BestGrade Education – Private Exam Centre (“we,” “our,” “us”) is committed to protecting the privacy and
security of the personal data we collect from our candidates, parents/guardians, staff, and partners.
This policy explains how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data
Protection Act 2018.
1. Data Controller
BestGrade Education – Private Exam Centre acts as the Data Controller. This means we decide how and why
personal data is used.
For any questions or requests regarding this policy, please contact us:
Other Data: attendance, communications, safeguarding information where required.
3. Lawful Basis for Processing
Contractual necessity: to provide exam entry, assessments, and related services.
Legal obligation: to comply with JCQ regulations, safeguarding duties, and financial reporting.
Legitimate interest: to administer exams securely and effectively, and to maintain accurate records.
Consent: for marketing communications or optional services (consent may be withdrawn at any time).
4. How We Use Data
Register candidates for exams with awarding bodies.
Administer assessments in line with JCQ and awarding body regulations.
Communicate with candidates, parents/guardians, and staff.
Maintain secure and accurate exam records.
Ensure safeguarding and welfare of candidates.
Process payments and invoices.
Meet regulatory and legal requirements.
5. Data Sharing
We may share personal data with:
Awarding bodies (e.g., Pearson, AQA, Edexcel, OCR, etc.) for exam registration, moderation, and
certification.
JCQ and regulatory authorities, where legally required.
Service providers (e.g., IT systems, payment processors) under strict data protection agreements.
We will never sell personal data to third parties.
6. Data Retention
Candidate and parent/guardian data: normally retained for 6 years after services end.
Exam entries and results: retained in line with awarding body requirements.
Safeguarding records: as required by law.
Staff/invigilator records: up to 6 years after employment ends.
7. Data Security
We take appropriate technical and organisational measures to protect personal data, including:
Secure digital and physical storage.
Restricted access for authorised personnel only.
Encrypted communications where applicable.
Regular reviews of our data protection practices.
8. Your Rights
Under GDPR, individuals have the right to:
Access their data.
Rectify inaccurate or incomplete data.
Erase data (“Right to be Forgotten”), where lawful.
Restrict processing in certain cases.
Port data to another provider.
Object to processing based on legitimate interest or direct marketing.
Requests can be made by contacting us at info@privateexamcentre.co.uk or 020 3302
8140. We will respond within one month.
9. Consent and Marketing
We may contact you with information about our services or upcoming exam opportunities if you have provided
consent.
You may withdraw consent at any time.
10. Data Breach Procedure
In the event of a data breach, we will:
Notify the Information Commissioner’s Office (ICO) within 72 hours where required.
Inform affected individuals without undue delay if there is a high risk to their rights.
Take immediate action to prevent recurrence.
11. Complaints
If you are unhappy with how we handle your data, you can contact us directly at
info@privateexamcentre.co.uk or call 020 3302 8140.
You also have the right to complain to the Information Commissioner’s Office (ICO):