Privacy statement

IPMA is a worldwide company with offices, candidates, and members in different countries. In the Netherlands, IPMA-NL is active as an association. IPMA Certificering B.V. – hereafter IPMA – is a subsidiary company of IPMA-NL responsible for carrying out the IPMA exams within the Dutch language area and territory.

This Privacy Statement applies to all personal data that IPMA processes from her clients, candidates, trainers, and other interested parties. With personal data we mean information that can be traced back directly or indirectly to an individual, without the name of that individual having to be known. Think of a customer number, address, place of residence, e-mail address, telephone number, and financial data.


Responsible for the processing of personal data are:


IPMA Certificering BV
Lorentzlaan 3
3401 MX IJsselstein
Phone 088 – 3376330

Noordersingel 64B
3781 XK Voorthuizen
Phone 0342-416234

Goals and Foundations

IPMA processes personal data based on the following legal foundations:

  • Executing an agreement like delivering products, services, and customer service.
  • To comply with a statutory obligation. For instance the legal obligation to keep the financial administration for the duration of 7 years.
  • A legitimate interest, namely a commercial interest. Like offering services and products.
  • Permission to process the data. For example for sending our newsletters.

The goals of processing personal data are:

  • Allow you to create a candidate account
  • To deliver goods and/or services to you
  • Handling your payment
  • To be able to call, email, or write you if this is necessary to carry out our services
  • Inform you about changes to our services and products
  • To send our newsletter or personalized offers regarding exams and other products of IPMA and/or the association IPMA-NL
  • Assess and develop examinations.
  • Comply with our obligations relating to assessments or examinations.
  • Verify that an exam has not been fraudulently created.
  • Issuing certificates and examination results by name.
  • Verify the validity of certificates and provide information to the applicant.
  • To inform you and respond to your questions.
  • To provide customer service.
  • Analyses in order to improve our services.
  • Accreditations to register and assess.

Obtaining personal data

IPMA obtains your personal data by various means. For example, when you create a customer account, sign up for an IPMA course or exam, or when visiting a session of IPMA. If you apply through your employer or a training institution, we receive your information through these parties.

Data that IPMA collects through its websites can also be combined with data you provide us with at other moments. Like completing attendance forms for exams.

Personal data we process

We use the following information for the purposes stated in this privacy statement:

Name and surname
Date of birth
Phone number (s)
E-mail address (ES)
Postal address
Bank account
IPMA Membership
IPMA Membership number
Certificate number
Certification level
Company name of the contact person
Company phone number of the contact person
Company e-mail address of contact person
IP Address


We will share your personal data with different third parties if this is necessary for the execution of the agreement and to comply with any legal obligation. With companies who process your data on our behalf, we arrange a processing agreement to ensure the same level of security and confidentiality of your data. We remain responsible for this processing

Within IPMA

Your personal data can be transferred to IPMA-NL or IPMA (international) on the basis of the goals and foundations as stated above. For instance, if this is necessary for data operation and storage, to provide you with access to our services, for customer support, to make decisions about the improvement of the service, for content developments, and other purposes as described.

External Service Providers

We work with a limited number of external parties who have access to your personal data. All these parties IPMA found to be reliable and they have signed agreements with us. In our agreements is stated what these parties have to comply with.

We do not provide your personal data to parties in countries outside the European Union/European Economic Area.

Public authorities

We will only share your personal information with public authorities if required by law. For example, requests from courts, law enforcement agencies, regulators, and other government and government bodies.


IPMA ensures that your personal information is provided with an adequate level of security in order to protect your personal information and to protect it from unauthorized use, unauthorized access, alteration, and wrongful destruction. We do this by means of two-step authorization procedures, applying passwords, and encrypting data, among other things.

Retention period

Your data will be kept by us for an extended period of time, but never longer than necessary to carry out activities or based on a legal arrangement where we keep your data longer.

Executing agreements

The personal data regarding not finished or not positively finished courses will be stored up to 24 months after registration for the course.

The personal data regarding positively finished courses we store up to 12 months after the expiry date of the certificate.

We keep the data we process for the execution of other agreements up to a maximum of 24 months.

Invoice data

We keep invoice data, on the basis of legal obligations, for 7 years.


Your email address and name are stored in Mailchimp. The storage is indefinite until the moment you sign out for the newsletters.


We use cookies on our website to keep track of our site’s visitor data, for research into possibilities for further optimization, and for the security of the website. Your information made available to us in this way is processed anonymously and only used in accordance with the law in a proper and careful manner. You can change the settings of your browser in such a way that you no longer receive cookies. In that case, it is possible that not all services and functionalities of the website work properly.

Your rights

As the person involved you have specific legal rights regarding the personal data we collect from you. This applies to all processing activities listed in this privacy statement. Below you find the information about your rights.

Right to withdraw consent

If the processing of personal data is based on your consent, you may withdraw this consent at any time. We guarantee that the permission can be withdrawn in the same way as it was given, such as electronic.

Right to rectification

You can ask us to correct your personal details. We make reasonable efforts to keep personal data in our possession or management that is used on a continuous basis, accurate, complete, current, and relevant on the basis of the latest information available to us. Inappropriate cases we offer portals where users can check and correct their personal data.

Right to restriction

You may, where appropriate, obtain restrictions from us on the processing of your personal data; such as:

  • If you dispute the accuracy of your personal data for the period necessary for us to verify its accuracy;
  • the processing is unlawful and you request that the processing of your personal data be restricted instead of deleted;
  • we no longer need your personal data but require it from you in order to establish, exercise, or defend legal claims;
  • or you object to the processing while we verify that our legitimate reasons take precedence over yours.

Right to inspect

You may ask us for information about your personal data, including information about the categories of personal data we hold or control, for which it will be used, where we collected it if not directly from you, and to whom it has been disclosed if any. You may ask us to provide you with a free copy of any personal data we hold about you. We reserve the right to charge a reasonable fee for any other copy you request.

In certain situations, we may not be able to give you access to all or some of your personal data due to legal requirements. If we reject your request, we will inform you of the reason for this refusal.

Right to Transfer

Upon your request, we will pass on your personal data to another processing manager, if technically feasible, provided that it is based on your consent or if it is necessary for the execution of an agreement. Instead of receiving a copy of your personal data, you may request that we pass the data directly to another processing manager appointed by you.

Right to have data erased

We may erase your personal data at your request. For instance:

  • When the personal data processing is no longer necessary in connection with the purposes for which they were collected or processed;
  • You have the right to raise an objection (see below) to further processing of your personal data and you exercise this right to the processing;
  • The processing is based on your consent, you withdraw your consent and there is no other legal reason for the processing;
  • The personal data have been obtained illegally;

Unless the processing is necessary:

  • To comply with a legal obligation for which we need to process data;
  • In particular for legal retaining duties for data;
  • For the determination, exercise, or defense of a right in law.

Right to raise objections

You may object at any time to the processing of your personal data as a result of your specific situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this case, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons and an overriding interest in the processing or in the establishment, exercise, or defense of a legal claim. If you object to the processing, state whether you want your personal data to be deleted or whether you want us to restrict the processing of your personal data.

Right to file a complaint 

You have the right to lodge a complaint with the Personal data Authority if you feel that IPMA does not correctly deal with your personal data. You can do this via this link:


Exercising your legal rights

To exercise your legal rights, you can submit a written or electronic request to us. To make sure that the request has been made by you, please attach a copy of your identity document. In this copy, make the photograph, the numbers at the bottom of the passport or the ID-proof number, and the BSN unreadable.

We will try to grant your request within 30 days. However, this period may be extended for specific reasons relating to the specific legal right or the complexity of your request.

You find our contact information at the end of this privacy statement.

Links to other websites

On the website, you will find a number of links to third-party websites. If you follow these links, you will leave the website of IPMA. Although these websites are carefully selected, IPMA cannot hold any responsibility with regard to the use of your data by those organizations. Please read the privacy statement, if available, of the website you are visiting.

Contact details

You can send all your questions about data protection and all requests regarding exercising your legal rights to:

Postal address
IPMA Certification
Lorentzlaan 3
3401 MX IJsselstein