Privacy Notice
1. Introduction
1.1 We take privacy and the protection of personal information seriously. This Privacy Notice sets out details about how we gather, use and share personal information and individual privacy rights. How we use personal information depends upon the context in which it is made available to us. For further information on how GDPR impacts bureau Certification, please read our statement – GDPR Statement.
1.2 Our Data Protection Officer (DPO) provides help and guidance to ensure we apply good practice standards to protect personal information. Our DPO can be reached by email at info@bureaucertification.com if you have any questions about how we use personal information.
1.3 This Privacy Notice provides up-to-date information about how we use personal information and will update any previous information we have published about using personal information. We may make minor updates to this Privacy Notice from time to time. However, if we make any material changes to how we process and use your personal information, we will announce this clearly on our website.
2. About Us
2.1 We are known as the “controller” of the personal information we gather and use. When we say “we” or “us” in this Privacy Notice, we mean Bureau Certification.
3. What Kinds Of Personal Information We Use
3.1 We use various personal information depending on the circumstances under which personal information is made available to us.
3.2 We may use personal information in the following circumstances:
(a) Business Contacts: We hold the names, job titles, employer details, and professional contact details for various business contacts, including client contacts, supplier contacts, and interested parties who have signed up for our newsletter via our website;
(b) Clients:
- Certification and Audit Services: Most of our clients are incorporated entities; however, in conducting audits and processing certifications, we may collect and use the personal information of individuals who work for our clients. This can include names, contact details, and information about an individual’s work or role at our client; and
- Training Services: If you have signed up for one of our training courses, we will process your name, job title, employer details, professional contact details, and information about your performance on the training course. We may also collect and use some special categories of personal data such as dietary information or disabilities about access;
(c) Contract Auditors/Tutors: If you are a consultant, we will process your name, professional and personal contact details, CV and professional background, payment details, and information about the work you complete for us. We may also collect and use some special categories of personal data such as dietary information or disabilities about access; and
(d) Referring Consultants: If you are a consultant that refers sales opportunities to Bureau Certification, we will process your name, professional and personal contact details, CV, professional background, and information about the work you refer to us.
(e) Job Applicants: Where you apply for a role with us, we will process the personal information you provide to us as part of your application and any interview selection process. This will ordinarily include your name, personal contact details, professional history, education and qualifications, and references. We may also collect and use some special categories of personal data about job applicants, such as information about applicants’ racial or ethnic origin and some health information regarding any medical conditions or disabilities.
4. How We Gather Your Personal Information
4.1 We only use personal information which we have obtained directly for the purposes described in this Privacy Notice.
4.2 Personal Information is gathered in the following ways:
(a) Business Contacts: These may be collected via forms on our website or in the course of business-as-usual correspondence with business contacts;
(b) Clients:
- Certification and Audit Services: We may collect personal information held by our clients in conducting an audit. Personal information may be included in documentation we are required to assess as part of an audit and will ordinarily be provided or made available to us by our client; and
- Training Services: Personal information will be gathered directly from the individual that has signed up to attend one of our training courses;
(c) Contract Auditors/Tutors, Consultants, and Job Applicants: Personal information will be gathered directly from you or your third-party references.
5. Why We Use Personal Information
5.1 We will use personal information for the following purposes:
(a) Business Contacts: We process the personal information of our business contacts as necessary for the legitimate interests of managing the day-to-day operation of our business, including correspondence, engaging suppliers, and promoting our services to business contacts;
(b) Clients:
- Certification and Audit Services: We process the personal information of individuals that work for our incorporated clients in the course of conducting an audit by legal and regulatory obligations, which govern how accredited management system certification services are to be conducted. Such processing is also required for the legitimate interests of our clients to apply for certifications that we are involved in auditing, granting, and maintaining;
- Training Services: We require to process personal information to perform the contract we have entered into with the individual who has signed up for our training services. Where our contract for training services is entered into with a corporate entity for the provision of training to their employees, our processing of personal information is in the legitimate interests of such corporate entity to improve and/or add to the qualifications and skills of their employees; and
(c) Contract Auditors/Tutors: We process the personal information of Contract Auditors/Tutors for the legitimate interests of determining whether or not to employ a particular individual for a role in our organization. We engage Contract Auditors/Tutors. We process their personal information to enter into and perform our contract with the Contract Auditors/Tutors. We process racial and ethnic origin information about consultants for the substantial public interest of monitoring equal opportunities within our organization, and we process certain health information about consultants for the substantial public interest of supporting Contract Auditors/Tutors with particular medical conditions or disabilities; and
(d) Referring Consultants: we process the information to deal with sales referrals; and
(e) Job Applicants: We process the personal information of job applicants for the legitimate interests of determining whether or not to employ a particular individual for a role in our organization. We decide to employ a job applicant to process their personal information to enter into and perform our employment contract with the applicant. We process the racial and ethnic origin and health information of job applicants to meet our legal obligations under employment and similar laws.
5.2 If we are not provided with access to personal information for the purposes outlined in this paragraph 5, we may not offer or provide certain services, or we may not be able to complete consultant or job applications.
6. How Long We Keep Personal Information
6.1 We will never retain personal information for any longer than is necessary for the purposes we need to use it for.
6.2 Generally, in respect of personal information gathered in the context of a contract, we will retain personal information for the contract’s duration. A period of up to six years after the contract has expired or terminated if such personal information is required for the exercise or defense of a legal claim during this period.
6.3 We may also retain personal information for as long as required by law or regulation, or instruction of a relevant accreditation body.
6.4 Unsuccessful job applicant information is retained for a period of 12 months after the position has been filled.
6.5 We will retain the personal information of business contacts that receive our newsletter until they opt out or unsubscribe from our newsletter.
7. Sharing Personal Information With Third Parties
7.1 We only share personal information with third parties:
(a) to the extent necessary for fulfilling the purposes outlined in paragraph 5, including where necessary for the provision of services;
(b) where we are under a legal or contractual obligation to do so; or
(c) where it is fair and reasonable for us to do so in the circumstances.
7.2 We may share personal information with the following third parties:
(a) Corporate Group / Agents / Franchisees: Our business operates as part of a wider, international group of companies that includes entities that act as our agents and franchisees in locations worldwide. We may sometimes need to share personal information with our wider corporate group where required for the legitimate interests of operating our day-to-day operations, and also where required for independent reviews of audits and assessments;
(b) Suppliers: We use several different suppliers, including IT suppliers, payment processors, and consultants, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data-protection laws to ensure that these suppliers protect the personal information we share with them;
(c) Accreditation Bodies: We may be required to share personal information with accreditation and regulatory bodies, who monitor our certification and audit services to ensure that we are compliant with their rules and requirements when awarding certifications; and
(d) Government bodies: We may be required by law to share personal information with government bodies and regulators.
8. Sending Personal Information Overseas
8.1 We may need to transfer personal information outside countries to our group companies/agents / franchisees and suppliers (including consultants) based in countries where data protection laws may not provide the same protection level.
9. Privacy Rights
9.1 Individuals are entitled to exercise any of the following privacy rights in respect of our processing of personal information:
(a) Access: Individuals can request access to a copy of their personal information held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making.
(b) Rectification: Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.
(c) Erasure: Individuals can ask us to delete their personal information where it is no longer necessary for us to use it or where we have no legal basis for keeping it.
(d) Restriction: Individuals can ask us to restrict the personal information we use about them where we cannot erase their personal information or where an individual has objected to our use of their personal information.
(e) Object: Individuals can object to our processing of their personal information.
(f) Portability: Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used electronic format so it can be easily transferred.
(g) Withdraw Consent: Generally, we do not require consent to process personal information, and so we do not ordinarily ask for consent to process personal information. However, where we ask for consent to process personal information, individuals have the right to withdraw their consent at any time.
9.2 Please make all requests to exercise privacy rights in writing to info@bureaucertification.com
9.3 We are required to verify the identity of anyone requesting to exercise their privacy rights. We may ask individuals to provide valid identification documents when requesting to allow us to do this.
9.4 We will not make any charge for responding to any request from an individual exercising their privacy rights. We will respond to any requests by our obligations under data protection laws.
9.5 Individuals can complain about how we have used their personal information by contacting us as noted above.
10. Online Activities
10.1 We use cookies to track your use of our website and pages accessible from our website.
10.2 A cookie is a small file sent to your browser and stored on your computer’s hard drive. Cookies help us understand and track your use of our websites and identify where we can improve our website’s information and services.
10.3 We use the following categories of cookies on our website:
(a) Strictly necessary: These cookies are essential for our websites’ features to work (for example, making payments online). These cookies do not record personally identifiable personal information, and we do not need your consent to place these cookies on your device. Without these cookies, our website’s services cannot be provided, and certain parts of our website cannot be accessed.
(b) Performance: These cookies are used to collect anonymous information about how you use our website. This information is used to help us improve our website and understand how effective our website is. In some cases, we use trusted third parties, such as Google Analytics and Hotjar, to collect this information for us, but they only use it for the purposes explained.
(c) Functionality: These cookies are used to provide services or remember settings to enhance your visit, for example, by using your IP address to return your local Bureau Certification site. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites. Our web chat feature Zopim also requires the use of cookies in its functionality. Therefore by using the service, you consent to these cookies
(d) Targeting and Advertising: These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and does not contain personal information.
10.4 If you would prefer to restrict, block or delete cookies from us and our third-party advertisers or any other website, you can use your browser to do this. Each browser is different, so check the “Help” menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies, we cannot guarantee our websites’ performance, and some features may not work as expected.