Privacy Policy
Effective date: july 5, 2025— Applies to tpsc.org.pk
This Privacy Policy explains what personal information we collect, why we collect it, how it is used, who we share it with, and your rights. Please read it carefully.
1. Information we collect
We collect information to operate effectively and provide you the best experiences when using our services (website and PWA). Types of information we collect:
1.1 Information you provide
- Account & registration data: name, email address, phone number, organisation (if provided), password hashes.
- Application data: answers to forms, certification exam answers, enrollment information, payment/billing details (when applicable) — note: sensitive payment details are handled by our payment processor.
- Support & communications: messages you send to our support or instructors.
1.2 Information we collect automatically
- Analytics & usage: page views, feature usage, timestamps, error logs.
- Device & connection: device type, operating system, browser, PWA install status, IP address, locale, screen size.
- Cookies & similar technologies: see our Cookie Policy for details.
1.3 Third-party sources
We may receive information from third parties such as identity verification services, analytics providers (e.g., Google Analytics), or social login providers if you use them. These are described in the “Third-party services” section below.
2. How we use your information
We use collected information to:
- Provide, operate and maintain the PWA and website (deliver course content, verify credentials, show certificates).
- Process enrollments, payments and refunds (via third-party payment processors).
- Improve product and user experience through analytics and A/B testing.
- Communicate with you: account notices, updates, security alerts, support replies and administrative messages.
- Prevent fraud and to comply with legal obligations.
Legal bases: where required, we process data based on contract (to deliver services), legitimate interests (improving and securing the platform), consent (marketing communications, optional cookies), or legal obligations.
3. Sharing & disclosure
We do not sell personal information. We may share your data with:
- Service providers: hosting, payment processors, analytics, email delivery, identity verification — they process data on our behalf under contract.
- Affiliated institutions: when you enroll in a course offered by an affiliated institute, we may share your enrollment and certification information with that institute.
- Legal / safety: to comply with legal obligations or protect rights and safety (e.g., law enforcement or as required by law).
- Business transfers: if the organization is involved in a merger, acquisition or sale of assets, user data may be transferred subject to confidentiality and legal protections.
Third-party service list (examples): Google Analytics, Firebase (for PWA features & push notifications), Stripe/PayFast (payments), SendGrid/Mailgun (emails). Replace or remove based on your actual stack.
4. Cookies & similar technologies
We use cookies and similar technologies for essential site functions, analytics, and preferences. For a detailed, interactive list and to manage cookie preferences, see our Cookie Policy.
You can control cookies through your browser settings and by clearing local storage for the PWA. Note that disabling essential cookies may break login and certain PWA features.
5. Security
We implement reasonable technical and organizational measures (e.g., TLS/HTTPS in transit, hashed/salted passwords, access controls) to protect your personal data. However, no method of transmission or storage is 100% secure. If a breach occurs we will follow applicable notification laws and inform affected users where required.
6. Data retention
We retain personal data only for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods:
| Data | Retention |
|---|---|
| Account & profile | Until account deletion + 2 years (default) |
| Course enrollments, certificates | Permanent unless user requests deletion (records required for accreditation may be kept longer) |
| Support logs & emails | 1–3 years |
| Analytics & logs | Up to 26 months (or aggregated/anonymized) |
Adjust these periods to match your legal and accreditation obligations.
7. Your privacy rights
Depending on your jurisdiction, you may have rights including:
- Access: request a copy of the personal data we hold about you.
- Correction: correct incomplete or inaccurate data.
- Deletion: request deletion (subject to retention obligations like accreditation or legal requirements).
- Portability: request your data in a machine-readable format.
- Objection/Restriction: object to certain processing or request restriction.
To exercise rights, contact us at privacy@tpsc.org.pk. We will verify requests to protect privacy and security and respond as required by law.
Residents of the EU / EEA: you can also lodge a complaint with your local data protection authority.
California residents (CCPA/CPRA): see the California Privacy subsection below for details about rights and how to submit requests.
8. Children’s privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent. If you are a parent and believe your child provided us with personal data, contact us to request deletion.
For educational records and data subject to local education laws, we follow applicable legal requirements and institute agreements when necessary.
9. California privacy (CCPA/CPRA) — Summary
If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to request categories of personal information collected, the right to deletion, and the right to opt out of the sale of personal information. We do not sell personal information for monetary consideration. To make a CCPA/CPRA request contact privacy@tpsc.org.pk. Please include “CCPA Request” in the subject line and provide sufficient information to verify your identity.
10. Third-party services & links
Our PWA integrates with third-party services (e.g., cloud hosting, analytics, push notifications, payment processors). These services have their own privacy policies and controls. We recommend reviewing those policies. Example services commonly used:
- Firebase (push, auth, hosting) — your Firebase project
- Google Analytics / GA4 — analytics data
- SendGrid / Mailgun — transactional emails
Replace with a precise list of vendors your app actually uses.
11. International transfers
We may transfer personal data to countries other than your country of residence for hosting and processing. Where required, we use appropriate safeguards (standard contractual clauses, vendor controls) to protect your data. Contact us if you want details about the specific safeguards in place.
12. Changes to this policy
We may update the policy from time to time. We will publish the updated policy on this page with a revised effective date. For material changes, we will provide prominent notice (e.g., email or in-app notification) before changes take effect.
13. Contact & data requests
If you have privacy questions, want to exercise your rights, or need to request data deletion/export, contact:
Privacy Contact
TPSC (The Professional Skill Council)
Email: privacy@tpsc.org.pk
Website: https://tpsc.org.pk
For accredited record requests (certificates/enrollment records) please include your Registration/Roll Number and full name in the request.