The personal data that we collect depends on your relationship with us. Please see below for detailed information regarding the types of information we collect and use about you.
Customers / prospective customers:
- Name, business address, job title, e-mail address, telephone number;
- Audit evidence which may include names and job titles.
Agents, auditors and other stakeholders:
- Name, address, email, job title, phone numbers, employer name;
- Passport details for the purposes of arranging travel or issuing visitation letters where relevant;
- CVs provided which may contain personal details such as home address;
- Details of qualifications & training records;
- Details of education (dates & name of institution);
- Names of personal referees as shown on CVs (position, home address and phone);
- Qualifications certificates and number reference which may contain pictures and an individual’s date of birth;
- Opinions on competence.
We collect your personal data:
- Directly from yourself via the information you provide to us;
- From your company/employer;
- From third parties, such as:
- Accreditation Scheme owners
- Credit referencing agencies
- Regulatory bodies
- Lead generation companies and mailing houses
- Publicly available sources, such as;
- Social media sites such as LinkedIn
- Web searches
- Face to face when you meet us;
- Via regular mail (in writing);
- By telephone;
- By e-mail;
- Via customer application;
- Via the
We may process your personal information for our legitimate business purposes.
Where relevant under applicable laws, the use of your Personal Information will be justified by at least a condition for processing. In the majority of cases this condition will be:
- To prepare a proposal for you regarding the services we offer;
- To provide you with the services as set out in our contract with you or as otherwise agreed with you from time to time;
- To undertake any conformity assessment services, we provide to you;
- To deal with any complaints or feedback you may have or are involved with;
- To meet our compliance and regulatory obligations and as required by tax authorities or any competent court or legal authority;
- For marketing to you;
- Training and performance monitoring of our staff;
- For the administration and management of our business, including but not limited to recovering debts and archiving or statistical analysis;
- Seeking advice on our rights and obligations, such as where we require our own legal
For each purpose we must have a legal ground for such processing. In respect of your personal data, the legal grounds we rely on are:
- Our performance of a contract with you;
- Us having an appropriate business need to use your data, and such need does not overly prejudice you;
- You having given your explicit consent for us to use your personal data;
- Us having a legal or regulatory obligation to use your data; and
- The necessity to use your data to establish, exercise or defend our legal
We may share your personal data with our internal teams/departments via internal reports and via access to central IT systems.
We also disclose your personal data to the third parties listed below:
- Contractors (to carry out conformity assessments);
- Third parties whom we engage to assist in delivering the services to you, such as IT providers, data storage providers, payroll suppliers and public relations
- Our professional advisers where it is necessary for us to obtain advice and assistance, such as lawyers, accountants, auditors;
- Debt collection agencies and credit referencing agencies; and
- Relevant accreditation scheme owners, regulatory authorities or law enforcement agencies, subject to your agreement via a waiver of
Under the GDPR you have certain rights in relation to the personal data that we hold about you. You may exercise these rights at any time by contacting us using the contact details set out further below in this section.
Please note that in some cases we may not be able to comply with your request because of our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we cannot comply with your request, we will tell you why.
Your rights are:
- The right to access your data
You are entitled to a copy of the personal data we hold about you and certain details of how we use it. Where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible. Subject to certain circumstances, there will not be a charge for dealing with these requests.
- The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
- The right to erasure
In certain circumstances, you have the right to ask us to erase your personal data.
- The right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal data.
- The right to data portability
In certain circumstances, you have the right to ask that we transfer any personal data that you have provided to us to another third party of your choice.
- The right to object to marketing
You can ask us to stop sending you marketing communications at any time by contacting us at firstname.lastname@example.org
- The right to withdraw consent
For certain uses of your personal data, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal data.
- The right to complain
We may also use your personal data to provide you with information about services we provide which may be of interest to you. If you wish to unsubscribe from marketing communications.
International Data Transfers
In principal, we do not store or process personal data that we collect about you in countries outside the European Economic Area (EEA).
Please contact us if you require further information about this.
Retention Of Data
We will only retain your personal data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal and regulatory obligations. Please contact us if you would like further information regarding the periods for which your personal data will be stored.
Safeguards For Your Data
We are committed to protecting your privacy. We have implemented, and we maintain
Technical and organizational security measures, policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the data concerned.
The gathering and processing of personal data is regulated by the Data Protection Act 2018. Any requests by individuals for access to information held about them by the IQRA CERT.