Privacy Policy

At ISO UK Certification, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you interact with our website, services, and communications.

Information We Collect

Information You Provide to Us

• Contact Information: Name, email address, phone number, job title, and company details when you submit enquiries or register for services
• Service Information: Details about your organization's certification needs, industry sector, and existing management systems
• Communication Records: Records of correspondence when you contact us
• Feedback and Surveys: Information you provide in customer surveys and feedback forms

Information We Collect Automatically

• Technical Information: IP address, browser type and version, operating system
• Usage Information: Pages visited, time spent on pages, links clicked, and resources downloaded
• Cookie Information: Information collected through cookies as described in our Cookie Policy

How We Use Your Information

We use your personal information for the following purposes:

Providing Our Services

• Processing and responding to your enquiries
• Delivering certification consultancy and support services
• Managing your account and relationship with us
• Fulfilling our contractual obligations

Improving Our Services

• Analyzing website usage to improve user experience
• Developing new products and services
• Training our team and improving our processes
• Conducting research and analysis

Communications

• Sending service-related communications
• Providing information about relevant services, events, or resources (with your consent)
• Responding to your questions and feedback
• Inviting you to participate in surveys or research

Legal Basis for Processing

We process your personal information based on:

• Contractual Necessity: Processing necessary for the performance of our contract with you
• Legitimate Interests: Where processing is in our legitimate business interests, balanced with your rights
• Legal Compliance: Processing necessary to comply with our legal obligations
• Consent: Where you have given clear consent for specific processing activities

Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third parties who provide services on our behalf (e.g., IT support, email delivery)
• Certification Bodies: When necessary for your certification process (with your knowledge)
• Professional Advisors: Legal, accounting, and other professional advisors
• Regulatory Authorities: When required by law or regulation
• Business Transfers: In connection with a business transaction such as a merger or acquisition

We require all third parties to respect the security of your data and treat it in accordance with the law.

Data Security

We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way. These include:

• Encryption of sensitive data
• Secure network infrastructure
• Access controls and authentication procedures
• Regular security assessments and testing
• Staff training on data protection

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including:

• The period required to provide our services
• As necessary to comply with legal, accounting, or reporting requirements
• For the establishment or defense of legal claims

Your Rights

Under data protection law, you have rights including:

• Access: Request a copy of your personal information
• Rectification: Request correction of inaccurate information
• Erasure: Request deletion of your information in certain circumstances
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Data Portability: Request transfer of your information
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the details below.

International Transfers

We primarily store and process your data within the UK and European Economic Area (EEA). If we transfer data outside these areas, we ensure appropriate safeguards are in place to protect your information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and, where appropriate, by email.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer:

• Email: privacy@isoukcertification.org.uk
• Post: Data Protection Officer, ISO UK Certification, 123 Quality Street, London, UK, AB12 3CD
• Phone: +44 (0)123 456 7893

Complaints

If you have concerns about our data practices, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Last updated: July 31, 2025