Privacy Policy

Privacy policy

Version v1.0 Effective date 2026-02-20

This policy describes how the International Accreditation Center, Inc. ("IAC", "we", "our") collects, uses, stores, and protects personal information submitted through this website and related services.

1. Data Controller

International Accreditation Center, Inc.
1200 G Street NW, Suite 800, Washington, DC 20005, United States
Data Protection Contact: privacy@accreditationcenter.org

2. Information We Collect

We collect personal information that you voluntarily provide when using our services:

  • Contact information: Name, email address, phone number, organizational affiliation.
  • Application data: Organization details, scope of accreditation, management system documentation, personnel qualifications, and supporting evidence submitted through accreditation applications.
  • Complaint and appeal submissions: Name, contact details, description of the complaint or appeal, supporting documentation.
  • Directory information: Accredited body details published in the Public Directory (organization name, accreditation status, scope, effective dates).
  • Technical data: IP address, browser type, access timestamps collected automatically through server logs.
  • Analytics data: Page views and interaction events collected through Google Analytics 4, only with your explicit consent.

3. Purpose of Processing

  • Process and evaluate accreditation applications.
  • Maintain the Public Directory of accredited bodies.
  • Respond to verification, governance, and general inquiries.
  • Process complaints and appeals.
  • Maintain audit trails for regulatory compliance and quality management.
  • Improve website functionality and user experience.
  • Comply with legal obligations.

4. Legal Basis for Processing

  • Contractual necessity: Processing application data to deliver accreditation services.
  • Legitimate interest: Maintaining the Public Directory, security logging, and website improvement.
  • Consent: Analytics cookies and optional communications.
  • Legal obligation: Audit trail retention and regulatory compliance.

5. Data Retention

  • Application data: Retained for the duration of the accreditation relationship plus 5 years.
  • Directory data: Retained indefinitely as a public record of accreditation status.
  • Contact form submissions: Retained for 2 years.
  • Complaints and appeals: Retained for 7 years from resolution.
  • Server access logs: Retained for 90 days.
  • Analytics data: Retained per Google Analytics default retention (14 months).

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Restriction: Request limitation of processing in certain circumstances.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact privacy@accreditationcenter.org. We will respond within 30 days.

7. Cookies & Analytics

This website uses:

  • Essential cookies: Consent preference storage. Always active. No opt-out required.
  • Analytics cookies: Google Analytics 4 with IP anonymization. Only activated with your explicit consent via the cookie banner.

You can change your cookie preference at any time by clearing your browser cookies and revisiting the site.

8. Third-Party Disclosure

We do not sell, trade, or rent personal data. Data may be shared with:

  • Assessment team members (bound by confidentiality agreements).
  • Accreditation Committee members (for decision purposes only).
  • Legal authorities when required by law.
  • Google Analytics (anonymized, with consent only).

9. Security Measures

IAC implements appropriate technical and organizational security measures including:

  • HTTPS/TLS encryption for all data in transit.
  • Content Security Policy (CSP) and security headers via Helmet.
  • Rate limiting on API endpoints.
  • Access logging and audit trails.
  • File type validation for uploads (PDF only, 20MB limit).
  • Input sanitization to prevent injection attacks.

10. International Transfers

IAC is based in the United States. If you are accessing this website from outside the US, your data may be transferred to and processed in the US. By submitting data through this website, you consent to this transfer.

11. Changes to This Policy

IAC may update this privacy policy to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated version number and effective date. Material changes will be announced on the website.

12. Contact

For questions, concerns, or to exercise your data rights:
Email: privacy@accreditationcenter.org
Mail: Privacy Officer, IAC, 1200 G Street NW, Suite 800, Washington, DC 20005