, for example we may ask for consent to collect special categories of personal information so that the individual may sit an exam or assessment with reasonable adjustments and/or special considerations.
  • To enable FireQual to comply with a legal obligation to which we are subject, for example, where we are obliged to share personal information with regulatory bodies which govern our work and services.
  • For the performance of a contract to which an individual is a party or to take steps at the request of an individual prior to entering a contract, for example to provide an individual with a certified award after sitting an examination or assessment).
  • Where there is a legitimate interest in us doing so.

GDPR requires the collection and processing of personal information to be reasonably necessary to achieve our or others’ legitimate interests, as long as the processing of the information is fair, balanced and does not unduly impact on the rights of individuals.

In broad terms, “legitimate interests” means the interests of running FireQual as a commercial entity and ensuring that appropriate levels of certified awards are granted to candidates in line with our standards and the requirements of the government authorised Regulator(s).

When FireQual processes personal information to achieve such legitimate interests, we consider and balance any potential impact on individuals, both positive and negative, and on the rights of the individual under data protection laws. We will not use personal information for activities where our interests are overridden by the impact on the individual, for example where use would be excessively intrusive unless, for instance, we are otherwise required or permitted to by law.

Information Held About an Individual or Organisation

To complete the day to day operations of FireQual, there are specific sets of data that we will collect and be required to hold:

  • Individuals undertaking FireQual qualifications:
    • Name, postal address, telephone number, email address (optional), date of birth, unique learner numbers (mandatory if publicly funded provision), gender (optional), disability (optional), ethnicity (optional), details of units and/or qualifications achieved through FireQual
  • Centres providing FireQual qualifications:
    • Names, office postal address, office telephone numbers of staff members involved in the provision including email addresses of main points of contacts
    • Financial information such as bank details and/or credit/debit cards in the processing of payments to FireQual in line with invoicing processes
  • Enquiries regarding applying to join the FireQual Centre network:
    • Name, postal address (optional), telephone number (optional), email address (optional)

The General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about health, ethnicity and religious beliefs.

In certain situations, FireQual may collect and/or use these special categories of data, for example, information on candidates’ medical conditions so that we can make arrangements for reasonable adjustments and/or special considerations. We will only process these special categories of data if there is a valid reason for doing so and where GDPR allows us to do so.

Uses of Data

FireQual uses data for the following reasons:

  • The registration and certification of candidates undertaking FireQual qualifications including for the organisation and facilitation of assessments and examinations
  • For conducting reviews of results and processing and conducting appeals
  • To enable FireQual to provide services, products or information that has been requested or to answer questions, requests or queries relating to FireQual services and products
  • To enable FireQual to be able to communicate with Centres, candidates and other users of our services and products
  • For conducting investigations into the provision of our services and products
  • To analyse and continuously improve the provision of FireQual services and products
  • To administer and continuously improve the provision of information through electronic means, for example the FireQual website and social channels
  • To meet our regulatory and legal obligations, for example the provision of information to Regulators of qualifications and other enforcement agencies as required
  • To prevent malpractice, fraud or misuse of FireQual services and products or the services and products of other organisations where by notifying them could mitigate the risk of an organisation and/or candidate and/or other individual attempting to access their services, ie. as address within the Event Notification policy

Sharing of Data

We may disclose personal information to selected third parties to achieve the purposes set out in this policy. 

These parties may include (but are not limited to):

  • training/learning providers
  • service providers for the purpose of examinations or assessments of a qualification
  • service providers linked to the registration and certification of candidates
  • individual examiners
  • educational authorities such as Department for Education, Welsh Government, Department of Education Northern Ireland, HESA, UCAS, ESFA, IFA and the Learning Records Service
  • local authorities and other public bodies responsible for education
  • other educational establishments/prospective employers, for example if a reference is sought
  • suppliers and sub-contractors for the performance of any contract we enter into with them, for example IT service providers such as website hosts or cloud storage providers
  • professional service providers such as accountants and lawyers
  • parties assisting us with research to monitor the impact/effectiveness of our work, events, services and activities
  • the police, for example in sharing data in relation to malpractice cases linked to fraud
  • regulatory bodies who govern our work, such as CCEA Regulation, Ofqual, Qualifications Wales or SQA Accreditation

In particular, we reserve the right to disclose personal information to third parties:

  • in the event that we sell or buy any business or assets, in which case we will disclose personal information to the (prospective) seller or buyer of such business or assets
  • if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets
  • if we are under any legal or regulatory duty to do so
  • to protect the rights, property or safety of Firequal, its personnel, users, visitors or others

FireQual uses a third-party provider, Salesforce, to record all information regarding FireQual enquiries, Centres, candidates, and all other communications that have taken place between FireQual and external organisations and individuals.

FireQual uses a third-party provider, Calibrand, to provide examinations for the achievement of FireQual qualifications where required.

Where data is shared with this provider, it will only be done so for the purpose of carrying out this function and the level of data shared will be at the minimum level required for the system to be able to process examination functions.

FireQual does not sell or share information to third parties, with the exception of as required to meet our regulatory duties, further details below.

All FireQual Centres have the right NOT to appear on the FireQual website search feature. If the Centre does not wish to appear on the search feature, please contact the FireQual office so this can be actioned.

Please note that the decision of a Centre NOT to appear on the FireQual website may impact on an individual’s ability to locate details of a location where they could undertake a FireQual qualification.  

Data Retention 

In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove personal information from our records six years after the date it was collected. However, if before that date (i) the personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) an individual validly exercises their right of erasure, we will remove it from our records at the relevant time.

If an individual requests to receive no further contact from us, we may keep some basic information on our suppression list in order to comply with the request and avoid sending you unwanted materials in the future.

We may also keep some basic information where an individual has been a party to an appeal, complaint, investigation with regards to FireQual services and products if it is felt that by keeping it will support future investigations taking place by the appropriate authorities.

Data Security

Data held on FireQual systems is password protected using two-factor authentication for access with expiring passwords ensuring they are regularly update. We also adopt user access rights so that data is only accessible to those individuals that require access for their given roles and responsibilities.

Unless permission has already been sought and gained, data is only accessible to FireQual staff members and to the relevant legal and regulatory authorities who have statutory powers to have access to our data.

In the instance of a cyber data breach, FireQual has cyber insurance that provides technical support and guidance to address any potential breaches that may have occurred.

FireQual Communications (including e-newsletter)

FireQual communicates with our Centres primary contacts and/or other nominated contacts as part of its ‘provision of service’ regarding our existing services and products or those planned for the future.

We will send information to those that have provided permission for us to do so and, where an individual has previously done so but no longer wishes to receive communications, please notify us by email and we will remove the details from the mailing lists.

Please note that FireQual issues updates about our services and products by electronic means and so if a Centre does not have at least one point of contact receiving published updates, important information will be missed that could impact on the provision of services and products.

FireQual uses two third party providers, Salesforce and MailChimp, to deliver the FireQual e-newsletters. We gather statistics around email opening and clicks to help improve this service.

Social/New Media

FireQual uses third party providers, Twitter, Facebook, LinkedIn, Google+ and Hootsuite to manage our social media interactions. If an individual sends any FireQual social media account a private or direct message, it will be stored in accordance with their retention policies. If this is not a predetermined time, this will be retained indefinitely for our records.

Accessing Personal Information

Subject Access Request                                                          

Individuals can find out if FireQual holds any personal information by making a ‘subject access request’. If FireQual does hold information about an individual we will:

  • Provide a description of the information held
  • Explain why we are holding it
  • Explain who it could be disclosed to
  • Provide a copy of the information in an intelligible form

Requests for any personal information we may hold need to be put in writing clearly stating it is a Subject Access Request to

If an individual agrees, we will deal with the request informally, for example by providing the specific information needed over the telephone or via email.

Fees for dealing with a subject access request

Subject access request information is provided free of charge. However, FireQual reserves the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive.

FireQual may also charge a reasonable fee to comply with requests for further copies of the same information.

Rectifying Information

If we do hold information about an individual, they can request for FireQual to correct any mistakes by contacting the FireQual office.

Please note this will only apply to personal information and not to information held with regards to the registration and/or certification of a FireQual qualification for auditory and regulatory purposes we are unable to alter this data.

Right to be Forgotten 

Any personal data can be requested to be erased but, please note that we are required to keep data with regards to the registration and/or certification of a FireQual qualification for auditory and regulatory purposes.

Data Breach Notification 

‘Personal data breach’ means,

‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

- EU GDPR “Definitions” Article 4, (12) ‘personal data breach’

In the case of any personal data breach that is likely to “result in a risk for the rights and freedoms of individuals” those affected will be made aware within 72 hours of FireQual first having become aware of the breach. The ICO ( will also be notified.