Privacy Policy

Personal data we collect and why we collect it:

Contact forms:

Our “Request a Quote” form collects and stores the data you enter into each field including name, company, phone number, email address, and a list of the standards about which you require more information, as well as your IP address to aid in SPAM prevention. This data is sent via email to our Sales and Marketing inbox and stored in the WordPress database in case of errors. Data provided is only used to contact you regarding your immediate quote request. If at any time you indicate you do not wish to proceed with our company, you shall not be contacted again. We do not use marketing lists or bulk emails; all correspondence is manual.

Cookies:

Our website does not use cookies for unauthenticated users. Only employees of our company are provided with user accounts for this website. Public registration is not permitted.

Analytics:

Our web server collects the following data:

  • IP Address
  • Your browser’s “user agent string”
  • Your operating system
  • The referring URL
  • The page(s) of our site visited

Web server logs are a standard feature of websites and do not use cookies. You may see the information your browser provides web servers, including ours, by visiting https://www.whatismybrowser.com/detect/what-http-headers-is-my-browser-sending.  This is the information stored in server log files in addition to the page(s) visited.

The only potentially personally identifiable information stored in server our log files is your IP address.

This data is used for statistical analysis of visitor behaviour such as pages viewed, for website security, so that the IP addresses of detected hackers can be banned, and to identify website errors such as “404 – page not found”.

The data obtained is stored in an access log file on the server and only accessible to our IT personnel via our server control panel.

Client Data:

Regarding client data, we are the data processor, the client is the data controller. We are responsible for the safekeeping of the records but do not use or have direct access to the information contained except as required for the purposes of internal audits and support queries.

HTML-based client systems data consist of all information in procedures and server logs. Wiki-based systems also include cookies and login names.

Our Feedback Reporting System, Training Records System, and Calibration Records System data includes all information stored in respective reports, records, and server logs. Training Records and Calibration Records Systems also include the names and email addresses of personnel to be notified when records are nearing expiration as designated during set up.

The Document Storage System data is all information included on forms uploaded by clients which may contain personal information. When stored documents are updated, the previous version(s) are archived.

Our Visits Database data includes client contact and visit details, and invoices.

With whom your data is shared:

We do not share your data with anybody.

How long your data is retained:

Data collected through the web server is purged after 12 months.

Data stored in emails, either those sent via our ‘Request a Quote’ form or manually to us, may be archived offline indefinitely but are typically deleted after 2 years.

Data stored in server backups is archived for 2 years following creation and only accessed in the event data restoration is required.

Your rights over your data:

If at any time you wish all your details to be removed from email archives you may contact us by email at data.protection@iso9000.co.uk. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent:

Your data is stored on this server in the WordPress database for 6 months and sent via our own internal email servers.

Additional information:

How your data is protected:

We are certified to ISO 27001:2013 by DAS Certification. ISO 27001 is an international business standard covering the requirements for a comprehensive information security management system.

Data breach procedures:

Under our established ISO 27001 information security procedures we have a full information security incident management, investigation and response plan. All affected information owners and, if required, the Information Commissioners Office (ICO) will be notified within 72 hours of discovering a data breach.

What third parties from whom we receive data:

We do not receive data from third parties.

Use of automated decision making and/or profiling requiring user data:

We do not use any automated decision-making software and we do not profile our user data further than that described above in Analytics.