Privacy Policy
Company & Contact Information
- Provider: XRC LLC, a Nevada limited liability company, operating the CAIBOK certification body and the Black Belt Chef training and publishing body (“we,” “us,” “our”).
- Websites covered: caibok.org, caibok.net, blackbeltchef.com, blackbeltchef.net.
- Contact email: administration@caibok.org
- Mailing address: 848 N. Rainbow Blvd., #4152, Las Vegas, NV 89107
- Effective date: June 23, 2026
This policy explains how we collect and use personal data across everything we do — our websites, our certification and assessment services, the issuance, maintenance, and verification of credentials, and our training and publishing — and throughout our relationship with you, not only when you visit a website. It applies to candidates, certificants, customers, site visitors, affiliates, and board members.
1. The personal data we collect
Depending on how you interact with us: identity and contact details (name, email, postal address, phone); account and registration data; professional and eligibility information for certain credentials (CV, employment history, references, attestations); examination data (responses, results, attempts); identity-verification and proctoring data for proctored examinations, which may include images of you and your identity document and a session recording; continuing-education and recertification records; payment information (card payments are handled by our payment provider; we may not store full card numbers); technical and usage data (IP address, device and browser information, cookies); communication and marketing preferences; for affiliates, tax documentation (W-9 or W-8) and payment details; and for board members, professional credentials, biography, and declarations of interest.
2. How we use personal data
To register and assess candidates and issue and maintain credentials; to verify identity and eligibility and protect examination integrity; to confirm and validate certification status to third parties who request it and to maintain our public verification register; to process payments; to operate recertification and continuing education; to communicate with you and provide support; to send marketing where permitted; to improve our services; and to comply with law, prevent fraud, and protect our rights and the integrity of our credentials.
3. Our legal bases (EEA/UK)
Where the EU or UK GDPR applies, we rely on performance of a contract; our legitimate interests (verifying eligibility, protecting examination and credential integrity, enabling third parties to rely on our credentials, and running our business), balanced against your rights; legal obligation (such as tax and record-keeping); and consent (for certain marketing and, where required, for identity-verification or biometric data). Where we process special-category or biometric data, we rely on your explicit consent or another lawful condition.
4. Cookies
We use cookies and similar technologies as described in the Cookie Policy.
5. How we share personal data
We share personal data with service providers who process it on our behalf under data processing agreements (for example, examination, proctoring, learning-platform, hosting, payment, email, and analytics providers); with references and employers we contact to verify eligibility; with employers, recruiters, regulators, partners, and other persons who request confirmation of your certification status, and through our public credential-verification register, which may display a certificant’s name and current credential status; with affiliates and partners on a limited basis; with legal and regulatory authorities where required; with a buyer or successor in a sale or reorganization; and among entities affiliated with us, including any entity to which CAIBOK or Black Belt Chef is transferred. We do not sell your personal data for money. Some U.S. state privacy laws define “sharing” broadly to include the use of advertising cookies; where we use such cookies (see the Cookie Policy), you can opt out as described in “Your rights” below.
6. International transfers
We operate globally, and your personal data may be transferred to and processed in the United States and other countries whose laws may differ from those where you live. For transfers from the EEA or UK, we use appropriate safeguards, such as the Standard Contractual Clauses, and you may request information about them.
7. How long we keep personal data
We keep personal data only as long as needed for the purpose it was collected and to meet legal, audit, and verification requirements:
- Credential and verification records (your name, the credential you hold, and the dates): kept indefinitely, so your certification can be verified at any time — this is core to our role as a certification body.
- Identity-verification, proctoring recordings, and any biometric data: deleted shortly after your result and any appeal window close, and in any case within 90 days.
- Payment records: kept as long as tax and accounting law requires (generally up to seven years), then deleted.
- Applications, CVs, and references: kept for a limited period after the related decision, then deleted.
- Marketing and communication data: kept until you opt out.
Where we no longer need personal data, we delete or anonymize it.
8. Security
We use reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your rights
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal data; to restrict or object to certain processing; to withdraw consent; and to opt out of the sale or sharing of personal data or limit the use of sensitive personal data. Some rights have limits: because verifiable credentials are central to what we do, we retain and may continue to confirm the factual record of a credential you have earned even after other data is deleted. You will not be discriminated against for exercising your rights. To make a request, contact us using the details in the Company & Contact Information section above; we may need to verify your identity, and an authorized agent may submit a request for you. If the EU or UK GDPR applies to you, you may also lodge a complaint with your data protection authority.
10. Children and minors
Our services are intended for individuals aged 16 and over, and you must be at least 16 to register. We do not knowingly collect personal data from anyone under 16; if we learn we have, we will delete it. Because a person under 18 generally cannot enter a binding agreement, anyone aged 16 or 17 may use our services only if a parent or guardian reviews and accepts our Terms on their behalf and consents to their participation. We do not require biometric identity verification of minors, and a parent or guardian must consent before a minor takes any proctored assessment.
11. Changes to this policy
We may update this policy. We will post the updated version with a new effective date and, where required, notify you of material changes.