Who are we?
We are CCAB Certification Ltd, a private company limited by guarantee, registered in England and Wales and registered company address: C/O D S Mills Joseph Banks Laboratories, University of Lincoln, Beevor Street, Lincoln, England, LN6 7DL
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including the United Kingdom), and we are responsible as a ‘controller’ of that personal information for the purposes of those laws. We may also act as a ‘processor’ of personal information where we receive personal information from a third party to process on their instructions.
How do we collect and use your Personal Information?
CCAB Certification collects personal data about you when you access our website, register online, contact us or send a query via our website, send us feedback, purchase services from us or verbally or in writing inform us of a change in circumstance (for example if you move house and would like us to update your address).
The personal information we collect about you depends on the particular activities carried out through our website or the services we provide to you. This information includes:
Your name, home address, email address, and telephone numbers.
Bank account and payment details.
Details of any feedback you give us by phone, email, post or via social media.
Information about the services we provide to you.
Please note, the term ‘personal data’ covered by GDPR does not include information about animals.
We use this personal information to:
Create and manage your account with us.
Verify your identity.
Provide our services to you.
Notify you of any changes to our website or to our services that may affect you.
Improve our services.
What is the Legal Basis for our processing your Personal Information?
When we use your personal information, we are required to have a legal reason for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
Consent: where you have given us clear consent for us to process your personal information for a specific purpose.
Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations).
Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests).
With whom do we share your Personal Information?
We will share personal information with law enforcement or other authorities if required by applicable law.
We may disclose your personal data to our professional advisers and/or insurers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice and managing legal disputes and/or making insurance claims.
How do we store your data?
We currently store your data and communications via email securely on a cloud-based storage programme. Access to both computers used to access the cloud and email account is password protected.
What is our Marketing?
We would like to send you information about our services and newsletters, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, or text message (SMS).
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes or otherwise confirm your consent when you contact us by email or engage us to provide services.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by contacting us at firstname.lastname@example.org.
For more information on your rights in relation to marketing, see ‘What are your data protection rights?’ below.
What are your Data Protection Rights?
The right to access: You have the right to access your personal information and to request a copy of the personal data we hold about you at any time. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at email@example.com.
The right to rectification: You have the right to request that CCAB Certification corrects any information we hold about you which you believe to be inaccurate.
The right to erasure: You have the right to request we erase your personal data concerning you in certain situations.
These circumstances include the following:
It is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed.
You withdraw your consent to any processing which requires consent.
The processing is for direct marketing purposes
The personal data has been unlawfully processed.
However, there are certain general exclusions of the right to erasure, including where processing is necessary:
For exercising the right of freedom of expression and information.
For compliance with a legal obligation.
For establishing, exercising, or defending legal claims.
The right to restrict processing: You have the right to request CCAB Certification restrict the processing of your data, under certain conditions.
The right to object to processing: You have the right to object to our company processing your personal data, under certain conditions.
The right to data portability: You have the right to request CCAB Certification transfers your data to another organisation, or to you, under certain conditions.
How can you contact us?
How can you complain?
We hope that we can resolve any query or concern you may raise about our use of your information.
If you wish to raise a complaint, please contact us by email using the email address: firstname.lastname@example.org or by post to CCAB Certification Ltd, Company Secretary; C/O Prof D Mills, Joseph Banks Laboratories, University of Lincoln, Beevor Street, Lincoln, LN6 7DL
GDPR also gives you right to lodge a complaint with a relevant authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.