Data Privacy Framework (DPF) Program Notice

Personal Information Processed

BrainCert functions as both a data controller and processor. As a controller, we gather personal information as outlined in our Privacy Policy, including names, company details, contact information, and BrainCert account details. As a processor, we manage personal information according to our customers’ specifications, who are responsible for notifying the data subjects.

Purpose of Processing

As a data controller, BrainCert utilizes personal information consistent with the purposes detailed in our Privacy Policy. As a processor, we adhere strictly to customer directives, processing data solely for delivering services including technical support, billing, and training, as stipulated in our service agreements.

Onward Transfers and Disclosure

BrainCert partners with third-party service providers for functionalities such as customer support and data management, as outlined in our Privacy Policy. These third parties may process personal information under our strict contractual terms that uphold our DPF obligations. We hold accountability unless we demonstrate non-responsibility for any damage arising from their actions.

Choice

At BrainCert, we provide individuals with the opportunity to choose how their personal information is used. Users may opt out of having their personal information:

• Disclosed to third parties, unless these parties are acting as agents performing tasks on BrainCert’s behalf and under BrainCert’s instructions.
• Used for purposes that are materially different from those for which the information was originally collected or subsequently authorized by the user.

For sensitive personal information, BrainCert obtains affirmative express consent (opt-in) from individuals before such data is disclosed to a third party or used for purposes other than those for which it was originally collected. This includes information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual.

Access

BrainCert acknowledges the right of individuals to access their personal information. We provide users with reasonable access to the personal data we hold about them and offer the opportunity to correct, amend, or delete information where it is inaccurate or has been processed in violation of the DPF Principles. Access may be limited or denied if providing such access would be unreasonably burdensome or expensive in the specific circumstances, or as permitted by the DPF Principles.

If personal data is held by BrainCert as a processor for a third party, requests for access, correction, or deletion should be directed to the entity (our customer) that controls the data. BrainCert will assist in forwarding these requests to the customer as needed.

Recourse and Enforcement

BrainCert is dedicated to addressing complaints about personal data handling under the DPF through JAMS, a U.S.-based alternative dispute resolution provider. If issues are not resolved satisfactorily by BrainCert, affected individuals can seek resolution through JAMS DPF Dispute Resolution without cost. Binding arbitration is available under specific conditions as described in Annex I of the DPF Principles.

Regulatory Oversight

BrainCert is under the investigatory and enforcement jurisdiction of the U.S. Federal Trade Commission (FTC), ensuring compliance with the DPF.

Updating This Notice

BrainCert may periodically update this DPF Notice to reflect changes in our practices or the underlying DPF Principles. Significant changes will be communicated via email or through a prominent notice on our services before they become effective.

Contact Information

For any inquiries related to this notice or our privacy practices, please contact us at: