Privacy Policy

MarCert Global ("we", "us", "our") is a maritime certification platform operated from 30 St Mary Axe, London EC3A 8BF, United Kingdom. We are the data controller for personal data collected through this Platform. Contact our Data Protection Officer at support@marcertglobal.com.

When you use MarCert Global, we collect: • Identity data: first name, last name, email address, nationality, phone number. • Profile data: professional bio, LinkedIn URL, certifications earned. • Examination data: exam attempt records, answers submitted, scores, grades, time taken. • Proctoring data: webcam recordings and screenshots taken during proctored examinations (Professional and Expert levels). These are reviewed by our proctor team and deleted after 90 days. • Usage data: IP address, browser type, pages visited, interaction events. • Payment data: processed by our payment processor (Stripe); we do not store full card details. • AI interaction data: messages sent to our AI Study Assistant, anonymised after 30 days.

We use your data to: • Create and manage your account and certificates. • Administer exams and issue verifiable certifications. • Conduct proctoring of Professional and Expert examinations. • Send transactional emails (exam results, certificate issuance, renewal reminders). • Power the AI Study Assistant with course context. • Improve Platform performance and content quality. • Comply with legal and regulatory obligations. • Detect and prevent fraud or exam misconduct.

We process your data on the following legal bases under UK GDPR: • Contract performance: processing necessary to deliver the certification services you purchased. • Legitimate interests: fraud detection, platform security, and analytics. • Consent: marketing communications (you may withdraw consent at any time). • Legal obligation: record-keeping required by applicable law.

Certificate records — including holder name, course title, grade, issuance date, and verification hash — are retained permanently to support public verification. This data is publicly accessible via our certificate verification page. If you request deletion of your account, your certificate records will be anonymised (name replaced with initials) but the cryptographic hash will remain verifiable.

We do not sell your personal data. We share data only with: • Ocean Bridge Manpower: when you consent to share your certification status for job applications. • Google (Gemini API): anonymised content for AI Study Assistant functionality. • Payment processor (Stripe): payment fulfilment only. • Cloud infrastructure providers: hosting and storage under data processing agreements. • Law enforcement or regulators: when legally required.

Webcam footage and screenshots captured during proctored exams are stored on encrypted servers and accessible only to trained proctor reviewers. Recordings are deleted after 90 days unless a misconduct investigation is open, in which case they may be retained for up to 5 years.

We retain your data as follows: • Account data: for the life of your account plus 2 years. • Certificate records: permanently (with anonymisation upon account deletion). • Proctoring recordings: 90 days (or until misconduct case resolved). • AI chat logs: 30 days, then anonymised. • Payment records: 7 years (legal requirement).

Under UK GDPR, you have the right to: • Access your personal data (Subject Access Request). • Rectify inaccurate data. • Erase your data (subject to legal retention requirements). • Restrict or object to processing. • Data portability. • Withdraw consent at any time without affecting prior processing. Submit requests to support@marcertglobal.com. We will respond within 30 days.

We use essential session cookies to keep you logged in. We do not use advertising or tracking cookies. You may disable cookies in your browser settings, but this will prevent login from functioning.

We use TLS encryption for all data in transit. Passwords are hashed with bcrypt. Exam data and proctoring footage are stored on encrypted, access-controlled servers. We undergo periodic security assessments.

Your data may be processed outside the UK or EEA (e.g., Google Cloud infrastructure). All such transfers are governed by Standard Contractual Clauses or equivalent safeguards.

This Platform is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us immediately at support@marcertglobal.com.

We may update this Privacy Policy. Material changes will be communicated by email. Continued use of the Platform after notification constitutes acceptance.

For privacy concerns, contact support@marcertglobal.com. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.