Privacy Policy
Field | Details |
Policy Owner | Director of Academics, GPHCB |
Approved By | Director of Academics, GPHCB |
Effective Date | June 25, 2026 |
Review Cycle | Annual review or earlier where required by law, institutional policy, platform changes, or operational need |
Applies To | Learners, applicants, alumni, instructors, staff, partners, website visitors, credential holders, verification requestors, and organizational clients |
Policy Status | Approved |
Policy Statement
Global Public Health Credentialing Board Inc. (GPHCB) is committed to protecting personal information, learner records, credential data, and organizational information entrusted to it through its website, learning platforms, programs, partnerships, credentialing activities, forms, communications, and related services. GPHCB recognizes privacy as a core element of trust, ethical public health education, responsible digital learning, institutional accountability, and learner protection.
This Privacy Policy explains the categories of information GPHCB may collect, the purposes for which information is used, how information may be shared, how learner and credential records are protected, and the rights and choices available to individuals whose information is processed by GPHCB.
1. Purpose
The purpose of this Privacy Policy is to establish a clear, professional, and accountable framework for the collection, use, disclosure, retention, safeguarding, and disposal of personal information handled by GPHCB. The policy is designed to support lawful, fair, transparent, secure, and purpose-limited data practices across GPHCB operations.
· inform applicants, learners, partners, credential holders, and website visitors about GPHCB privacy practices;
· protect learner records, admissions information, assessment records, credential records, and verification data;
· support ethical and secure use of digital platforms, learning management systems, payment systems, and communication tools;
· ensure that privacy practices align with GPHCB governance, public health ethics, academic standards, and digital credentialing responsibilities;
· define how limited credential information may be used for verification while protecting private learner information.
2. Scope
This policy applies to all personal information and organizational information collected or processed by GPHCB in connection with:
· website visits, forms, newsletter subscriptions, inquiries, and contact submissions;
· applications, admissions, enrollment, course registration, scholarship requests, and learner onboarding;
· online learning, assessments, portfolios, capstone projects, attendance, progress tracking, and completion records;
· certificate, diploma, digital badge, credential ID, transcript, and verification activities;
· payments, invoices, refunds, withdrawals, sponsorships, and group enrollments;
· academic support, complaints, appeals, academic integrity investigations, and learner services;
· partner, employer, institutional, instructor, vendor, and organizational relationships;
· communications through email, online platforms, forms, video conferencing, and related digital tools.
3. Key Definitions
Term | Meaning |
Personal Information | Any information that identifies, relates to, describes, or could reasonably be linked to an identifiable person. |
Learner Record | Information relating to a learner’s application, enrollment, course participation, assessment, progress, completion, credential, complaint, appeal, or academic standing. |
Credential Data | Information used to issue, manage, verify, reissue, suspend, or revoke a GPHCB certificate, diploma, digital badge, credential ID, or related record. |
Processing | Any action performed on information, including collection, storage, use, disclosure, transfer, analysis, correction, retention, or deletion. |
Third-Party Service Provider | An external platform, vendor, partner, processor, or system used to support GPHCB operations, such as LMS, payment, email, analytics, form, storage, or credential platforms. |
Verification Requestor | An employer, institution, partner, public member, or other person seeking to verify the authenticity or status of a GPHCB credential. |
4. Information GPHCB May Collect
GPHCB collects only information that is reasonably necessary for educational, credentialing, administrative, operational, legal, quality assurance, communication, and service delivery purposes.
4.1 Applicant and Learner Information
· name, email address, phone number, country, city, mailing address, and contact preferences;
· application details, admission information, education history, professional background, CV or resume, and eligibility documentation;
· program selection, course registration, enrollment status, scholarship or sponsorship information;
· LMS account details, login identifiers, course access records, participation logs, assessment submissions, grades, feedback, portfolio materials, and completion records;
· academic integrity, complaints, appeals, refund, withdrawal, support, or accommodation-related information where applicable.
4.2 Credential and Verification Information
· credential ID, credential name, program area, issue date, completion status, credential status, and reissue or revocation records;
· limited public verification information, such as name, credential title, issue date, status, and awarding entity where appropriate;
· records of verification requests and responses, where necessary for audit and quality control.
4.3 Website, Device, and Technical Information
· IP address, browser type, device information, operating system, page visits, referral source, date/time of access, and site usage behavior;
· cookies, analytics identifiers, session information, security logs, and form submission metadata;
· information needed to prevent fraud, protect systems, troubleshoot technical issues, and improve website performance.
4.4 Payment and Transaction Information
· billing name, contact details, invoice information, transaction references, payment confirmation, refund status, and sponsorship or organizational billing records;
· GPHCB does not intentionally store full payment card numbers where payments are processed through secure third-party payment processors.
4.5 Partner, Instructor, and Organizational Information
· organization name, representative name, role/title, contact details, partnership interest, institutional profile, program proposal information, service requests, agreements, and communications;
· instructor, reviewer, advisor, consultant, or evaluator information, including CV, qualifications, expertise, appointment records, and conflict of interest disclosures where applicable.
5. How GPHCB Uses Information
GPHCB may use information for the following legitimate educational, operational, credentialing, contractual, compliance, and service purposes:
· responding to inquiries and providing information about programs, courses, credentials, partnerships, scholarships, or services;
· reviewing applications, confirming eligibility, managing admissions, and supporting enrollment;
· creating and managing learner accounts, LMS access, course participation, assessment processes, and learner support;
· evaluating coursework, portfolios, capstones, assignments, attendance, progress, and completion requirements;
· issuing, managing, verifying, correcting, reissuing, suspending, or revoking credentials where required by policy;
· processing fees, invoices, refunds, withdrawals, sponsorships, and payment-related communications;
· investigating academic integrity concerns, complaints, appeals, misconduct, credential fraud, or policy violations;
· maintaining academic, administrative, credential, financial, quality assurance, and audit records;
· improving website performance, learner experience, program quality, communication, and institutional effectiveness;
· complying with applicable law, contractual obligations, partner institution requirements, tax, accounting, audit, security, or dispute resolution needs.
6. Legal and Ethical Basis for Processing
Depending on the context, GPHCB may process information on one or more of the following bases: learner consent; performance of a contract or enrollment relationship; legitimate educational or organizational interest; compliance with legal, financial, quality assurance, or institutional obligations; protection of rights, safety, systems, or credential integrity; and the administration of public-facing credential verification processes. Where consent is used, individuals may withdraw consent where withdrawal is legally and operationally available, although withdrawal may affect access to certain services.
7. Cookies and Website Analytics
GPHCB may use cookies, analytics tools, embedded content, security tools, and similar technologies to operate the website, remember preferences, analyze traffic, protect systems, improve services, and support communication. Users may adjust browser settings to limit or block cookies, although some website functions may not work properly without them.
Where third-party analytics or embedded services are used, those services may collect technical information in accordance with their own privacy practices. GPHCB will make reasonable efforts to select service providers that support appropriate privacy and security standards.
8. Learning Management Systems and Third-Party Platforms
GPHCB may use third-party platforms to support learning delivery, registration, credentialing, payments, video meetings, email communications, file storage, forms, analytics, customer support, and verification activities. Examples may include learning management systems, payment processors, email tools, digital badge platforms, cloud storage systems, form tools, and website plugins.
Third-party providers may process information on behalf of GPHCB or under their own terms depending on the service. GPHCB expects such providers to maintain reasonable administrative, technical, and organizational safeguards. Individuals should review the privacy terms of third-party platforms when using those services.
9. Sharing and Disclosure of Information
GPHCB does not sell personal information. GPHCB may share information only where reasonably necessary, appropriate, authorized, or required for educational, operational, credentialing, legal, partnership, or service purposes.
Context | Purpose of Disclosure |
Partner Institutions | Admissions review, academic delivery, award confirmation, quality assurance, assessment, graduation, credential issuance, or institutional reporting where programs are partner-awarded or jointly supported. |
Learning Platforms and Service Providers | LMS access, payment processing, website hosting, email communication, analytics, credential issuance, form management, storage, support, and technical operations. |
Employers, Institutions, or Verification Requestors | Limited credential verification information where a credential holder has presented a GPHCB credential or where verification is requested through an approved process. |
Instructors, Reviewers, Advisors, or Academic Personnel | Course delivery, assessment, learner support, academic review, capstone supervision, complaints, appeals, or academic integrity processes. |
Legal, Regulatory, Audit, or Safety Authorities | Compliance with legal obligations, investigations, disputes, fraud prevention, audit needs, or protection of rights and safety. |
Organizational Clients or Sponsors | Enrollment, participation, completion, billing, scholarship, or workforce development reporting as authorized by the learner, sponsor agreement, or applicable policy. |
10. Credential Verification and Public Disclosure
GPHCB may operate a credential verification process to help learners, employers, institutions, partners, and the public confirm the authenticity and status of GPHCB-issued or GPHCB-supported credentials. Credential verification is designed to protect learners, prevent credential fraud, strengthen employer confidence, and preserve the integrity of GPHCB certificates, diplomas, digital badges, and related records.
The public verification record may display limited information such as:
· credential holder name;
· credential ID;
· credential title;
· program area;
· issue date;
· credential status, such as Valid, Pending Review, Expired, Revoked, Reissued, or Not Found;
· awarding or issuing entity where appropriate.
GPHCB will not publicly display private learner records, grades, assessment submissions, payment information, contact information, complaints, appeals, disciplinary records, or academic integrity investigation details as part of routine credential verification.
11. Learner Records and Academic Confidentiality
Learner records are treated as confidential educational records. Access to learner records is limited to authorized personnel, instructors, reviewers, service providers, partners, or institutions with a legitimate educational, administrative, contractual, quality assurance, credentialing, or compliance need. GPHCB will take reasonable steps to protect learner records from unauthorized access, disclosure, alteration, or destruction.
Where a program is delivered in collaboration with a partner institution or awarding body, learner records may be shared with that partner institution as required for admissions, assessment, progression, quality assurance, graduation, transcript, credential issuance, or regulatory requirements.
12. Data Security
GPHCB uses reasonable administrative, technical, and organizational safeguards to protect information against unauthorized access, loss, misuse, alteration, disclosure, or destruction. Safeguards may include access controls, password-protected systems, limited user permissions, secure platforms, staff awareness, recordkeeping procedures, secure storage, and review of service providers.
No digital platform or transmission method is completely secure. GPHCB cannot guarantee absolute security, but it will make reasonable efforts to protect information and respond appropriately to suspected security incidents.
13. Data Retention
GPHCB retains information only for as long as reasonably necessary to fulfill the purposes described in this policy, including academic administration, credential verification, legal compliance, accounting, dispute resolution, audit, quality assurance, and institutional recordkeeping.
Record Type | Typical Retention Approach |
General website inquiries | Retained for a reasonable administrative period unless needed for ongoing communication or service records. |
Applicant and enrollment records | Retained as necessary for admissions, learner support, institutional reporting, audit, and compliance. |
Assessment and course completion records | Retained as necessary to support academic decisions, progression, credential issuance, appeals, and quality assurance. |
Credential and verification records | Retained for a longer period or indefinitely where necessary to verify issued credentials and prevent fraud. |
Payment and financial records | Retained in accordance with accounting, tax, audit, refund, and legal requirements. |
Complaints, appeals, and integrity records | Retained as necessary for due process, institutional memory, risk management, and policy compliance. |
14. International Users and Cross-Border Processing
GPHCB serves learners, partners, and organizations across jurisdictions. Personal information may be processed, stored, or accessed in countries other than the country where an individual resides, depending on the location of service providers, learning platforms, cloud systems, partners, or administrative personnel. GPHCB will take reasonable steps to ensure that cross-border processing is handled responsibly and with appropriate safeguards where required.
15. Individual Rights and Choices
Subject to applicable law, institutional requirements, operational limitations, and credentialing obligations, individuals may request to:
· access certain personal information held by GPHCB;
· correct inaccurate or incomplete personal information;
· update contact details or communication preferences;
· request deletion of information where retention is no longer required;
· ask questions about how information is used, shared, or retained;
· object to or restrict certain processing where applicable;
· withdraw consent where consent is the basis for processing and withdrawal is permitted.
Some records cannot be deleted or fully removed where they are required for credential verification, academic recordkeeping, fraud prevention, legal compliance, financial records, dispute resolution, partner institution requirements, or institutional audit purposes.
16. Communications and Marketing
GPHCB may use contact information to send program updates, enrollment information, learner communications, policy notices, event announcements, credential reminders, partnership information, and relevant organizational updates. Individuals may opt out of non-essential promotional communications where an unsubscribe option or request process is provided. GPHCB may still send essential administrative, academic, payment, policy, security, or credential-related communications.
17. Children and Minors
GPHCB programs and services are generally intended for adult learners, professionals, scholars, organizations, and postsecondary or workforce development audiences. GPHCB does not knowingly collect personal information from children without appropriate authorization. If GPHCB becomes aware that information from a child has been collected without appropriate consent or lawful basis, it will take reasonable steps to review and address the matter.
18. Artificial Intelligence, Automation, and Data Use
GPHCB may use digital tools, analytics, automation, or AI-supported systems to improve administrative efficiency, learner support, website performance, program development, communications, quality assurance, and operational planning. GPHCB will not intentionally use such tools to make high-stakes academic or credentialing decisions without appropriate human review, unless clearly disclosed and governed by applicable policy.
Learner submissions, personal information, and confidential institutional data should not be entered into external AI tools by staff, instructors, or learners unless permitted by policy, platform terms, data protection expectations, and course-specific instructions.
19. Data Breach and Incident Response
If GPHCB becomes aware of a suspected or confirmed privacy or security incident involving personal information, it will take reasonable steps to assess the incident, contain risk, investigate the cause, preserve evidence, notify relevant internal stakeholders, and determine whether affected individuals, partners, service providers, or authorities should be notified in accordance with applicable obligations and operational circumstances.
20. Responsibilities
Role | Privacy Responsibility |
GPHCB Leadership | Approves policy direction, supports privacy governance, and ensures privacy is treated as an institutional responsibility. |
Director of Academics | Oversees privacy expectations relating to learner records, academic processes, credential records, and policy alignment. |
Program and Administrative Staff | Collect, use, store, and share information only for authorized purposes and in accordance with this policy. |
Instructors and Reviewers | Protect learner submissions, grades, feedback, assessment records, and academic information. |
Technology and Platform Administrators | Support secure access, appropriate user permissions, system monitoring, backups, and platform-related safeguards. |
Learners and Users | Provide accurate information, protect account credentials, use platforms responsibly, and promptly report suspected privacy or security concerns. |
21. Policy Updates
GPHCB may update this Privacy Policy from time to time to reflect changes in programs, platforms, legal requirements, partner arrangements, operational practices, or institutional governance. Updated versions may be posted on the GPHCB website with a revised effective date. Continued use of GPHCB services after publication of an updated policy may indicate acceptance of the revised policy where permitted by law.
22. Contact for Privacy Questions
Questions, requests, or concerns about this Privacy Policy or GPHCB privacy practices may be submitted through the official GPHCB contact page or by contacting GPHCB through the privacy or administrative contact channel published on the website.
23. Summary
GPHCB respects the privacy of learners, applicants, credential holders, partners, and website visitors. We collect and use personal information only for legitimate educational, credentialing, administrative, operational, communication, payment, verification, and service purposes. We protect learner records, limit access to authorized personnel and platforms, and publicly display only limited credential verification information when required to confirm the authenticity of a GPHCB credential. We do not sell personal information. Private learner records, grades, payment information, complaints, appeals, and academic integrity records are not displayed publicly through credential verification.