GoToCertify Privacy Statement
1 Introduction
GoToCertify respects each site visitor’s right to privacy. We collect and use information from our website only as disclosed in this privacy statement. This privacy statement applies to and discloses the privacy practices of information collected by GoToCertify only. If you disagree with any part of this privacy statement, please do not use our website.Hereafter, the terms “GoToCertify” and “we” and its derivatives refer to the owner of the website. The term “you” and its derivatives refers to the user or viewer of our website. The term “statement” refers to this document. The terms “GoToCertify website” or simply “website” refer to the website https://gotocertify.com/.
GoToCertify is the data controller of the information you provide during the process of application, registration, certification, examination, or other purposes as outlined in this privacy statement.
Any details entered in one of our online forms will be stored electronically by us. If you have any questions about the process or the way your information is handled, please contact our data protection officer via email at This email address is being protected from spambots. You need JavaScript enabled to view it..
2 Website content
The content of the GoToCertify website is intellectual property protected by law. The information and content provided may not be re-used without our explicit permission, except for private or other personal use within the limitations of the General Data Protection Regulation (GDPR). The press releases and articles from our press service presented on the website are available to the editors of newspapers or periodicals for publication. Should they be published, GoToCertify will request the publisher to provide a proof copy.
This privacy statement does not cover any link within the GoToCertify website that leads to other websites. We have no authority or responsibility over the content or design of other companies’ websites that can be assessable via hyperlinks from our website. Furthermore, we explicitly disassociate from any internet content that might be illegal or offensive. You take full responsibility for using hyperlinks on our website to access other companies’ websites. We recommend that you check the policies concerning data protection and privacy of the GoToCertify partners or other users whose websites can be accesses through our website.
GoToCertify is not responsible for any outcome caused by opening or otherwise engaging with the website(s) of our partners. The partners’ hyperlinks and addresses provided on our website are generated automatically (geographical location and contact) in accordance with the partners’ physical address.
3 Lawful Basis for Processing
We collect personally identifiable information (PII) only with the consent of the natural person (data subject) and ensure that the data collected is used only for the stated purpose.
In addition, when you create an account and become a GoToCertify client, partner, trainer, auditor, invigilator, or distributor, you are required to fill out an electronic form for which we are not held responsible. We ask for your consent to send you information only regarding our training courses, news, newsletters, webinars, or other content related to our services.
4 Types of Collected Information
We only collect the information that you provide to us when you visit our website.
The provision of information to GoToCertify is a voluntary act. Clicking the “Submit” button on any of our web forms on our website means that you are aware of the GoToCertify’s Terms, Conditions, and Policy provisions and voluntarily consent to the conditions outlined therein.
4.1 Registration Forms
When creating a GoToCertify account, you provide information which can personally identify you, such as your full name, year of birth, email address, phone number, country, state, and city. In addition, when you create a GoToCertify partner account, we also collect your company information, including its name, physical address, phone number.
The information we collect helps us complete your registration process and identify you as a user of our website.
4.2 Registration through the partner
GoToCertify operates globally through its network of partners. GoToCertify helps their partners so they can perform and distribute GoToCertify services to their clients effectively and with high quality. GoToCertify partners are eligible to create training course events and enroll training course participants in them. When using the Enroll Course Participants form, the participant’s GoToCertify account will be created by the partner and only activated after the user clicks the activation link via email.
The partner is fully responsible for creating the account and for using the participant’s PII, including the full name, country, province/state, and email address.
4.3 Marketing emails
GoToCertify is the data controller responsible to handle all marketing communications of GoToCertify services and products.
If you previously agreed to receive marketing communications, you will occasionally receive relevant news and offers about our services and products. To improve our services we may contact you for survey and market research purposes.
Personal Information collected for marketing purposes is processed in accordance with your subscription preferences.
4.4 Help and Support Center
Our clients are supported by Service Desk support, available at the Contact on our website. Your name, email address, and chat content will be collected if you use our Chat bot. We will only keep this information for three years and we will not share it with anyone else. We continuously monitor Live Chat logs to improve quality.
If and when you call GoToCertify’s support line, we collect Calling Line Identification information. We use this information to help improve the efficiency and effectiveness of our services. GoToCertify holds the information necessary to fulfill callers’ requests, opening a ticket in the system, and going through processes regarding the ticket until the procedure is completed. The information provided through the ticketing system is reviewed and, if applicable, deleted on an annual basis.
4.5 Persons Who Contact Our Network through the Website
If you use our website to connect with our network of partners and trainers, we collect only the information you provide us with, such as your name, phone number, email address, and residence. Your composed message is also collected to prevent, detect, and respond to any form of fraud or abuse that could damage our network.
4.6 Job Applicants
When you apply for a job at GoToCertify, we ask for your personal information, contact details, email address, and résumé. Your résumé may contain other data that are considered personal information, such as your education certifications, professional trainings, and previous work experiences.
All the information you provide during your job application is only used to process your application or, if necessary, to fulfill legal and regulatory requirements. We use your contact details to provide you with information related to the processing of your job application. In addition, we use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfill our stated purposes and do not retain any information for longer than necessary. We do not share any of the information you provide with any third parties. The information you provide, be it in digital or physical format, will be handled securely.
4.7 Screening and monitoring of International Economic Sanctions
We use ComplyCheck to screen and monitor new and existing users, including organizations, against International Economic Sanctions where GoToCertify has a presence or operates, including the UN, Canadian Economic Sanctions, US, EU, and Malaysia, as well as sanctions from countries where accreditation authorities are based. Information such as the name, year of birth and country, are necessary to screen and monitor against sanctions lists.
Upon giving your consent to the processing of the abovementioned data when creating your GoToCertify account, the service will automatically screen and monitor your information against sanctions lists. To know your Data Subject Rights and learn how ComplyCheck processes your information, please refer to ComplyCheck’s Privacy Notice - ComplyCheck.
5 Our Service Providers
5.1 Amazon Web Services
To provide our services and publish our website, we use the cloud computing platform of Amazon Web Services (AWS). We do not grant any permission to AWS to share any personal information that we collect from our website’s account holders.
5.2 Emailing
Microsoft 365 (Outlook) is another service we use for email exchanging and cloud data backup. We use Microsoft 365 because it complies with several information security requirements, including, but not limited to, ISO/IEC 27001, ISO/IEC 27701, and the EU-GDPR. Microsoft 365 offers encryption of data at rest that includes files stored in cloud service and encryption of data in transit that includes exchanged email messages or conversations that are taking place in a meeting.
Microsoft 365 uses several technologies and strong encryption protocols that include Internet Protocol Security (IPSec), Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Advanced Encryption Standard (AES). We do not guarantee encryption to the recipients of our emails. Therefore, ensuring encryption in your end is your sole responsibility.
We also monitor any emails sent to us for viruses or malicious software, including file attachments. Please note that you are responsible for ensuring that any email you send to us is legally compliant.
We use third parties, such as Amazon SES and Microsoft Outlook, to deliver emails to our network. For more information on how data is handled by them, please read Amazon’s privacy notice and Microsoft’s privacy statement.
5.3 Payments on the GoToCertify website
Payments made from the GoToCertify website are processed by a third-party service called Stripe. The information provided during the payment process is not stored in the GoToCertify system, but it is only passed on to Stripe for the sole purpose of completing the payment process initiated by the user. To find out how Stripe processes and uses your data, please read their privacy policy.
Our website also supports PayPal payment services. To find out how Paypal processes and uses your data, please read their privacy policy.
5.4 Social Media
We use third-party providers, such as LinkedIn, Facebook, Instagram, YouTube, SlideShare, and others to manage our social media interactions.
Social media interaction is maintained via social media accounts listed above. All providers have their own privacy policies and statements that outline the way they collect, process, and store data. To read their policies and statements, please make sure to visit their websites.
If you send us a private or direct message via social media, the message will be stored at LinkedIn and Slideshare as per their privacy policy, Facebook and Instagram as per their data policy. Google LLC and its affiliates offer different services, including YouTube, for which they have their own privacy policy.
The subscribers of GoToCertify on LinkedIn will not be shared with another network by GoToCertify, unless requested or asked by them. We do not send any marketing emails to our network subscribers without prior consent. In addition, we may publish a link for subscription to our news and newsletters.
6 Cookies and Similar Technologies
When you visit our website, you should be aware that we use third-party services like Google Analytics to collect standard internet log information and details of visitor behavior patterns. This is done with the aim of collecting information with regard to the number of visitors on our website. The processing of this information does not provide any kind of identification of the visitors.
In addition, we use Content Delivery Network to identify the geolocation of our website visitors. The only case when GoToCertify collects personally identifiable information through the website is when a visitor voluntarily creates a user account. We provide full transparency and clear explanation on how we use the information collected in these cases.
You can read more about how we use cookies on in our Cookie Policy.
7 Certification Exam
When entering an online exam, candidates are required to show their governmental or non-governmental ID to the invigilator, who will compare the document with candidate’s face through the live video feed. If the candidate’s camera feed is not clear enough to invigilator, candidates will be required to upload a picture of the ID card in the application. To do so, they need to have a JPEG/PNG or PDF image of the ID ready before entering the online session.
IMPORTANT NOTE: The uploaded document will not be saved and will be erased automatically once the exam is finished.
Along with the ID document, candidates are required to add information on an emergency contact, relationship with the emergency contact, their telephone number, and indicate if their native speaker of the exam language.
Candidates taking a paper-based exam are required to fill out the Candidate Identification Sheet (CISH) before starting the exam. In the CISH, they are required to provide their full name, email address, and additional exam session details, such as exam title, date, and location. The sole purpose of collecting this information is for GoToCertify to identify candidates.
By taking a GoToCertify exam, GoToCertify will use your full name and email address to enroll you in the system of processing exams. In addition, we might also use your full name, and email address to enroll you in the completed training course event, in case the step was not already completed by the GoToCertify Partner.
GoToCertify training courses are offered via GoToCertify-authorized partners. After completing the training course, candidates can take the certification exam on a paper-based exam or through the GoToCertify online examination platform. The date of announcing the exam results depends on various factors, and after the exam results are announced, the training course organizer (GoToCertify partner) and the training course trainer(s) (GoToCertify-certified trainer(s)) will be able to see the exam results in order to fulfill administrative tasks (e.g., complete candidates list, schedule exam retakes). This applies to all training course participants who, after completing the training course, make their first attempt on a paper-based exam, take a retake paper-based exam, take a first attempt exam online, or take a retake exam online.
This applies to all training course formats offered by GoToCertify through its authorized partners. The results are shared with the partners and trainers through their partner account and certified trainer account(s).
If, due to a disability, a candidate needs special accommodation during the exam, they are required to fill out the Candidates with Disabilities Form and provide GoToCertify with documented information before the request is reviewed for approval. Information concerning the candidate’s medical condition is treated with strict confidentiality.
7.1 GoToCertify Exams
The application shares the examinee’s webcam feed and computer screen, not simultaneously, with the remote online exam Invigilator at all times during the candidate’s verification process, and online examination. The feed is stopped when the exam time span ends, and the Invigilator can no longer access the feed.
During the verification step and the online examination process, the application takes automatic screenshots every 20 minutes from the feed selected by the Invigilator.
The remote invigilator compares the candidate’s face from live camera feed with their governmental or non-governmental document showing during the verification process, and when/if suspicious activity/behavior that goes against our examination policy is noticed during the examination process.
Data coming from the exam application is stored on Amazon S3 Simple Storage Service and the buckets are by default encrypted with an AES-256-bit encryption key.
The data can be accessed only when/if access is requested by authorized personnel at GoToCertify and/or IAS, and is not shared with any other parties.
The retention period of screenshots is 3 years.
8 Certification Application
As a certification body, GoToCertify is responsible for developing and maintaining valid and up-to-date certifications, setting the standards to certify individuals and organizations, and issuing certificates.
We collect users’ personal information provided to us from their GoToCertify account. In addition, applying for a GoToCertify certification requires submitting information, such as the résumé, work experience, education, and training certifications.
Depending on the certification scheme, you will also be required to provide the contact information of two references who can validate your professional experience. We will contact your referrals via email or phone and they will be asked to fill out an online form to confirm your experience.
9 Trainer Certifications
Candidates interested in applying for the GoToCertify trainer certification process are required to first submit the GoToCertify Trainer Eligibility form using their GoToCertify account. In addition, they are required to also provide us with a résumé, organization name, and address. After GoToCertify approves the candidate’s eligibility to become a GoToCertify Trainer, the Trainer Certification Application form will become available in the candidate’s GoToCertify account.
During the certification process, candidates are required to electronically send a video of themselves simulating a presentation of a GoToCertify training course session. This recording session is done on GoToCertify’s website using the GoToCertify recording tool. The recorded session will be reviewed during the trainer’s evaluation process.
Upon completing the trainer application process, the information and data of the candidates whose application is rejected are stored for one year and permanently deleted afterward. However, for candidates who become GoToCertify-certified trainers, all the information and data submitted during the application will be stored by GoToCertify. If the trainer status is Freelancer or Open with authorization, the information will be made public in the Trainers’ tab on the GoToCertify website. The data will not be shared with third parties, unless required by law.
The profiles of the GoToCertify-approved trainers are also visible to the GoToCertify Distributor accounts.
10 Invigilator Application
Candidates interested in applying to become GoToCertify invigilators are required to complete their registration by filling out the application form with personal details which include the full name, national identification document, email address, phone number, country, region, and zip code.
The personal data are used for invigilating purposes only, and are only available to the Partner who assigned the person as an Invigilator.
11 Children
This privacy statement is not intended for children. We understand the importance of protecting children’s information, especially in an online environment, and we do not knowingly collect or maintain information about children.
12 Search Engines
GoToCertify reserves the right to build a search engine within the website to help its visitors find information easily. The search engine serves as a means of searching publicly available information on our website, not personally identifiable information of users.
13 Security and Performance
We take precautions to protect your information and privacy. When you submit information via the form(s) available on our website, your information is protected both online and offline. Only employees who need the information to perform a specific task (for example, customer service managers, certification managers, and examiners) are granted access to personally identifiable information. The computers and servers in which we store personally identifiable information are kept in a secure environment with strictly controlled access.
We use a third-party service to help maintain the security and performance of our website. Considering the data exchanged via internet is not 100% secure, we cannot guarantee that the information you send will not be lost, used unlawfully, or modified in a fraudulent manner. We bear no liability for the use of information by you or any third party.
13.1 Retention of Data
We keep personal data only as long as necessary and only for the reasons set forth in this policy, or until we receive your request to have your personal data erased. Please note that we may retain your data for longer periods, as necessary to comply with our legal obligations.
13.2 Data Protection Policy
GoToCertify has established a Data Protection Policy that ensures its employees, clients, partners, and stakeholders that their data is protected and handled accordingly with absolute caution and confidentiality.
14 Complaints
GoToCertify strives to meet the highest standards of data protection when collecting and using personal information. For this reason, we take any complaint seriously. We encourage our website users, visitors, and any interested party to bring to our attention any observation or opinion that they believe can lead to an unfair, misleading, or inappropriate collection and usage of information.
This privacy statement is meant to be brief and clear. It does not provide exhaustive details of all the aspects of GoToCertify’s collection and usage of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a complaint about the way we have processed your personal information, you can do so by following the steps described in our Complaint and Appeal Policy.
15 Subject Access Rights under the EU GDPR
If you are part of the European Union (EU) or the European Economic Area (EEA), or are accessing the site from these territories, you have the following rights under the GDPR:
Right to access your personal data;
Right to correct any inaccurate personal data;
Right to erase your personal data;
Right to object the processing of your personal data;
To exercise your rights under the GDPR, you can send a request to our data protection officer at This email address is being protected from spambots. You need JavaScript enabled to view it. for access to personal data. We will always verify the identity of anyone making subject access request before handling over any information. Confirmation will be asked from the data subject using the email they used to create their GoToCertify account.
The first copy of your data will be provided free of charge. However, the data subject will be charged a fee of 30$ should they request other copies. We will aim to provide the relevant data within 14 days.
15.1 Requests for Erasure
When you submit a request for the erasure of your data, we will anonymize all the personal information in a manner that ensures no identification of the data subject. The anonymized data is only used by GoToCertify for analytic purposes, such as the number of participants in a training course event or the number of certified individuals for a certain period of time.
Please keep in mind that we do not erase all of your information because of legal obligations such as financial transactions and accreditation requirements. If you are GoToCertify certified, hold any of the credentials we offer, and request the erasure of your information, a digital copy of the certificate(s) and the financial invoice(s) will be stored and encrypted with limited access.
15.2 Unsubscribe from Marketing Emails
If you decide to unsubscribe from receiving marketing emails, your email address will be removed from the mailing list until next time you decide to update your subscription preferences voluntarily.
Upon unsubscribing, if you still decide to maintain a GoToCertify account, you will still receive emails from the GoToCertify system related to your account setting, training, examination, and certification purposes.
To unsubscribe from marketing emails of the GoToCertify, click the “unsubscribe” link placed at the footer in the marketing emails you receive, or contact This email address is being protected from spambots. You need JavaScript enabled to view it. to update your subscription preferences.
16 Disclosure of Personal Information
In general and under all circumstances, we will not disclose personal data without consent. However, if requested by the regulatory body, supervisory authority, or other legal authorities, we may disclose your information.
17 Changes to This Privacy Statement
We regularly review this privacy statement. You will not be notified for changes in this privacy statement. You are required to visit this statement on our website.
17.1 How to Contact Us?
If you want to request information about our privacy statement, you can email us at This email address is being protected from spambots. You need JavaScript enabled to view it.