Privacy Notice





Produced on behalf of: AQA, City & Guilds, CCEA, OCR, Pearson and WJEC

Information for candidates – Privacy Notice

General and Vocational qualifications

Effective from 1 September 2016

The JCQ awarding bodies will process your personal data in accordance with the Data Protection Act 1998 and the Code of Practice issued by the qualification regulators of England, Wales and Northern Ireland.

Correspondence on any aspect of a candidate’s examination or assessment will only be conducted between the awarding body and the head of the centre, a member of the senior leadership team or the examinations officer.

Awarding bodies will undertake the following administrative activities in relation to the processing and exchange of candidates’ personal data:

1. Personal data relating to the name(s), date of birth, gender, unique candidate identifier (UCI) and unique learner number (ULN) of an individual candidate will always be collected by an awarding body for the purposes of examining and awarding qualifications. In some cases additional information, which may include sensitive personal data relating to health, will also be collected to support requests for access arrangements and reasonable adjustments and/or special consideration. Such personal data will be supplemented by the results of examinations and assessments undertaken by the respective candidate.

2. A candidate’s personal data will only be collected from registered examination centres in the context of examination entries and/or certification claims.

3. Such data collected will not be used by an awarding body other than for the administration of the examinations process, conducting assessments and the certification of results claims.

4. Personal data within candidates’ work will be collected and processed by an awarding body for the purposes of marking, issuing of examination results and providing candidates with access to post-results services. Examination results will be retained for a minimum of forty years.

In order for an awarding body to achieve this, some personal information may be transferred to third parties such as examiners, who may in some instances, reside outside the European Economic Area.

5. Awarding bodies may be required to provide a candidate’s personal data to educational agencies such as DfE, WG, DENI, The Skills Funding Agency, Ofqual, HESA, UCAS, Local Authorities, EFA and Learning Records Service (LRS). Additionally, candidates’ personal data may be provided to a central record of qualifications approved by the awarding bodies for statistical and policy development purposes.

6. Some of the information candidates supply will be used by the Skills Funding Agency to fulfil its statutory functions, issue/verify a candidate’s Unique Learner Number (ULN) and update/check a candidate’s Personal Learning Record.
The Skills Funding Agency may share a candidate’s ULN and Personal Learning Record with other education related organisations, such as a careers service, a candidate’s school or college, Government Departments and public bodies responsible for education. Further details of how information is processed and shared can be found at:

7. Awarding bodies are obliged to confirm what personal data is held, what it is held for, to whom the data is to/may be disclosed to, and disclose the information that they hold about data subjects, (e.g. the candidates) within 40 days of receiving a formal request for disclosure, subject to the application of any relevant exemptions under the Data Protection Act 1998.

Candidates should make an application to the appropriate awarding body’s data protection officer. Awarding bodies may charge a fee for this service.
8. If you have not reached the age of 16, you may first wish to discuss this Privacy Notice with your parent or legal guardian.

Awarding bodies, schools, Department for Education (DfE), Welsh Government (WG), Department of Education Northern Ireland (DENI), Local Authorities, the Office of the Qualifications and Examinations Regulation (Ofqual), Ofsted, and Skills Funding Agency (SFA) are all ‘data controllers’ under the Data Protection Act 1998, in that they determine the purpose(s) for which ‘personal data’ (information about living individuals from which they can be identified) is processed and the way in which that processing is undertaken.

It is a requirement for data controllers to provide data subjects (individuals who are the subject of personal data) with details of who they are, the purposes for which they process the personal data, and any other information that is necessary to make the processing of the personal data secure and accurate, including any third parties to whom it may be passed to.he purposes for which they process the personal data, and any other information that is necessary to make the processing of the personal data secure and accurate, including any third parties to whom it may be passed to.