IIBLC® privacy statement

Privacy policy


IIBLC® has had, has and will always have the utmost respect for people's privacy. Therefore, in accordance with guidelines and regulations of the EU 2016/679 (GDPR), this page describes the different aspects of IIBLC®’s privacy policy regarding collection, handling and storage of personal data.

Part 1 Generalities and terms


IIBLC® never uses personal data to send candidates unwanted info, solicitations, publicity, etc. under any form including but not restricted to newsletters, programme updates, etc. All info is available on our website, Book Of Knowledge, social media or via our exam centres.

IIBLC® does NOT transfer, sell personal data to any third party.

All info passes via the exam centres to/from the candidates. The only exception to this rule is candidates sending reports of practical application (project) directly to IIBLC® via e-mail and surface mail. This to speed up the transfer of these reports. Results are sent back via exam centre where candidate passed last theoretical exam.

As a basic principle, all communication regarding candidates is based on the preferred mode of identification namely the IIBLC® ID number system.


Controller: decides on data to be collected and how they are collected. In this case: IIBLC® board of directors.

Processor: does the actual data collection. In this case: exam centres for initial data collection, IIBLC® admin for final data treatment.

Part 2 Reason for collection of private data

Identification of candidates

In order to be able to assign unique ID number the combination of candidate’s name, surname and date of birth is taken into account. (contract)

Certificate data

In order to have correct name, surname and date of birth on the certificate and thus assure uniqueness of the certificate.

To be able to check if candidate is within requirements for passing an exam (especially higher levels). (contract)

Internal statistics

In order to keep track of progress of the programme (ex. 1000th certificate, etc.)

Get insight in geographical distribution, sectorial and company distribution.

These statistics are for internal use only and are treated confidentially.

The only statistics shared with exam centres are the yearly number of exams (no personal data). (Legitimate interest)

Info requests

In order to be able to answer written info requests concerning the level of certification of a certain candidate. These requests can come from official labour organisations, companies wanting to hire consultant, … It is important to note that in answer on such a request, ONLY the obtained level will be given or confirmed, NO other info (personal data). In case the request did not include an approval by the candidate to obtain the info, IIBLC® will try to contact (via the exam centre) the said candidate to inform him/her of the request and seek approval for replying to the request. This might induce some delay for the requesting party.

Third party

IIBLC® does NOT transfer, sell personal data to any third party. Data are only used in communication with exam centres who are, whenever dealing with personal data of EU citizens, bound by the same EU 2016/679 and have provided us with a signed agreement to comply with this directive.

Part 3 Handling of data

Data collection

Exam administration

In order to be able to issue a unique IIBLC® ID number to any candidate, we collect following data: name, first name, date of birth, address, company (name and location) and e-mail address. A combination of these data allows the creation of the ID number and thus avoid any confusion or doubles. The data are collected by the exam centres and sent to us via standard forms.

The way data are collected and handled (forms, delays, etc.) are described in our internal procedures and standard work which are adhered to by all employees present and future of IIBLC® and their partners/exam centres.


To help analyse how you and other visitors navigate our website, compile aggregated statistics about site usage and response rates, and administer our website, we, with assistance from third-party analytics service providers, collect certain information when you visit our site. This information includes IP address, browser type, browser language, date and time of your request, time(s) of your visit(s), page views and page elements (e.g., links) that you click. We may use cookies to assist us in collecting and analysing such information. We use this information to provide better, more relevant content on our site, to identify and fix problems, and to improve your overall experience on our site.

If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.

If you reside in the European Union or other jurisdiction that requires us to obtain your consent to use cookies on our sites, then you will have an opportunity to manage your cookie preferences on the sites; except that certain cookies are required to enable core site functionality and you cannot choose to disable those cookies.

Here are examples of third-party providers of analytics and similar services we currently use:

Analytics services:

Google: Google Analytics is used to track site statistics and user demographics, interests and behaviour on websites. We also use Google Search Console to help understand how our website visitors find our website and to improve our search engine optimization. Find out more information about how this analytics information may be used, how to control the use of your information, and how to opt out of having your data used by Google Analytics.

Website contact form

When a contact form is sent to us via the website, following data are collected:

  1. Provided by requester:
    • Name, first name, e-mail address, IIBLC® ID number (optional)
  2. Automatically:
    • IP address, date/time of request

These data are necessary to

  1. Be able to answer the request in a correct manner and have quick access to relevant data (in case of ID number given)
  2. Be able, in case of illegal use (spamming, phishing, offensive language, …) to provide the official instances with the necessary info to act and/or block the IP address

Data storage

All data are stored behind a firewall and access is limited by password. The database containing personal data is encrypted.

Data backup

Regular (encrypted) back-ups of the data are made. These back-ups are encrypted, secured by password and physically secured.

Responsibilities within IIBLC®

Apart from the Board of Directors, administrative personnel of IIBLC® is authorised to handle personal data within the stipulations of their labour agreement and after accepting and signing a Non-Disclosure Agreement (NDA).

A strict “need to know” principle is maintained and all personnel will be briefed and trained on use of correct procedures on a yearly basis.

Duration of data keeping

In principle, personal data are kept indefinitely for following reasons:

  1. Certificates are valid indefinitely
  2. To be able to answer to info requests in accordance with Part 2
  3. To be able to identify candidate willing to take/retake an exam

GDPR specific documents

IIBLC® holds the following documents:

  1. Data register
  2. Data leak register

Furthermore, a data leak procedure is established and available for all concerned.

Right to check, update data

Data update via exam centre

Personal data update is foreseen as per internal standard work.

It is the responsibility of the exam centres to provide updates to IIBLC®.

Direct to IIBLC®

Any person having data in our database has the right to ask for the data in our possession, either for a check or for the purpose of updating data.

In both cases, the person concerned should send IIBLC® a message (via surface mail), requesting the data. The request will be

  1. An original copy with original signature
    • Accompanied by a proof of identity from the part of the requester in order to be honoured.

All requests should be sent to the official IIBLC® address as mentioned on our website, page “contact”.

Any updates requested by the person concerned will be made immediately in the database.

Via exam information

At any exam session, candidates are required to sign the “candidates presence form”. This standard document shows for every candidate:

  1. ID number
  2. Name, surname
  3. Date of birth

At the time of registration at the exam site, before starting the exam, the candidate has to sign next to his/her data. At that time, candidate should check and, if applicable, correct the data. This document is sent back to IIBLC® and any corrections are put in the database before correcting the exams.

Right to be forgotten

Any person has the right to have all data him/her concerning removed from the IIBLC® database.

The person concerned should send IIBLC® a message (via surface mail), requesting the data. The request will be

  1. An original copy with original signature
    • Accompanied by a proof of identity from the part of the requester in order to be honoured.

All requests should be sent to the official IIBLC® address as mentioned on our website, page “contact”.

In case the person concerned has passed away, the request shall contain a legal document proving that the requester has the authority to ask for the removal of the data.

Upon receipt of the legitimate request, IIBLC® will immediately delete the database record of the person.  This includes, but is not limited to personal data and any details about exams taken, certifications obtained. Should the person wish to pass any exam afterwards, he/she shall be considered as “new”, receive a new ID number and will have to start at the first level of certification (CGBL®).

Closing remarks

It is to be understood that IIBLC® does and will do whatever is possible to safeguard personal data of its candidates. It will follow all applicable rules and regulations and adapt its policy if this becomes necessary. At any such time, the new version will be published on the website and a “news item” announcing the new version will be visible on the homepage.

Fundamental rights

The EU Charter of Fundamental Rights stipulates that EU citizens have the right to protection of their personal data.


The new data protection package adopted in May 2016 aims at making Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU and regardless of where their data is processed.

The General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The regulation is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens.
The regulation came into force on 24 May 2016 and will apply from 25 May 2018.

Source: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en