This portal does not support the use of Internet Explorer, and some content may not appear or may appear incorrectly as a result. For a better browsing experience, please use Google Chrome, Firefox, Microsoft Edge or Safari.
Privacy notice for the Digital Certificates Portal
Last updated: 6 February 2026
1) Who we are
Agored Cymru is the data controller for personal data used in the Digital Certificates Portal and Centre Portal.
Email:enquiries@agored.cymru
Post: 3 Purbeck House, Lambourne Crescent, Llanishen, Cardiff CF14 5GJ
2) What this notice covers
This notice explains how we use personal data when you access and use the Digital Certificates Portal, including Smart Verify and the Centre Portal.
For broader information about how we use personal data across our services, please see our full privacy notice: [Agored Cymru privacy policy].
3) The personal data we use
3.1 Data already held by Agored Cymru
This portal displays information that Agored Cymru already holds in its systems about learner registration and certification. This may include:
3.2 Data generated when you use the portal
When you use the portal, we also collect and use:
3.3 Smart Verify QR code validation
Some certificates include a QR code. If you scan the QR code, you will be taken to a Smart Verify page that allows you to validate a certificate.
Smart Verify provides an on-screen verification result. It presents an electronic representation of the document being scanned so that the viewer can validate it.
Certificate validation is supported using blockchain-based technology. The blockchain record is public and stores only a cryptographic hash. No personal details are stored on the blockchain.
3.4 Centre Portal users
Approved centre users may have access to a Centre Portal to view records, manage learner notifications, and place orders for printed documents.
4) Why we use your data
We use personal data in the portal to:
5) Our lawful bases under UK GDPR
We rely on the following lawful bases:
6) Who we share data with
We do not sell personal data.
We share personal data only where necessary with:
7) Where your data is stored
Portal data is hosted in the UK.
8) How long we keep data
Agored Cymru retains learner certification records in line with its Data Retention Schedule, including retention of certificates and transcripts.
For the portal specifically:
9) Cookies
This portal uses strictly necessary cookies only to keep you signed in, protect account security, and apply language and culture settings.
These cookies may contain unique identifiers that help the portal function securely. They do not contain information like your name or email address.
Examples of strictly necessary cookies used by the portal include:
Because these cookies are strictly necessary for the portal to function, they cannot be switched off in our systems. You may be able to block them using your browser settings, but the portal may not work correctly if you do so.
10) Your rights
You have rights under UK GDPR, including the right to access, rectification, erasure (in certain circumstances), restriction, objection, and data portability where applicable.
To exercise your rights, contact us using the details in section 1.
11) Complaints
If you have concerns about how we use your personal data, please contact us first. You also have the right to complain to the UK data protection regulator (the Information Commissioner’s Office).
12) Changes to this notice
We may update this notice from time to time. The latest version will always be published on this page with a “Last updated” date.