Skip to main content
Guidance

Seafarer training, certification and examination privacy information notice

Updated 3 June 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/maritime-and-coastguard-agency-privacy-notices/seafarer-training-and-certification-privacy-information-notice

This privacy notice explains how the Maritime and Coastguard Agency (MCA) collects and uses your personal data when you apply for certification and take associated online examinations and assessments. 

The data controller  for your personal information is the Maritime and Coastguard Agency (MCA). This means we are responsible for how your information is used. 

We process personal data to ensure that seafarers are properly trained, qualified, and fit to carry out their roles safely. This includes confirming certification, training, and regulatory requirements in line with UK legislation and international maritime standards such as Standards of Training, Certification and Watchkeeping (STCW) and Safety of Life at Sea (SOLAS). 

This privacy notice relates to certification and associated online examinations and assessments for: 

  • Certificate of Competency (CoC) 
  • Certificate of Equivalent Competency (CEC) 
  • Deck/engine Watch Rating Certification (WRC) 
  • Yacht Rating Certificate (YRC) 
  • Authority to Operate certificate (ATO) 
  • Able Seafarer Certificate (AB) 
  • Electro Technical Rating Certificate 
  • Boat Master Licence (BML) 
  • Global Maritime Distress and Safety Systems (GMDSS) related certificates

1. What information do we collect about you?

The information we collect about you includes: 

  • name and contact details 
  • professional qualification and employment history information

Along with supporting documentation such as: 

  • proof of identity 
  • certificates of competency 
  • training records 
  • discharge book extracts 
  • photographs 
  • medical fitness certificates

This may include details of your sea service, including vessel information, duration of service, and roles undertaken. 

We may also receive personal data from third parties involved in certification and verification processes, including:

  • maritime training providers and colleges   
  • employers and vessel operators   
  • other government departments or competent authorities   
  • organisations responsible for verifying qualifications or sea service 

We do not normally collect personal data from publicly accessible sources. 

Some of the information we process may include special category data, such as health information contained in medical fitness certificates. This information is processed only where necessary to assess fitness for certification and in accordance with applicable legal requirements, including where processing is necessary for reasons of substantial public interest.

1.1 Additional information collected during examinations

When you take an online examination, we also collect: 

  • audio and visual data, including video, screen recordings, and sound recordings  
  • proctoring and behavioural data (for example identity checks and monitoring of examination conditions and conduct) 
  • technical data such as device details, login information, and connection data

2. How we use your information

We use your personal data to: 

  • process your application for certification 
  • assess your eligibility and qualifications 
  • administer and deliver examinations 
  • communicate with you about your application and results

We may also use your personal data to: 

  • verify the information and documents you provide, including requesting original documents where necessary 
  • improve our services, for example by reviewing performance and identifying areas for improvement 
  • investigate complaints or incidents 
  • prevent and detect fraud or misuse 
  • support legal or regulatory processes

2.1 Use during examinations

When you take an examination, we use your data to: 

  • verify your identity 
  • monitor compliance with exam conditions 
  • detect and prevent malpractice 
  • record examinations to support appeals or investigate concerns

3. Monitoring and recording of examinations

Online examinations are subject to monitoring to maintain exam integrity and fairness. This forms part of the MCA’s statutory certification responsibilities. 

Monitoring includes: 

  • use of cameras and microphones 
  • real-time observation using proctoring tools 
  • viewing your exam environment 

Examinations may be recorded and used to: 

  • review results 
  • investigate concerns about conduct 
  • support appeals 

Monitoring takes place in real time. You may be notified if unusual behaviour is detected. 

This monitoring is necessary and proportionate to ensure the integrity of safety‑critical examinations and to prevent fraud.

4. Lawful basis for processing

We must have a lawful basis to process your personal data.

We rely on:

  • public task – processing is necessary for the performance of MCA’s statutory functions under UK maritime legislation, including the Merchant Shipping Act 1995 
  • legal obligation – processing is required to comply with applicable maritime law and regulations

5. Financial information

If you make a payment, we use your financial information to process that payment. 

We do not retain your full payment details (such as card numbers) once the transaction has been authorised. However, we may keep limited records of the payment, such as transaction references and amounts, where this is required for accounting, audit, or legal purposes.

6. How long we will keep your information

We only keep your personal data for as long as necessary for the purposes described above.

6.1 Certification information

We keep personal data relating to your certification for as long as you hold a valid certificate. 

For active seafarers, we will keep your data until you reach 70 years of age, or for 5 years, whichever occurs sooner. 

If your certificate expires and you do not revalidate it or return to sea, we may keep your data for up to 25 years before deleting it. 

Where a certificate does not have an expiry date (for example GMDSS), we keep your data in line until you reach 75 years of age.

6.2 Examination information

We keep examination recordings for a short period to allow us to review results, handle appeals, and investigate suspected malpractice.  

Recordings are typically kept for up to 90 days. 

We keep examination results and related certification records for longer, as required by law. This may be for up to 5 years. 

When we no longer need your personal data, we will securely delete or dispose of it.

7. Who we share your information with

We may share your personal data with: 

  • MCA departments responsible for certification and examinations 
  • government bodies and regulatory authorities 
  • maritime training providers, employers, and industry partners 

Where required, we will also share information with organisations that help us deliver examinations, including: 

  • online examination platforms (such as Risr/assess) 
  • proctoring providers (such as Talview), which monitor exams using video and behavioural analysis 
  • video conferencing platforms (such as Microsoft Teams) 

We may share limited contact details with third parties to carry out customer satisfaction surveys.

7.1 International transfers

Some organisations we work with may be based outside the UK. 

Where this happens, we make sure appropriate safeguards are in place to protect your personal data. These include adequacy regulations or approved contractual arrangements such as Standard Contractual Clauses. 

Further information about these safeguards is available in the MCA personal information charter.

8. Automated decision making during online examinations

No decisions that produce legal or similarly significant effects are made solely by automated processing. 

We use systems that can automatically flag unusual behaviour during examinations. These systems analyse information such as video, audio, and screen activity to identify patterns that may indicate unusual behaviour. 

If unusual behaviour is flagged, it may be reviewed as part of the assessment process and could lead to further investigation in line with examination rules. These systems do not make decisions. All flagged cases are reviewed by MCA staff, and decisions are made by people. 

These systems are used only to support examination monitoring and do not create profiles of individuals beyond this purpose.

9. Your rights

Under UK GDPR, you have rights over your personal data, including the right to access, correct, or request deletion of your data, and to object to or restrict how it is used in certain circumstances. You also have the right to complain to the Information Commissioner’s Office (ICO). We would encourage you to contact us first so we can try to resolve your concern. 

For further information about how we handle your personal data, your rights and how to exercise them, and the contact details for our Data Protection Officer, please see the MCA personal information charter.

Back to top