Contact Us

Privacy Policy

PRIVACY POLICY

PECS Data Services Limited
Last Updated: February 2026

BACKGROUND

PECS Data Services Limited understands that your privacy is important to
you and that you care about how your personal data is used. We respect
and value the privacy of everyone who
visits https://www.pecsdata.com (“our Site”) and will only collect and use
personal data in ways described here, consistent with our obligations and
your rights under UK law.

Please read this Privacy Policy carefully. Your acceptance of our Privacy
Policy is deemed to occur upon your first use of our Site. If you do not
accept this Privacy Policy, you must stop using our Site immediately.

1. DEFINITIONS AND INTERPRETATION

In this Policy, the following terms shall have the following meanings:
“Account” – an account required to access certain areas of our Site
“Cookie” – a small text file placed on your device by our Site
“Data Controller” – PECS Data Services Limited
“DPO” – our Data Protection Officer
“Personal Data” – data relating to an identifiable person (UK GDPR definition)
“UK GDPR” – UK General Data Protection Regulation
“We/Us/Our” – PECS Data Services Limited, company number 06620961, Lifford Hall, Lifford Lane, Kings Norton, Birmingham B30 3JN

2. INFORMATION ABOUT US

  • Company: PECS Data Services Limited
  • Company Number: 06620961
  • Registered Address: Lifford Hall, Lifford Lane, Kings Norton, Birmingham B30 3JN
  • VAT Number: 937 9856 52
  • Data Protection Officer: dpo@pecsdata.co.uk
  • General Contact: info@pecsdata.co.uk | +44 (0)121 526 6039

3. SCOPE OF THIS POLICY

This Privacy Policy applies only to your use of our Site. Our Site may
contain links to other websites. We have no control over how your data is
collected, stored, or used by other websites and advise you to check the
privacy policies of any such websites before providing data to them.

4. YOUR RIGHTS UNDER UK GDPR

4.1 You have the following rights:

  • The right to be informed about our collection and use of Personal Data
  • The right of access to Personal Data we hold about you
  • The right to rectification if data is inaccurate or incomplete
  • The right to erasure (“right to be forgotten”)
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights regarding automated decision-making and profiling

4.2 To exercise any of these rights, contact us using details in Section 20.

4.3 You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not complied with data protection law.

5. WHAT PERSONAL DATA DO WE COLLECT?

Depending on your use of our Site and services, we may collect:

Contact Information:

Name, business name, job title, email address, telephone number, postal
address

Professional Information:

Company/institution name, role/profession, industry sector

Account & Usage Data:

Account credentials, IP address, browser type and version, operating
system, pages visited, time spent, referring URLs

Service-Specific Data:

  • Examination scripts and candidate responses (marking services)
  • Scanned documents (scanning services)
  • Audio/video recordings (proctoring services – with explicit consent)
  • Assessment data (SmarterMarking & SmarterTesting platforms)

Financial Data:

Payment information (processed securely by third-party payment processors)

Biometric Data (Optional):

Facial recognition data for secure platform access (with explicit consent
only)

6. HOW DO WE USE YOUR PERSONAL DATA?

6.1 All Personal Data is processed and stored securely in accordance with
UK GDPR.

6.2 Legal Basis for Processing:

Purpose Legal Basis Retention Period
Providing contracted services Contract performance 7 years after contract ends
Marketing communications Consent Until withdrawn, max 2 years
Website analytics Legitimate interests 13 months
Examination processing Contract Per contract terms
AI marking services Contract + Legitimate interests Deletion after processing
Fraud prevention Legitimate interests 7 years
Legal compliance Legal obligation As required by law

6.3 Specific Uses:

  • Providing and managing your Account
  • Delivering our scanning, data capture, marking, and assessment services
  • Processing examination materials and candidate responses
  • Operating our SmarterMarking and SmarterTesting platforms
  • Customer support and responding to enquiries
  • Marketing communications (with consent)
  • Improving our services through analytics
  • Fraud prevention and network security

6.4 Marketing:

We will only send marketing communications with your explicit consent. You can unsubscribe at any time using links in emails or by contacting us.

7. AUTOMATED DECISION-MAKING AND AI SERVICES

7.1 AI-Powered Assessment (SmarterMarking):

When using our SmarterMarking platform, we employ artificial intelligence to assess written responses:

  • AI Providers: Azure OpenAI (GPT-4) and Google Gemini
  • Dual-Model Approach: Both AI systems independently assess responses; a consensus algorithm compares results
  • Processing Time: 2-10 seconds per assessment
  • Data Deletion: AI providers immediately delete all data after processing (contractual guarantee)
  • Human Oversight: All AI assessments are subject to human review and verification
  • Your Rights: You have the right to request human review of any AI generated assessment

7.2 No Training on Your Data:

We contractually prohibit AI providers from using your data to train their models.

7.3 Fairness and Bias:

We regularly test our AI systems for bias and fairness across demographic groups.

8. CHILDREN’S DATA

8.1 When processing examination scripts and assessments, we may handle Personal Data from individuals under 18 years old.
8.2 We process children’s data lawfully under contracts with educational institutions who have appropriate authority and parental consent.
8.3 We never market directly to children or knowingly collect data from children without institutional authorization.
8.4 Parents/guardians with questions about children’s data should contact the relevant educational institution first, then our DPO if needed.

9. DATA RETENTION

9.1 Retention Periods:

  • Client Contract Data: 7 years after contract termination (legal/tax requirement)
  • Marketing Data: 2 years from last interaction, or until consent withdrawn
  • Website Enquiries: 1 year (if no business relationship established)
  • Examination Scripts: Per contract terms with educational institution
  • AI Processing Data: Immediate deletion (no retention)
  • Employee Data: 6 years after employment ends
  • Financial Records: 7 years (legal requirement)
  • CCTV Footage: 30 days (unless required for investigation)

9.2 After retention periods expire, we securely delete or anonymize data.
9.3 We review data retention annually to ensure compliance.

10. HOW AND WHERE DO WE STORE YOUR DATA?

10.1 Primary Storage: United Kingdom (our secure Darlaston facility)
10.2 Cloud Backup: Microsoft Azure UK South (London) and UK West (Durham/Cardiff)

10.3 Security Measures:

  • Data stored in our secure facility (former bank vault)
  • AES-256 encryption at rest
  • TLS 1.3 encryption for data in transit
  • State-of-the-art firewalls and intrusion prevention systems
  • 24/7 CCTV monitoring
  • Multi-factor authentication
  • Regular penetration testing
  • ISO 27001:2013 certified
  • Cyber Essentials Plus certified

10.4 International Transfers:

We may use our sister company PECS (Mauritius) Limited for specific data
processing activities (data entry, helpdesk support). When transferring data
outside the UK:

  • We use Standard Contractual Clauses (SCCs) approved by the UK ICO
  • We ensure equivalent data protection standards
  • Transfers are limited to necessary processing only

AI processing may occur temporarily in UK/EU regions where our AI providers operate, with immediate deletion after processing.

11. DO WE SHARE YOUR DATA?

11.1 We do NOT sell your Personal Data to third parties.

11.2 Sharing with Processors:

We share data with the following trusted processors under strict data
processing agreements:

Cloud & Infrastructure:

  • Microsoft Azure (cloud hosting, AI services) – ISO 27001, SOC 2 certified
  • Google Cloud Platform (Gemini AI services) – ISO 27001, SOC 2 certified

Service Providers:

  • Payment processors (for transaction processing)
  • Email service providers (for communications)
  • Cookiebot (cookie consent management)

Group Companies:

  • PECS (Mauritius) Limited (data entry, helpdesk) – under Standard Contractual Clauses

11.3 Legal Requirements: We may disclose Personal Data if legally required (court orders, law enforcement, regulatory compliance).
11.4 Business Transfers: If our business is sold or merged, Personal Data may be transferred to the new owner. You will be notified and given options regarding your data.
11.5 Anonymized Data: We may share anonymized, aggregated statistics that cannot identify individuals.

12. DATA PROTECTION PRINCIPLES

We adhere to UK GDPR principles:

  • Lawfulness, Fairness, Transparency: We process data lawfully with clear communication
  • Purpose Limitation: We collect data for specified, explicit purposes only
  • Data Minimization: We collect only necessary data
  • Accuracy: We take reasonable steps to ensure data accuracy
  • Storage Limitation: We retain data only as long as necessary
  • Integrity and Confidentiality: We implement appropriate security measures
  • Accountability: We demonstrate compliance with these principles

13. DATA BREACH NOTIFICATION

13.1 We have procedures to detect, report, and investigate data breaches.

13.2 If a breach occurs that poses risk to your rights and freedoms:

  • We will notify you within 72 hours where feasible
  • We will inform the ICO as required by law
  • We will provide information about the breach and steps being taken

13.3 Our incident response includes containment, investigation, remediation, and prevention measures.

14. YOUR RIGHT TO CONTROL YOUR DATA

  • Marketing Opt-Out: Unsubscribe via email links or contact us directly
  • Account Deletion: Request via dpo@pecsdata.co.uk
  • Data Access Request: Request a copy of your data (free of charge) via dpo@pecsdata.co.uk
  • Rectification: Request corrections to inaccurate data
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restricted processing in certain circumstances
  • Portability: Request your data in machine-readable format

15. BIOMETRIC DATA AND VIDEO/AUDIO RECORDING

15.1 Facial Recognition (Optional):

  • Used only for secure platform authentication with explicit consent
  • Processed locally on your device
  • Immediately deleted after authentication
  • You can opt out and use password authentication instead

15.2 Video/Audio Proctoring:

  • Used for remote exam invigilation with explicit consent from institutions and candidates
  • Recordings retained per contract terms (typically 30-90 days)
  • Used solely for exam integrity purposes
  • Securely deleted after retention period
  • Access restricted to authorized personnel only

15.3 CCTV:

  • Our facilities use CCTV for security purposes
  • Footage retained 30 days
  • Signage clearly displayed
  • Access restricted to security personnel

16. COOKIES AND SIMILAR TECHNOLOGIES

16.1 What Are Cookies? Cookies are small text files stored on your device when you visit our Site.

16.2 Our Use of Cookies: We use Cookiebot to manage cookie consent in compliance with UK GDPR and PECR.

16.3 Cookie Categories:

  • Strictly Necessary: Essential for Site functionality (no consent required)
  • Performance: Analytics to improve our Site (consent required)
  • Functional: Remember your preferences (consent required)
  • Marketing: Track visits across websites for advertising (consent required)

16.4 Third-Party Cookies:

  • Google Analytics (performance)
  • YouTube (if embedded videos viewed)
  • Social media platforms (if you interact with embedded content)

16.5 Managing Cookies:

  • Use our cookie consent banner to manage preferences
  • Change browser settings to block/delete cookies
  • Visit www.aboutcookies.org for guidance

17. LEGITIMATE INTERESTS

When we process data based on legitimate interests, we have balanced our interests against your rights. Our legitimate interests include:

  • Improving and developing our services
  • Network and information security
  • Fraud prevention
  • Business-to-business marketing
  • Internal administration
  • Understanding how customers use our services
  • Research and analytics

You have the right to object to processing based on legitimate interests.

18. THIRD-PARTY WEBSITES

Our Site may contain links to third-party websites. We are not responsible
for their privacy practices. Please review their privacy policies before
providing Personal Data.

19. CHANGES TO THIS PRIVACY POLICY

19.1 We may update this Privacy Policy to reflect changes in law or our practices.

19.2 Changes will be posted on this page with an updated “Last Updated” date.

19.3 We recommend reviewing this policy periodically.

19.4 Continued use of our Site after changes constitutes acceptance of the
updated policy.

20. CONTACTING US

For any questions about this Privacy Policy or to exercise your rights:

Data Protection Officer:

Email: dpo@pecsdata.co.uk

General Enquiries:

Email: info@pecsdata.co.uk
Phone: +44 (0)121 526 6039
Post: PECS Data Services Limited, Lifford Hall, Lifford Lane, Kings Norton, Birmingham B30 3JN

Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Helpline: 0303 123 1113

© 2017 – 2026 PECS Data Services Limited. All rights reserved.

Facebook-f Twitter Linkedin Youtube
Cyber Essentials Plus, ISO 27001, ISO 9001

© 2017 – 2022 PECS Data Services Limited.