We are the UK Certification Authority for Reinforcing Steels. We are a company limited by guarantee registered in England and Wales under number 176248. Our registered office is at Pembroke House, 21 Pembroke Road, Sevenoaks, Kent TN13 1XR.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
We collect personal information about you directly when you or your organisation register with us, communicate with us, send us feedback, access products or services (including via our websites carescertification.com, careshongkong.com, caresaustralia.com and, if relevant to you, our portal, cares.cloud) and/or post material to our website or portal. In addition, we may collect personal data about you when you or your organisation offers to provide services to us.
We may also collect personal information from you or your organisation indirectly, such as through your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the interactions we have with you or your organisation. The information may include:
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
For details on when we collect personal information, what we collect as well as how we use it, please read the following section. We may use your personal data for the following purposes:
Where you have expressly given us your consent, we may also process your personal data in accordance with that consent to keep you up to date on our services including surveys, marketing and promotional activities.
We may share your personal data including but not exclusively your registered user name, email address, business address and business relationship with us with our sub-contractors as well as our third party suppliers.
This data sharing enables us to provide services or things you have requested, including on-line services or solutions as instructed or requested by you or your organisation.
We will share personal information with law enforcement or other authorities if required by applicable law.
We may transfer your personal information to countries which are located outside the United Kingdom (UK) and European Economic Area (EEA) for any of the purposes set out above.
Such countries do not have the same data protection laws as the UK and EEA. Any transfer of your personal information will be subject to appropriate or suitable relevant safeguards as required by the General Data Protection Regulation to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. This includes, where so required, the entry into EU Standard Contractual Clauses. A copy of such clauses is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the area comprising the UK and EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in a European Economic Area state or in the United Kingdom if you work, normally live or if any alleged infringement of data protection laws occurred in the relevant state. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to firstname.lastname@example.org