Skip Content

Privacy & cookies policy

Privacy Notice

Construction Skills Certification Scheme Limited (“CSCS”/“We”/“Us”/”our“) are committed to protecting and respecting your privacy lawfully, fairly, and transparently.

This Privacy Notice (and any other documents referred to in it) together with our terms of use give you information on our privacy practices and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us or on our behalf.

This Privacy Notice applies to our website at www.cscs.uk.com  and cscsonline.uk.com (collectively, the “Website“) and will apply whether you access our Website using a computer, mobile phone, tablet, TV, or other device.

Please read the following carefully and contact us if you have any questions by email on [email protected] or by using the details set out in section 15 below. You may find it helpful to click on the headings below for further information on our privacy practices.

This version of our Privacy Notice was last updated in October 2020.

  • 1. Who we are and the CSCS Scheme
    • CSCS is a not-for-profit limited company registered in England and Wales under registered number 03024675. The address of our registered office is Floor 8, 71 Queen Victoria Street, London, England, EC4V 4AY.
    • CSCS is the leading skills certification scheme within the UK construction industry (“Scheme”). A key aspect of the Scheme is the provision of CSCS cards (“CSCS Cards”) which provide validation that individuals working on construction sites have the required occupational training and qualifications for the type of work that they carry out.
    • The Scheme keeps a database of members who are individuals working in construction who have achieved or who have indicated a commitment to achieving a recognised construction-related qualification.
    • Holding a CSCS membership card is not a legislative requirement. It is entirely up to the principal contractor or client whether workers are required to hold a card before they are allowed on site. However, most principal contractors and major house builders require construction workers on their sites to hold a valid CSCS card.
    • Applications for a CSCS Card can be made either by individuals applying for their own card, or by corporate bodies on the individual’s behalf.
    • The Scheme’s digital self-service application system is managed by Icreon UK Limited (Company Number 04771967) and the Scheme’s telephone-based application system and customer service call centre is operated by Teleperformance Limited (Company Number 02060289).
  • 2. CSCS is the data controller
    • For the purposes of the General Data Protection Regulation ((EU) 2016/679)(“GDPR“) and for the UK data protection regime, CSCS is the “controller” in respect of the data processing described in this Privacy Notice.
    • CSCS is registered as a data controller with the UK Information Commissioner’s Office (“ICO“) under registration number Z8156332.
    • If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the CSCS by email on [email protected] or by using the alternative contact details set out in section 15
    • For the purposes of this policy:
      • Applicants and Cardholders – an individual who has applied for, has currently been issued with, or has previously been issued with a CSCS Card.
      • Employers – An employer or an individual working for an employer who makes applications for CSCS Cards on behalf of employees.
      • Training Providers – an individual working for a training provider that makes applications for CSCS Cards on behalf of other individuals.
      • Third Parties – an individual working for a third party that makes applications for CSCS Cards on behalf of other individuals.
      • Awarding Organisation – an individual working for an organisation which provides awards for the various qualifications Applicants and Cardholders purport to hold.
      • Supplier – business contacts at our supplier organisations
      • Website Visitors – all visitors to our Website
  • 3. The categories of personal data which we may collect from you
    • We may collect, use, store and transfer different kinds of personal data about you in the provision of our services and the operation of the Scheme, which we have grouped together as follows:
      • Identity and Contact Data: including your name, title, date of birth, national insurance number, home and/or business address (postal and email), proof of name change (if relevant), telephone number, photograph.
      • Qualification Data: qualification certificates and details and training history.
      • Transaction Data: details about payments made for the CSCS Card you have applied for, however we do not retain any of your payment card details and/or bank account details, as this is handled by our payment processor.
      • Technical and Usage Data: including internet protocol (IP) addresses, the type of browser used while visiting the Website, the numbers of users who visit the Website, details of your visits to the Website including, but not limited to, usage session dates and duration, page views, and how you use the Website and our services, traffic data, location data, weblogs and other communication data and the resources that you access.
      • Marketing and Communications Data: including your preferences in receiving marketing from us and your communication preferences.
      • General Data: information relating to your general enquiries or complaints.
    • If you are:
      • an Employer making either an application for a CSCS card on behalf of an individual or bulk application for multiple CSCS cards on behalf of multiple individuals via our ‘Employer Applications’ page;
      • a Training Provider making an application on behalf of an individual via our ‘Training Provider’ page; or
      • a Third Party making an application on behalf of an individual via our ‘Third Party’ page,
    • we will ask you to provide data in respect to and on the behalf of those individuals you are making an application on behalf of, and the business contact information of the contact at the Employer, Training Provider or Third Party.
      • You should bring the content of this Privacy Notice to the attention of such individuals at or before the time at which you provide their respective personal data to us and you should have obtained their consent to do so.
  • 4. How your personal data are collected
  • We use different methods to collect data from and about you.

    1. Applicants and Cardholders
    • Direct Interactions. You may give us your Identity and Contact Data, Qualification, Transaction Data, Marketing and Communications Data and General Data when you:
    • sign up to our newsletter;
    • communicate with us by telephone, post, email, via your online account or the Webchat function (we may keep a record of that correspondence);
    • meet our representatives in person;
    • make an application to CSCS to become a cardholder;
    • complete the Scheme application formalities including filling in applicable forms and providing us with copy documents and certificates showing and/or information relating to your occupational, qualifications and/or training;
    • become a CSCS member and/or cardholder;
    • make enquiries about CSCS, the Scheme or its members and/or cardholders;
    • are a user of CSCS resources;
    • report a problem with the Website;
    • complete our voluntary surveys that we may use from time to time for research purposes upon request from us (although you do not have to respond to them); and/or
    • respond to a request via our marketing materials.
    • Information from third parties. We may also receive your Identity and Contact Data, Qualification Data, Transaction Data and Marketing and Communications Data from your Employer, Training Provider or Third Party if they have made an application for a CSCS Card on your behalf.
      • We will also receive your Qualification Data from Awarding Organisations when we verify the qualification and training information you, or your Employer, Training Provider or Third Party, has provided.
      • We may also collect:
    • details of your interactions through the Website and of the fulfilment of any of your requests;
    • information that is drawn from publicly-available sources; and/or
    • information that is otherwise collected in the normal course of the provision of our services and the operation of our Scheme
    1. Employers, Training Providers, Third Parties
    • Direct Interactions. You may give us your Identity and Contact Data and General Data when you correspond with us or make applications on behalf of third parties.
    • Information from third parties. We may receive your Identity and Contact Data from third parties such as your employer or from publicly available sources.
    1. Suppliers

    We collect your Identity and Contact Data, Transaction Data and General Data when we correspond with you about our services, and from publicly available sources such as Companies House.

    1. Website Visitors

    As you interact with our website, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, traffic logs and other similar technologies. Please see our Cookies Policy for further information.

  • 5. How we use personal data
    • We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
      • Where we need to perform the contract we are about to enter into or have entered into with you.
      • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The legitimate interests we rely on are set out next to each purpose below.
      • Where we need to comply with a legal or regulatory obligation.
    • We have set out below, in a table format, a description of all the ways in which we plan to use your personal data, and which formal legal basis we rely on to do so. Note that we may process your personal data relying on more than one lawful basis. Please contact us (see section 15) if you need any further details.
    Category Purpose/Activity Type of Data Lawful basis for processing, including basis of legitimate interest
    Applicants and Cardholders To process your application for a CSCS Card and to provide you with the benefits of the Scheme

     

    Identity and Contact

    Qualification

    Transaction

    General

     

    To take steps to enter into a contract with you, and to perform our contract with you
    Applicants and Cardholders To validate the Qualification Data you, your Employer, Training Provider or Third Party has provided in respect of your application Qualification Necessary for our legitimate interests in preventing fraudulent applications
    Applicants and Cardholders To manage our relationship with you, including to:

    –       Administer our contract with you

    –       Provide the CSCS Scheme cards

    –       Send communications to you such as information, news or surveys about the Scheme

    –       Manage and record our relationship with you, and to deal with any complaints that you may have about it

    –       Monitor and improve the effectiveness of our services

    –       Notify you about changes to our services, including contacting you by email, telephone or post

    –       To maintain business records

    Identity and Contact

    Qualification

    Transaction

    Marketing and Communications

    General

    To perform our contract with you

    Necessary for our legitimate interests to keep our records updated and to review how customers use our services, to develop them and to conduct direct marketing

    Employers, Training Providers and Third Parties –       To enable you to make applications for CSCS Cards on behalf of individuals

    –       To take payments from you

    –       To provide you within information about our services

    –       To notify you about changes to our services

    –       To maintain business records

    Identity and Contact

    Transaction

    Marketing and Communications

    Necessary for our legitimate interests in fulfilling our contractual obligations to your employer, for record keeping purposes and business efficiency, and to conduct direct marketing
    Suppliers To carry out our contractual obligations to our suppliers, including to manage our payments to you Identity and Contact

    Transaction

    Necessary for our legitimate interests in receiving products and services from our suppliers to ensure our business is run efficiently
    Website Visitors –       To provide our website and to protect it (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

    –       To use data analytics and tools to improve the Website, our services, marketing, customer relationships and experiences

    Identity and Contact

    Technical and Usage

    Necessary for our legitimate interests in providing administration and IT services, to ensure our business is run efficiently, to study how customers use our services and to develop them, to grow our organisation

     

    • We may combine the personal data that we collect from you to the extent permitted by applicable law. For example, we may combine various different databases that contain your personal data to allow us to provide better support services and more personalised content (such as marketing).
    • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
  • 6. Other parties with whom we may share personal data
    • The Scheme’s digital self-service application system is managed by Icreon UK Limited (Company Number 04771967) and the Scheme’s telephone-based application system and customer service call centre is operated by Teleperformance Limited (Company Number 02060289).
    • We may share your personal information with our payment processor, who handles all payments and transactions on our behalf.
    • We may share your personal information with our suppliers who administer the Scheme in order to provide you with the relevant CSCS Card on our behalf.
    • We will also disclose your personal information to Awarding Organisations to validate the Qualification Data you, or your Employer, Training Provider or Third Party has provided.
    • We may also share your personal information with the Construction Industry Training Board (CITB), to enable CITB to manage the Construction Training Register.
    • If you have a CSCS Card, by providing your CSCS Card to be used with a card-reader or smartphone (with near-field communications (NFC) or other capability), you acknowledge and agree that the person using the reader or smartphone will be able to view your name and occupational qualifications and other personal data either stored on or accessed by using the CSCS Card .
    • We may also disclose your personal information to third parties:
      • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
      • in order to enforce or apply our terms of useand other agreements;
      • to protect the rights, property, or safety of CSCS, our clients, our members, or others (this includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction);
      • with whom you request us to share your personal data such as your employer;
      • to help CSCS or our affiliates analyse and/or improve our communication or relationship with you; and/or
      • in the event that all or substantially all of our business or assets are or are intended to be sold or otherwise assigned to another entity.
    • Except as described above, we will not disclose your personal data to third parties for their own marketing purposes unless you have provided consent.
  • 7. What we do to keep your personal data secure
    • CSCS is committed to protecting the security of your personal data. We use a variety of technological, physical and organisational protections and procedures to help protect your personal data from unauthorised access, use, or disclosure, such as encryption, passwords, physical security, etc.
    • In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
    • While we strive to protect your personal data, no website, product, device, online application or transmission of data, computer system or wireless connection is completely secure, and CSCS cannot ensure or warrant that the personal data or private communications you transmit to us will always remain private, and you do so at your own risk.
    • If a password is used to help protect your accounts and personal information, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always log out before leaving the Website to protect access to your information from subsequent users.
    • We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
  • 8. Transferring and processing your personal data outside the European Economic Area
    • We will only transfer your personal data to countries outside the European Economic Area (which may not provide the same level of data protection as within it) in accordance with applicable laws or where you have given us your consent to do so.
    • Our digital system is hosted by Amazon Web Services, which is a subscriber to the EU-US Privacy Shield.
    • If this happens we will make sure the transfer and storage of your information still complies with UK or EEA laws and this Privacy Notice.
  • 9. Accessing your personal data and other rights you have
    • CSCS wants to help you keep your personal data accurate and current.
    • You have the right to access information we hold about you. Please keep us informed if your personal data changes during your relationship with us. To review, verify or correct your personal data, please contact our customer service department detailed in section 15
    • We will collect, store and process your personal data in accordance with your rights under any applicable data protection laws. Under certain circumstances, you will or may have the following rights in relation to your personal data:
      • Subject access: the right to request details of the personal data which we hold about you and copies thereof.
      • Right to withdraw consent: (where you have consented to our processing of your personal data), the right to withdraw such consent at any time. If you wish to withdraw your consent to processing, please contact us using the details provided in section 15.
      • Data portability: the right to request us to port (i.e. transmit) your personal data directly to another organisation.
      • Rectification: the right to require us to rectify or update any incorrect or inaccurate personal data about you.
      • Erasure (‘right to be forgotten’): the right to have your personal data ‘erased’ in certain specified situations.
      • Restriction of processing: the right in certain specified situations to require us to stop processing your personal data.
      • Object to processing: the right to object to specific types of processing of your personal data, such as where we are processing your personal data for the purposes of direct marketing.
      • Prevent automated decision-taking: the right not to be subject to decisions being taken solely on the basis of automated processing.
    • If you wish to enforce any of the above rights under applicable data protection laws, please contact us by using the details set out in section 15 We will respond to your request without undue delay and by no later than one month from receipt of any such request, unless a longer period is permitted by applicable data protection laws, and, if permitted to do so by applicable data protection laws we may charge a reasonable fee for dealing with your request which we will notify to you.
    • If you are concerned that we have not complied with your legal rights under applicable data protection laws, you may contact the ICO (www.ico.org.uk) which is the data protection regulator in the UK. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO (or other data protection supervisory authority) so please contact us in the first instance.
  • 10. Data retention – how long will we store/keep your personal data
    • We retain personal data for as long as necessary to fulfil the purposes for which they have been collected as outlined in this Privacy Notice unless a longer retention period is required by law.
    • We reserve the right to keep records of former Scheme members for the purposes of operating the Scheme, fielding enquiries and compliance purposes. Generally, we retain former Scheme members’ personal data for 10 years from expiry or cancellation of the former Scheme member’s CSCS card.
    • When your personal data are no longer required for the said purposes or as required by applicable law, they will be deleted and/or returned to you in accordance with applicable law.
  • 11. Third-party links
    • This Website may from time to time include links to third-party websites, plug-ins and applications.
    • Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit or to which you may provide your personal data.
  • 12. Cookies
    • When you access the Website, some information in the form of a “cookie” or similar file may be automatically downloaded to your computer. This helps us to enhance the on-line experience of visitors to the Website.
    • A ‘cookie’ is a name for a small text file, usually of letters and numbers, which, if you agree to them, are downloaded onto your computer, mobile phone, tablet or other device when you visit a website. Cookies contain information that is transferred to your device’s hard drive and are used to distinguish you from other website users.
    • If you do not want cookies sent to or stored on your system, you can choose to turn cookies off by setting your cookies preferences in the website cookies settings. These settings are accessed by clicking the button in the bottom left of the screen. You will be prompted to set your preferences or accept recommended cookies the first time you access the CSCS website. However, some cookies are essential to the functioning of the Website and these cannot be turned off. If you choose to reject some of our cookies, then we will only store these essential or ‘strictly necessary’ cookies.
    • In addition, most Internet browsers will allow you to delete or block cookies from your computer hard drive, prevent them from being stored or signal a warning before a cookie is stored. You should refer to your browser instructions or help screen to learn more about these functions.
    • We may use navigational data for system administration and to report aggregate information to our advertisers or other stakeholders. This is statistical data about our users’ browsing actions and patterns, and may use your online identifiers such as your IP address.
    • We use cookies to track the pages that you visit on the Website and to ensure that you do not see the same information repeatedly. We may also collect non-personal information, such as number of Website visits and tracking patterns of page viewing, to monitor the performance of the Website and make improvements to it.
    Name Type Purpose
    _cf_bm Essential Distinguishes between human users and bots.
    _cfduid Essential Used by the content network, Cloudflare, to identify trusted web traffic.
    _cfruid Essential Part of the services provided by Cloudflare including load-balancing, deliverance of website content and service DNS connection for website operators.
    _zlcstore Essential Enables functioning of the web-chat service.
    AWSALBCORS Essential Registers which server-cluster is serving the visitor. This issued in context with load-balancing.
    CookieConsent Essential Stores the visitor’s cookie consent state for the current domain.
    CookieControl Essential Determines whether the visitor has accepted the cookie consent box. This ensure that the cookie consent box will not be presented again upon re-entry to the website.
    ZD-suid Essential Unique ID that identifies the user’s session.
    ZD-store Preferences Registers whether the self-service-assistant Zendesk Answer Bot has been displayed to the website user.
    _ga Statistics Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
    _gat Statistics Used by Google Analytics to throttle request rate.
    _gid Statistics Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
    p.gif Statistics Keeps track of special fonts used on the website for internal analysis.
    ZD-buid Statistics Unique ID that identifies the visitor on recurring visits.
    ZD-currentTime Statistics Registers the date and time for the visitor’s latest visit to the website.
    _zlcmid Marketing Preserves the visitor’s states across page requests.
    Zte# Marketing Saves a Zopim Live Chat ID that recognises a device between visits during a chat session.

     

    • To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit org.
    • To opt out of being tracked by Google Analytics across all websites visit, please visit http://tools.google.com/dlpage/gaoptout.
  • 13. Your choices (e.g. marketing related emails or otherwise)
    • We may use your Identity and Contact Data and Marketing and Communications Data (such as your contact details (e.g. name, address, email address, telephone number)) to send you marketing-related correspondence related to our Services by email. When we process your personal data for marketing purposes, we do so on the basis that it is in our legitimate interests to do so.
    • We may also use your personal data to personalise and to target more effectively our marketing and communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.
    • To opt-out of receiving marketing-related correspondence specifically, please click “Unsubscribe” from any marketing or promotional email you receive from us, or contact us as explained in section 15 below.
  • 14. Changes to this Privacy Notice
    • Any changes we may make to our Privacy Notice in the future will be posted on this page and on Cardholders’ online profiles within the cscsonline.uk/com website. We encourage you to periodically review this Privacy Notice to be informed of how CSCS is protecting your personal data.
  • 15. Contact us
    • If you have any questions about this Privacy Notice, our privacy practices or the processing of your personal data by or on behalf of us, or if you wish to exercise any of your rights set out in this Privacy Notice, please contact us in the following ways:

    By email: [email protected]

    By post: Customer Services Team, The Construction Skills Certification Scheme Limited, Coalfield Way, Ashby-de-la-Zouche, LE65 1JF

    By telephone 0344 994 4777