Privacy Policy
This privacy notice explains how Certsure LLP (̶Certsure”, ̶we”, ̶us”, ̶our”), including when we provide goods and services under the trading name NICEIC, handles personal data. It also applies to the services we provide under related brands including NICEIC Certification, NICEIC Consulting, NICEIC Training and ELECSA. This notice includes information on your rights relating to your personal data, why we use it, who we share it with, and how long we keep it.
We are committed to protecting and respecting your privacy. We are responsible for protecting your personal data as a ̶controller” under applicable data protection legislation. If you have any queries about this notice or how we use your personal data, please contact us by writing to us at Certsure, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire, LU5 5ZX or by email at DPO@certsure.com.
This notice (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect about you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Who we are and how to contact us
Certsure LLP (company no. OC379918) is established in England and Wales with its registered office at Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire, LU5 5ZX. Our mai trading address is the same.
2. The data we collect
Depending on your relationship with us (for example, NICEIC certified businesses, applicants, clients, members, customers of our certification services or online shops, subcontractors, service providers, website users, event attendees), we may collect information including:
- • Identity and contact details: Name, signature, title, business/trading name, job role, addresses, email, phone, and date of birth.
- • Account and transaction data: Login credentials, purchase/order history, scheme membership details, training bookings, service interactions, preferences (including marketing preferences).
- • Verification and certification data: Information about your business and key contacts, technical and compliance information needed for certification, and evidence you provide to demonstrate compliance, including insurance, qualifications and evidence of continuing professional development. For staff within NICEIC certified businesses, information that we need to set up your account and manage your orders, such as your date of birth and National Insurance number.
- • Payment data: Payment card information processed by our payment processors (we receive limited data necessary to confirm payment and manage orders). By paying via our payment processor, you agree to accept their terms and conditions for the use of their services, including their privacy policy.
- • Usage and technical data: Device identifiers, IP address, location, browser type, pages visited, links clicked, and interactions with our websites, apps, digital applications, emails and SMS.
- •Special category data, for example, disability related details you choose to share, so we can tailor our services.
- •Data you input into our systems. For platforms such as NOCS, we act as a processor on your instructions. The certified business remains the controller of its customer data.
If you fail to provide personal data, we may be unable to fulfil your requirements or orders, or to perform any contract we have with you.
3. Purposes and lawful bases
We only process personal data if we have a good reason to do so. The sections below explain the purposes for which we use your personal data and the relevant lawful bases.
3.1. NICEIC customers including customers of certification services and NICEIC online shops
We collect and process personal data to help prospective and current customers (including certification clients and users of the NICEIC online shops) demonstrate compliance with their chosen standards and to provide the products and services they request. The lawful bases we rely on are:
- • Performance of a contract with the data subject or to take steps at the data subject's request prior to entering a contract.
- • Legitimate interests including our legitimate interests in providing, operating and improving our services, promoting qualified businesses to consumers, protecting consumers, and ensuring scheme integrity.
- • Compliance with our legal obligations.
- • Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
We explain our purposes and related lawful bases in more detail below with examples:
- • We have a legitimate interest in the protection of consumers and the right of consumers to receive the service they have paid for. If a concern is raised (for example, by us or a consumer), we may engage with Trading Standards, authorised departments of government, such as the HSE, and insurance bodies pursuant to the achievement of consumer rights and protection.
- • To provide you with services, products or information you have requested. Our lawful bases are contract and our legitimate interests in providing you, or the business you work for with the requested services, products or information.
- • We process personal data to assess and administer certification applications and to carry out ongoing checks and assessments to demonstrate compliance with applicable certification and accreditation standards (e.g. ISO/IEC 17065, 17021 and 17024). For individuals with technical responsibility, we collect your National Insurance number and/or date of birth to verify your identity, confirm you are registered with only one business, validate qualifications or training where relevant, and include these details on certificates under in accordance with national criteria requirements. Our lawful bases are contractual and our legitimate interests, specifically issuance of certificates of competence. You are required to provide this information so we can meet certification requirements and maintain records of compliance. If you do not provide it, we may withdraw services and publish this outcome
- • We may share your personal data with NICEIC Insurance Services (a trading name of Marsh Ltd) so they can contact you to provide information about their services which could help you to meet the requirements of your certification, for example, for customers using our certification service, to offer you insurance. Except where we need your consent to contact you, we rely on our legitimate interest (and NICEIC Insurance Services' legitimate interest) in marketing these services as our lawful basis. Specifically, we have a legitimate interest in promoting relevant, complementary insurance services from a trusted partner that supports our certification customers in meeting scheme requirements and managing associated risks. We share limited information about your business with NICEIC Insurance Services i.e. business's name, business contact name, address, telephone number, business insurance renewal date(s), public liability amount, insurer, NICEIC scheme and company size. Further information about how NICEIC Insurance Services uses your personal data can be found in their privacy notice: Privacy notice. If you would prefer that we did not share your information with NICEIC Insurance Services for this purpose, please contact marketing@niceic.com.
- • For certification customers, we may also share your details with insurers (such as Marsh) to check that you have the necessary insurance in place. This is for our legitimate interests in verifying compliance with scheme insurance requirements to maintain standards, manage risk and safeguard consumers.
3.2. Online directories and other services
Our "find a trusted tradesperson" feature allows website users (such as businesses and homeowners) to find information on qualified businesses. If you agree to have your details listed, then your name, business name, address, contact details, scheme details and duration of certification will be visible on our website.
We may also share your details (name, business name, address, contact details, scheme details and duration of certification) with other online directories so that they can publish your details. You may opt out at any time, without it affecting your certification status. Examples of these online directories include:
We provide the above services based on our legitimate interests in supporting our certified businesses and helping users find qualified providers.
Website users can request a quote through our website by filling in the form. We will share the details you input with our registered businesses who may contact you to discuss your requirements. This is for our legitimate interests in providing this service to you, as a website user and our registered businesses. Further information can be found here: Find a Registered Electrician or Contractor | NICEIC.
Connected Futures is our job board which allows NICEIC certified businesses to post apprenticeship opportunities for individual users to view and apply for. Further information can be found here: Connected Futures | Find an electrical apprenticeship with NICEIC. We process personal data relating to this as is necessary for any contract we have with you in relation to the job board. Otherwise, for our legitimate interests in supporting and providing this service to our businesses and applicants.
If you have registered with us, then other registered users who work for the same organisation (or who work for a connected organisation such as a subcontractor) may be able to see your name and email address on your company profile across our systems. . This is for the organisations' legitimate interest in operating and administering the customer portal and collaboration between users in the same or connected organisations. If you wish to be removed as a contact from a particular company, email us at sales.enquiries@niceic.com.
3.3. Marketing and engagement
We may contact you by email, telephone, post, SMS, instant message, live chat, website and apps with information about our (and third party) services, events, products, and the latest news and technical information from NICEIC. But only when we are allowed to do so (for example, we will need your consent before sending you a marketing email or text message). When we are not relying on consent as our lawful basis, we are relying on our legitimate interest in marketing our services.
You can manage your marketing preferences at any time by visiting the preference centre.
We may share your personal data with third parties for marketing purposes in accordance with your communication preferences. If you do not want us to share your personal data with any third party for marketing purposes, please update your records at our preference centre.
We may contact you to see if you would like to be featured in NICEIC/Certsure marketing content (for example, interviews, case studies, magazines and social media). If you choose to take part, we will create and publish content that may include your name, role, business name, image, voice, quotes, and other personal data. This is for our legitimate interests in producing and promoting our services through editorial and case‑study materials. We may share content and limited contact details with trusted editors, publishers and marketing agencies who help us produce and distribute the content. In some cases, we may need your consent before contacting you to see if you want to take part. Where this applies, we will only contact you if you have provided that consent.
3.4. Analytics and service improvement
We gather general information about the use of our SMS messages, emails, websites, digital applications and mobile apps, such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in emails. We may use this information to personalise the way our websites, digital applications and mobile apps are presented when users visit, to make improvements to our websites digital applications and mobile apps and to ensure we provide the best service for users. We use cookies and similar technologies such as tracking pixels to do this. Please see our cookie policy here: NICEIC cookie policy for further information.
We record telephone calls and review the contents of emails for quality assurance purposes. We may ask you to leave a review on Trustpilot. This is for our legitimate interest in improving our services by understanding customer feedback.
3.5. Purposes applying across all services and activities
| Purpose | Examples | Lawful bases |
|---|---|---|
| Service communications and safety/security | Service updates; fraud and security monitoring; safeguarding site/app integrity. | Our legitimate interests in keeping our services and networks secure; and legal obligation where applicable. |
| Record-keeping, audits, accounting and tax | Keeping records required for HMRC and other legal obligations. | Legal obligation. |
| Legal claims, compliance, and protecting our reputation and interests | Responding to lawful requests, defending or establishing claims. | Our legitimate interests in establishing, exercising or defending legal claims, protecting our interests and legal obligations where applicable. |
| Collaborations | Where we would like to work with you (for example, as part of a joint event). | Our legitimate interests in promoting our work and providing benefits to our members and community. |
| Administration | Enquiries, for example, from the press and members of the public | Our legitimate interests in responding to enquiries and protecting our interests. |
4. Where we get personal data from and who we share it with
We obtain personal data from and share it with a number of different third parties. This includes the following in addition to the specific examples included elsewhere in this notice:
- • Service providers and contractors (including those that provide the following services): IT hosting, social media management and insight generation, marketing (including online engagement, publication of magazines such as Connections magazine and analytics), customer relationship management (CRM) systems, support, cloud storage, mail delivery providers, online platforms (such as Connected Futures), messaging platforms, printing, events, fulfilment, and payment processing.
- • Certsure’s named partners consistent with your communication preferences; details appear in service‑specific materials where applicable.
- • NICEIC Insurance Services (a trading name of Marsh Ltd) for relevant marketing.
- • Regulators, public authorities, law enforcement and insurers.
- • Consultants and professional advisers, such as our legal advisers and accountants.
- • We will share your personal data with the third parties that we work with as part of the certification programme that you have applied to. This includes scheme owners for example, we share personal data with MCS as part of the MCS Installer Scheme, BAFE Fire Safety Register and Gas Safe Register.
- • Your organisation (e.g., when your employer adds you to an account).
- • Publicly available sources (e.g., Companies House, trade press, public social media (such as LinkedIn), other online media).
- • Other third parties (e.g., government departments or partner organisations who introduce you to us).
- • Our auditors (e.g., the United Kingdom Accreditation Service (UKAS)).
- • We may share your personal data with third parties as part of the services we provide, for example, notifying building control, and issuing certificates via post or digitally to you or your customers.
- • We use AI platforms to support our operations and to help provide and improve our products and services.
5. International transfers
Some service providers may be located outside the UK. Where we transfer personal data outside the UK, we will ensure an appropriate safeguard is in place, such as:
- • UK adequacy regulations for the destination; or
- • A UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, plus additional measures where necessary.
You can contact us for more information about relevant transfer safeguards.
6. How long we keep data
We keep data only for as long as necessary for the purposes collected:
- • Certification/customer data linked to our services is usually retained for six years after you cease to be a customer, or longer/shorter where the law requires or permits.
- • Otherwise, we follow our internal retention policy, which sets specific periods by record type and lawful basis.
7. Automated decision-making
We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you. Automated decision‑making means a decision made by a computer without human review, for example, an automated fraud‑screening rule that blocks an order if certain risk signals are triggered.
8. Your rights
Subject to conditions and exemptions, you have the right to:
- • Access your personal data and certain other related information (also called a ̶subject access request” or ̶SAR”).
- • Correct inaccurate or incomplete data. For example, update a changed address or contact details.
- • Erase personal data (̶the right to be forgotten”). For example, ask us to delete information we no longer need.
- • Restrict processing. For example, pause the use of your data while we check accuracy or a challenge you have raised.
- • Data portability. For example, receive a copy of certain information in a portable format or ask us to send it to another provider.
- • Object to processing where our lawful basis is public task or legitimate interests.
- • Object to direct marketing, for example, ask us to stop postal marketing.
- • Withdraw consent where we rely on consent.
To exercise your rights, you can contact our DPO at DPO@certsure.com.
We want to ensure that your personal data is accurate and up to date. If any of the information that you have provided us with changes, for example, if you change your email address, name, payment details, or if you wish to cancel your registration. Your account can be managed via our Customer Portal at www.my.niceic.com or please get in touch with our team at customer.services@niceic.com.
9. How to complain
You have the right to make a complaint to us about how we handle your personal data. You can do so by contacting our Customer Relations Department at group.complaints@niceic.com. We will acknowledge your complaint promptly (within 30 days) and aim to provide you with our decision and any steps we will take without undue delay and, in most cases, within [30 days.
You can also complain to the Information Commissioner’s Office (ICO). The ICO may expect you to complain to us first.
10. How do we protect personal information?
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We protect your information in accordance with our IT Security Policy.
We use a secure service when you make a payment through our website, via a virtual gateway operated by Worldpay. Payment Card Industry Data Security Standard compliant.
You should be aware that the use of the internet is not entirely secure and although we will do our best to protect your personal data, we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features such as encryption to try to prevent unauthorised access.
11. Third-party links
Our sites may include links to third‑party websites, plug‑ins or services. Those third parties have their own privacy policies and we are not responsible for them. Please check these policies before you submit any personal data to these websites.
Last updated 16 June 2026.