- Who we are
- Our collection and use of your personal information
- Our legal basis for processing your personal information
- The personal information we collect, when and how we use it
- Who we share your personal information with
- Transfer of your information out of the UK and EEA
- Cookies and similar technologies
- Your rights
- Keeping your personal information secure
- How to complain
- How to contact us
Who we are
We are the UK Certification Authority for Reinforcing Steels. We are a company limited by guarantee registered in England and Wales under number 176248. Our registered office is at Pembroke House, 21 Pembroke Road, Sevenoaks, Kent TN13 1XR. We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Our collection and use of your personal information
We collect personal information about you directly when you or your organisation register with us, communicate with us, send us feedback, access products or services (including via our websites carescertification.com, careshongkong.com, caresaustralia.com, caressingapore.com and, if relevant to you, our portal, cares.cloud ) and/or post material to our website or portal. In addition, we may collect personal data about you when you or your organisation offers to provide services to us.
We may also collect personal information from you or your organisation indirectly, such as through your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the interactions we have with you or your organisation. The information may include:
- Contact information such as your name, employer, job title, work address and other contact details including registered user name and email address
- Information about the services we provide to you and other business information processed in the context of our business relationship whether necessarily processed or voluntarily provided
- Your account details, such as username, login details and passwords
Our legal basis for processing your personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
consent: where you have given us clear consent for us to process your personal information for a specific purpose
contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
The personal information we collect, when and how we use it
For details on when we collect personal information, what we collect as well as how we use it, please read the following section. We may use your personal data for the following purposes:
- Providing services or things you have requested, including on-line services or solutions as instructed or requested by you or your organisation
- Protecting the security of and managing access to our online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities
- To comply with our legal and regulatory obligations worldwide, including reporting to and/or being audited by national and international regulatory bodies
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us
Where you have expressly given us your consent, we may also process your personal data in accordance with that consent to keep you up to date on our services including surveys, marketing and promotional activities.
Who we share your personal information with
We may share your personal data including but not exclusively your registered user name, email address, business address and business relationship with us with our sub-contractors as well as our third party suppliers.
This data sharing enables us to provide services or things you have requested, including on-line services or solutions as instructed or requested by you or your organisation.
We will share personal information with law enforcement or other authorities if required by applicable law.
Transfer of your information out of the UK and EEA
We may transfer your personal information to countries which are located outside the United Kingdom (UK) and European Economic Area (EEA) for any of the purposes set out above. Such countries do not have the same data protection laws as the UK and EEA. Any transfer of your personal information will be subject to appropriate or suitable relevant safeguards as required by the General Data Protection Regulation to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. This includes, where so required, the entry into EU Standard Contractual Clauses. A copy of such clauses is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the area comprising the UK and EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Cookies and other tracking technologies
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information
- Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- Require us to correct any mistakes in your information which we hold
- Require the erasure of personal information concerning you in certain situations
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object at any time to processing of personal information concerning you for direct marketing
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- Object in certain other situations to our continued processing of your personal information
- Otherwise restrict our processing of your personal information in certain circumstances
- Claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Email, call or write to us (please see ‘How to Contact Us’, below)
- Let us have enough information to identify you (e.g. your full name or your user name)
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
- Let us know the information to which your request relates
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in a European Economic Area state or in the United Kingdom if you work, normally live or if any alleged infringement of data protection laws occurred in the relevant state. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you. If you wish to contact us, please send an email to firstname.lastname@example.org