Privacy Policy

Privacy and Cookie Policy

Last updated: January 2026

1. Who we are

The e-Assessment Association Ltd (“eAA”, “we”, “us” or “our”) is a not-for-profit organisation and a company limited by guarantee, registered in England and Wales.

Registered address:

e-Assessment Association Ltd
c/o AlphaPlus, c/o AQA Education Ltd,
Devas Street, Manchester, M15 6EX

eAA operates alongside its wholly owned subsidiary:

  • EASSESSMENT SERVICES LTD (EASL) – the for-profit trading arm of the e-Assessment Association Ltd.

For the purposes of data protection law, e-Assessment Association Ltd is the data controller for this website and most associated activities. In certain limited circumstances, EASSESSMENT SERVICES LTD may act as a separate or joint data controller where services are provided directly by EASL. Where this applies, it will be made clear.

2. How to contact us

If you have any questions about this Privacy Policy or how we use your personal data, please contact us:

Email: [email protected]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

3. What personal data we collect

We may collect and process personal data depending on how you interact with us, including:

Information you provide directly

  • Name, job title, organisation
  • Email address, telephone number
  • Membership details and account information
  • Event registrations and preferences
  • Award submissions or judging participation
  • Enquiries, survey responses, or feedback

Information collected automatically

  • IP address
  • Browser and device information
  • Pages visited and usage data
  • Cookies and similar technologies (see our Cookie Policy)

Information from third parties

  • Event management platforms (e.g. Cvent)
  • Customer relationship management systems (e.g. HubSpot)
  • Professional contacts where there is a lawful basis to do so

We do not intentionally collect special category data (such as health or biometric data) unless it is strictly necessary, lawful, and appropriate safeguards are in place.

4. How we use your personal data

We use personal data only where permitted by law, including to:

  • Manage membership, accounts, and enquiries
    Administer events, conferences, webinars, and awards
  • Communicate with members, delegates, judges, partners, and sponsors
  • Deliver services and fulfil contractual obligations
    Send organisational updates and relevant communications
  • Improve our website, services, and communications
  • Meet legal, regulatory, governance, and reporting requirements

5. Lawful bases for processing

Under UK GDPR, we rely on one or more of the following lawful bases:

  • Contract – where processing is necessary to deliver membership, events, or services
  • Legal obligation – where required by law or regulation
  • Legitimate interests – where processing is necessary for our organisational purposes and does not override your rights
  • Consent – where you have explicitly agreed, particularly for marketing communications and cookies

You may withdraw your consent at any time where consent is the lawful basis.

6. Marketing and communications preferences

When you register as a member, sign up for events, or interact with us, you may be asked to provide preferences regarding communications.

Essential communications relating to membership administration, governance, or events you have registered for will be sent as necessary.
Marketing and promotional communications (such as newsletters, research updates, or event promotions) will only be sent where you have given your consent.
 

You can manage or withdraw your preferences at any time using the unsubscribe link in our emails or by contacting us directly.

7. Use of third-party platforms

HubSpot (CRM)

We use HubSpot as our customer relationship management platform to manage contacts, communications, and preferences. This may include storing contact details, communication history, and consent records.

HubSpot acts as a data processor on our behalf and processes data in accordance with applicable data protection laws, with appropriate safeguards in place.

Cvent (Event management)

We use Cvent to manage event registrations, attendance, communications, and logistics.

When you register for an event, your data will be processed via Cvent solely for event administration and related communications. Cvent acts as a data processor and applies appropriate security and compliance measures.

8. Data sharing

We do not sell your personal data.

We may share personal data only where necessary and appropriate, including with:

  • Trusted service providers who support our operations (e.g. IT, CRM, event platforms)
  • Event partners or sponsors (only where clearly stated and where explicit consent is given by you)
  • Professional advisers (such as legal, financial, or audit advisers)
  • Regulators, authorities, or law enforcement where required by law

All third parties are required to handle personal data securely and lawfully.

9. International data transfers

Some of our service providers may process personal data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or equivalent protections in line with UK GDPR.

10. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, and governance requirements.

Retention periods are reviewed regularly, and data is securely deleted or anonymised when no longer required.

11. Cookies and similar technologies

Our website uses cookies and similar technologies to ensure functionality, improve performance, and understand how visitors use the site.

Details about the cookies we use, and how you can manage your preferences, are set out in our Cookie Policy.

12. Your rights

You have rights under UK data protection law, including the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent where applicable

Requests can be made by contacting us using the details above. We will respond within the timeframes required by law.

13. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, or disclosure.

Access to personal data is restricted to authorised individuals and systems, and our security practices are reviewed regularly.

14. Links to other websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our activities.

The most recent version will always be published on our website, with the updated date clearly shown.

Keep informed

Subscribe to our newsletter

This site uses cookies to monitor site performance and provide a mode responsive and personalised experience. You must agree to our use of certain cookies. For more information on how we use and manage cookies, please read our Privacy Policy.

Close Accept all & close

Login to your account

Sign-up

Free membership, sign-up today!

Step 1 of 2