Privacy Policy

This Privacy Notice describes how we collect and use your personal information in relation to our Services, applications, products, services, events, and experiences that reference this Privacy Notice.

BrainChain offers a one- stop solution for employers, recruitment professionals and background screeners to check applicants’ qualifications at universities, colleges and professional bodies worldwide. 

We care about privacy and data protection. We are committed to carefully assess your interest, fundamental rights and reasonable expectations with regards to our processing of your data. We also aim at transparency, we want you to know what data we collect about you and how it is used and shared. Please be aware that, whilst we make our best efforts to keep your personal information safe, no website can be completely secure. 

The following privacy policy (“Privacy Policy”) relates to our use of any personal information regarding you we collect and process via our website, mobile application or any other personal information you provide us in person, via email, telephone, text message, or other means. 

In the Privacy Policy, the terms processing, personal data, data controller, data processor, data subject shall have the same meaning as set out in the Data Protection Act 1998 (“DPA”) as amended, extended or re-enacted from time to time and including all subordinate legislation made from time to time under the DPA or as defined by the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) once applicable and/or any corresponding or equivalent national laws or regulations once in force and applicable (“Applicable Data Protection Laws”). 

KEY TERMS 

To help you understand the content of our Privacy Policy we have summarised some key terms: 

Verification Check means a verification of an individual’s qualifications or other certifications, including but not limited to records of previous and present students’ degree and/or professional qualifications, for the provision of the Services. 

Data Controller means the individual or organisation that, alone or jointly with others, exercises overall control over how Personal Data are processed and the purposes of such treatment. 

Data Processor means any person (other than an employee of the data controller) who processes the data on behalf and under the instruction of the Data Controller. 

Communication Methods mean email, telephone, notices posted on our Site, or any other communication methods. 

Personal Data means any information relating to a living individual who can be directly or indirectly identified in particular by reference to an identifier. Personal Data may include identification numbers, location data and online identifiers. 

Processing means obtaining, recording or holding data or carrying out any operation in relation to Personal Data. 

Sensitive Personal Data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. 

Services mean qualification verification services provided. 

Third-Party Websites mean websites owned and operated by third parties. 

Site means BrainChain website or app as available from time to time. 

PRIVACY POLICY IN RELATION TO WEBSITE USERS 

The following terms in this paragraph apply only to users of the Site who are not otherwise using our Services. 

DATA CONTROLLER 

For the purpose of the processing of your Personal Data in connection with your use of our Site, BrainChain is the Data Controller.  

LEGAL BASIS FOR PROCESSING 

We process your Personal Data on the basis that you have consented to and we have a legitimate interest in such processing. Our legitimate interest includes our commercial interest in offering our Services to the public. 

HOW WE USE YOUR PERSONAL DATA 

We use your Personal Data to give you access to our Site and in particular to: 

  • provide you with information about BrainChain services through our Site; 
  • contact you through any Communication Method about our products and services, provided that you have previously consented to us contacting you. You may always opt to be excluded from communications regarding BrainChain and other products and services by sending an email to benevolentears@brainchainmission.org ;
  • produce aggregate insights that do not identify you; and
  • investigate, respond to and resolve complaints and service issues

INFORMATION WE COLLECT ABOUT YOU 

We log your visits and your usage data when you visit our Site. 

In particular, we use internet protocol (“IP”) addresses, cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to identify you or your device. You can control all these settings on your device yourself – settings we respect in full (e.g. use of VPN / allow no cookies / ….)    

We receive data from your devices and networks, including location data. When you visit or leave our Site, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Site from a mobile device, that device will send us data about your location. Most devices allow you to prevent location data from being sent to us and we respect your settings. 

RECIPIENTS OF YOUR DATA 

To provide and develop our Site, we may share your Personal Data with: 

  • our subsidiaries, provided that our subsidiaries will be subject to the same terms of this Privacy Policy; and 
  • third parties for maintenance, analysis, audit, payments, marketing and development. Third parties will only have access and use your information as reasonably necessary to perform these tasks on our behalf and they will be bound to non- disclosure obligations and to the terms of this Privacy Policy.
  • We may have to disclose your Personal Data if it is reasonably necessary to: (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; investigate and defend ourselves against any third-party claims or allegations; (iii) protect the security or integrity of our Services. 

We will attempt to notify you about legal demands for your Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overboard, vague or lack proper authority, but we do not promise to challenge every demand. Such dispute will be our first reflex as your privacy is most important to us and we will walk the mile to earn and keep your trust. 


We may share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy. 

CROSS-BORDER DATA TRANSFERS 

We may transfer Personal Data outside the European Economic Area (“EEA”) either: 

  • within our organisation, Limited in jurisdictions outside the EEA; or 
  • to an educational institution outside the EEA that an individual who is the subject of a Verification Check has attended in order to undertake a Verification Check (“non-EU University”); or
  • to an agent or sub-contractor who is able to undertake a Verification Check in relation to attendance at a non-EU University where we are unable to undertake the check directly ourselves. 

There is a risk that such transfers of Personal Data may not be subject to the same legal framework in relation to data protection as exists inside the EEA, but we aim to replicate our standards across our operations both inside and outside the EEA and we require our third-party contractors to adhere to the same standards. 

Other than the above transfers, we do not transfer, store or process your Personal Data at destinations outside the EEA without your explicit consent. Please contact us to learn more about our processes and policies to safeguard your Personal Data when shared outside the EEA. 

Please contact us at benevolentears@brainchainmission.org if you wish to know more about our cross-borders data transfers 

PRIVACY POLICY IN RELATION TO USERS AND INDIVIDUALS SUBJECT TO A VERIFICATION CHECK 

The following terms in this paragraph apply only to users of our Services and individuals subject to a Verification Check. 

DATA CONTROLLER 

For the purpose of a Verification Check or similar service, a Data Controller will be each BrainChain’s customer requesting such Verification Check or similar service. Please be advice that depending on the circumstances of each individual case, there may be more than one Data Controller. 

DATA PROCESSOR 

For the purpose of a Verification Check or similar service, we are a Data Processor. We process Personal Data only under the instructions of the Data Controller(s) for the time being (i.e. a BrainChain’s customer requesting a Verification Check or similar service). 

LEGAL BASIS FOR PROCESSING 

We process Personal Data of users of our Services on the basis that we have a legitimate interest in such processing that includes our commercial interest in providing our Services. Furthermore, we may process Personal Data of users of our Services and of individuals subject to a Verification Check on the basis that: (i) they have consented to such processing; (ii) it is necessary for the entry into, or performance of, a contract or in order to take steps at their request prior to the entry into a contract; (iii) it is necessary for compliance with a legal obligation. 

HOW WE USE YOUR PERSONAL DATA 

USERS OF OUR SERVICES
We use Personal Data of our users to give them access to our Site and to provide them with our Services and in particular to: 

  • administer and process registrations and/or verifications; 
  • authenticate users and grant users with access to some areas of our Site;
  • correspond with us through any Communication Methods, about their registration and/or verification(s);
  • produce aggregate insights that do not identify any individual user of our Services; and
  • investigate, respond to and resolve complaints and service issues. 

INDIVIDUALS SUBJECT TO A VERIFICATION CHECK
We only use Personal Information regarding individuals subject to a Verification Check to perform our Services under the instruction of a Data Controller (i.e. each Qualification Check’s costumer requesting such Verification Check), provided that such Data Controller will have previously obtained your informed consent to such verification. 

To perform a Verification Check we will share your Personal Data with the university or institution from which you have obtained your qualification or other title. We will also share the results of such Verification Check ‘on a verified or not verified basis’ with the relevant Data Controller/Qualification Check’s costumer. 

INFORMATION WE HOLD 

USERS OF OUR SERVICES
We collect Personal Data about you, including but not limited to your first name, family name, email address, region (location), National Identification Number, telephone number if you decided to share that, and password, when you register in the registration section of our Site or otherwise, or place an order for use of our Services. In addition, we also collect and process your biographical data and other Personal Data in order to perform our Services. 

We log your visits and use of our Services, your usage data when you visit or otherwise use our Services. We use log-ins, IP addresses, cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to log your use, and identify you or your device. 

When you visit or leave our Site, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Site from a mobile device, that device will send us data about your location. Most devices allow you to prevent location data from being sent to us and we respect your settings. 

INDIVIDUALS SUBJECT TO A VERIFICATION CHECK
We receive your Personal Data from a Data Controller requesting a Verification Search regarding your qualifications or other titles you have obtained. We keep your Personal Information safely within our system and only for as long as necessary to perform our Services. 

 

RECIPIENTS OF YOUR DATA 

To provide and develop our Services, we may share your Personal Data with: 

  • our subsidiaries, provided that our subsidiaries will be subject to the same terms of this Privacy Policy; 
  • subcontractors who may perform the whole or part of the Services on behalf of BrainChain (“Subcontractors”), provided that the Subcontractors will be bound to substantially the same obligations imposed on Qualification Check under its agreement with each Data Controller for the time being and to the terms of this Privacy Policy; and
  • THIS ONLY APPLIES TO USERS OF OUR SERVICES – third parties (e.g. for maintenance, analysis, audit, payments, marketing and development). Third parties will only have access and use your information as reasonably necessary to perform these tasks on our behalf and they will be bound to non-disclosure obligations and to the terms of this Privacy Policy. 


We may have to disclose your Personal Data if it is reasonably necessary to: (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; (iii) investigate and defend ourselves against any third-party claims or allegations; (vi) protect the security or integrity of our Services. 


We will attempt to notify you about legal demands for your Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not undertake or warrant to challenge every demand, even if that will always be our first reflex in respect of your privacy.


We may also share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys BrainChain or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy. 

DATA RETENTION 

USERS OF OUR SERVICES
As the intent of BrainChain is to be able to provide you with the diploma verification service for as long as you are professionally active, this is the default period during which we keep related data. At any time, you can deviate from this and request us to delete all data we have about you, in line with the spirit of the data privacy regulations we abide by.  

We may need to retain part of your Personal Data even after termination of this agreement with you, if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreements with you. 

INDIVIDUALS SUBJECT TO A VERIFICATION CHECK
We keep your Personal Data only for as long as it necessary to provide you with our Services. 

NON-EEA TRANSFER 

In the event that an individual subject to a Verification Check holds a qualification obtained outside the EEA or has entered into an agreement with a client that requires his/her qualification to be sent to a destination outside the EEA, we may transfer, store or process (the “Transfer”) such individual’s Personal Data outside the EEA.

Please be advised that we may also rely on the following derogations as basis for the Transfer of Personal Data outside the EEA: (i) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request; (ii) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person; (iii) the transfer is made from a register which according to a EEA State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by a EEA State law for consultation are fulfilled in the particular case. 

We also have subsidiaries located outside of the EEA with access through our internal systems to Personal Data of individuals. All BrainChain subsidiaries behave in accordance with the GDPR despite their location 

GENERAL 

The following terms in this paragraph apply both to users of our Services and to users of the Site. 

CHANGE TO THIS PRIVACY POLICY 

As we are committed to constantly improving our Services, we may change the selection of data and the way we process it. We reserve the right to change or adapt this Privacy Policy from time to time. In case of any material change to our Privacy Policy, we will update the version available on our Site as soon as reasonably possible. 

THIRD-PARTY ADVERTISERS 

We do not share your Personal Data with any third-party advertisers or ad networks for their advertising without your separate permission. 

SECURITY 

We implement a number of security safeguards designed to protect your data, such as HTTPS and digital certificates. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. 

YOUR RIGHTS 

Right of Access. We offer you access to the Personal Data we hold about you. Please be aware that the purpose of an access request is to give you the opportunity to confirm the accuracy of Personal Data we are holding about you, the lawfulness of our processing and to allow you to exercise your rights under Applicable Data Protection Laws if necessary. 

We reserve the right to reject manifestly unfounded (e.g. made for other, non-data protection purposes) or excessive requests. 

To have access to the Personal Data we store about you, please contact us at: benevolentears@brainchainmission.org 

Right to Withdraw Consent. Please be aware that, if you have given us consent to process your data for the purposes detailed in this Privacy Policy, you can always change your mind and withdraw your consent by contacting us at benevolentears@brainchainmission.org

In order to process your request we may ask you to send us a copy of two forms of identification (such as passport, driving licence, birth certificate, bank statement, utility bills).