This privacy notice is issued by Certass Limited (collectively referred to as “we”; “us” and “our”) and relates to our use of any personal data, concerning you, (referred to as “data”) collected by us; where you are a Certass registered installer, site operative or consumer.
We respect your privacy rights and your rights as a data subject. We will manage and protect your data accordingly whilst it is in our hands in accordance with all applicable data protection legislation and in accordance with this notice.
The different classes of data subject types we hold include:
Certass Registered Business: A company that is registered with Certass Limited and is using one of our services. Information held will include key contacts within the business.
Site Operative:A person that provides installation work for a Certass Registered Business and is assessed by Certass to be competent to carry out installation work that the Certass Registered Business is certified for by Certass
Consumer: A customer of the Certass Registered Business
Who is the Data Controller?
We are registered with the Information Commissioner’s Office, as a data controller, under the registration number of Z2589446. We can be contacted at the following address:
Certass TA Limited, PO Box 26332
Tel: 01292 292099
E-Mail: [email protected]
Who is the Data Protection Officer?
We have appointed a Data Protection Officer, who is the point of contact for enquiries relating to how your data is processed. The Data Protection Officer can be contacted at the following address:
The Certification Manager
Certass TA Limited, PO Box 26332
Tel: 01292 292099
E-Mail: [email protected]
What is the Purpose of Data Processing?
We need to process your data in order to certify people, process, products and companies to meet Certass Certification scheme criteria, which may include Government authorised schemes. The purpose of the certification products is to provide consumer protection to home improvement works.
The legal basis for processing your data are as follows:
- Processing your data is necessary in order to protect the vital interests of building occupants and users by providing a framework for ensuring installation work meets industry standards and, where applicable, Building Regulation requirements.
- Where your data is processed for a Certass Government endorsed scheme, processing your data is necessary in order to perform a public task in the public interest and the task has a required legislative requirement
- Processing your data is necessary in pursuit of our legitimate interests in certifying people, processes, products and installation work.
- Processing your data is necessary for the fulfilment of the certification contract between the Certass registered business and us.
How Will We Use Your Data?
We will use your data, in the normal course of business to:
- Certify people, processes, products and installation work.
- Handle consumer complaints.
- Deal with any complaints that you may have.
- Verify your identity.
- Confirm with third parties that you have, where applicable, met scheme requirements.
- Where we have a legal basis to do so; help us to identify and market products that may be of interest to you.
- Key contacts of Certass registered businesses and Site Operatives will be listed on Certass public facing websites to enable consumers to contact or identify them.
We may use your data, in the course of our business, for the prevention and detection of fraud. Where we suspect fraud, this may entail:
- Sharing your data with public bodies including the Police.
- Undertaking fraud searches.
- Checking your data against fraud prevention databases.
Your data will not be used by us for the purposes of any automated decision-making or profiling.
How Did We Receive Your Data?
Your data was submitted to us, in order to arrange your certification services, by the Certass registered business. Your data was not sourced, by us, from a publicly accessible source.
What Types of Data Do We Process?
The data we hold is limited to your name; address; contact details; information about your installation; and information we receive as part of a complaint made by you.
The data we hold is limited to your name; contact details; date of birth, relevant qualifications, photo; and information we receive as part of a complaint made by you.
Certass TA registered business key contacts (owners/directors):
The data we hold is limited to your name; contact details; date of birth, relevant qualifications, address; and information we receive as part of a complaint made by you.
All data subject types:
In respect of your data: We do not hold or process special categories of data (those relating to your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; sex life or orientation; genetic data; biometric data; or data relating to any criminal convictions or offences).
Will Third Parties Receive Your Data? What Are Their Interests?
Your data shall be passed to the insurer, nominated by the Certass registered business in order for them to perform the contract of insurance for installation works in line with Certass certification scheme requirements and/or where we are bound by specific legal obligations to ensure that installation works carried out by Certass registered companies receive appropriate financial protection.
Where Certass has a legal duty or bound by scheme license holder requirements, Certass will share information with national and local Government departments and scheme license holders.
We shall not transfer your data to organisations located in countries outside of the United Kingdom.
How Long Will We Keep Your Data?
Your data will be retained only for as long as is necessary for us to effectively monitor the performance of the certified installed works or product during its life cycle. This means that your data will be retained until expected life of the installation work/products; or as long as is necessary to defend against legal claims; whichever period is the longest.
What Are Your Rights to the Data?
Right of Subject Access:
You can request details of all data we hold about you by submitting a subject access request to the Data Protection Officer, at the address provided above.
We aim to comply with such a request from you within one month of the request being made. Where we cannot provide you with this information within one month; we shall inform you of this and provide the reasons why this cannot be achieved; at which point, we shall have a total of 3 months to comply with this request.
In the normal course of business, we shall not charge a fee for a subject access request. However, in the event that you make a subject access request that is of a manifestly unfounded, repetitive or excessive nature, we reserve the right to charge a fee of £10 per request.
Right of Rectification:
In the event that your data is incorrect; you have the right to have this rectified by us. In the event that any of your data is incorrect, please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be rectified.
Right of Objection:
You have the right to object to our processing of your data. Please note, that where we require to continue to process your data for reasons such as the defence of certification claims, we shall not be required to cease processing your data. In the event that you wish to object to us processing your data, please contact the Data Protection Officer at the address provided above.
Right of Erasure:
You have the right to request that we delete your data provided that; we no longer require your data; or there is no legitimate legal basis for us to process your data; or we have unlawfully processed your data; or the data must be erased in order to comply with the law.
If you have grounds to request that we delete your data, and you wish to do so, please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be deleted from our databases.
Can a Complaint Be Made?
If you have any complaints about how we process your data; please contact the Data Protection Officer, at the address provided above.
In the event that we are unable to resolve your complaint, you have the right to make a complaint to the Information Commissioner’s Office if you believe that your information has been mishandled by us. The Information Commissioner’s Office can be contacted as follows:
Information Commissioner’s Office
Tel: 0303 123 1113