Stroma Certification is committed to safeguarding the privacy of our clients, members, applicants, website visitors, and other service users. Your information is very important to us, and we handle all of this in line with the current Data Protection laws and regulations. Stroma Certification works to a quality management system recognised by international standards which facilitates our operational activity in working to the required policies and procedures.
We encourage you to read this policy in full to understand how we are using your information. This statement applies to all of Stroma Certification’s interactions with you, the services listed below, and other Stroma Certification products and services which are displayed in this statement. Should Stroma Certification be made aware of any breaches to your personal data under any of the services listed below and other Stroma Certification products and services displayed in this statement, Stroma Certification will implement appropriate procedures immediately to mitigate the risks to your personal data.
Stroma Certification has reviewed the lawful basis for processing personal data under the General Data Protection Regulation. Stroma Certification has determined that the following lawful bases are applicable for the processing of personal data:
Stroma Certification uses consent as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. It will be used when we have received a positive ‘opt-in’ action within our marketing and customer-facing business documents.
We have made the request for consent prominent and separate from our terms and conditions, adding a Permissions to Contact section for the customer to complete at the point of joining and entering into an agreement with Stroma Certification, i.e. certification scheme application form or online enquiry submission. Members, Clients, or Contacts of Stroma Certification are able to update these permissions at any time, and deciding to ‘opt-out’ will not be detrimental to the agreement with Stroma Certification. It is not a precondition of working with Stroma Certification that a customer has to ‘opt-in’ to anything; however, where the agreement in place requires updates to be made relating to that agreement, Stroma Certification will have to contact the customer.
Stroma Certification uses contract as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. This will be used based on an agreement being in place between ourselves and someone enquiring about our services or where a formal agreement has been signed and is active. The requirement to process data will be detailed within the contract.
Stroma Certification uses legal obligation as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. It will be used for the retention and use of personal information. This, for example, can include employment records, accident reports for health and safety, DBS checks, etc.
Stroma Certification uses legitimate interests as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. In processing personal data under legitimate interests, Stroma Certification will:
Identify the legitimate interest under which the data is being processed under.
Show that the processing is necessary to achieve it; and
Balance its use against the individual’s rights and freedoms.
The legitimate interests can be our own interests or the interests of third parties. They can include commercial interests, individual interests, or broader societal benefits; however, we will ensure that evidence can be provided as the necessity of using the personal data. Stroma Certification will balance our interests against the individuals. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests will override our legitimate interests in using their personal data, and therefore it will not be used.
Stroma Certification collects data to operate effectively and provide the best services for our clients and members. You provide some of this data directly, such as when you apply for membership of a certification scheme, register for a Stroma Certification event, download a Stroma Certification Software product, or contact us for technical support. We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time but have included:
Social networks when you grant permission to a Stroma Certification profile to access your data on one or more networks;
Partners with which we offer co-branded services or engage in joint marketing activities; and
Publicly-available sources such as open government databases or other data in the public domain.
You have control over the data we collect, and if asked to provide personal data, you have the option to decline. However, if certain data is required to provide a specific Stroma service or product, you may not be able to access that service or product. The data we collect depends on the context of your interactions with Stroma Certification and the products and services you use. The data we collect can include the following:
Stroma Certification may process ‘Account Data’ when you apply or request a quote for one of our services. We collect your first and last name, email address, postal address, phone number, and other similar contact data via you or your employer. The account data collected will be in accordance with the business relationship between Stroma Certification and the individual or company in order to fulfil contractual requirements.
We collect data about you such as your age, gender, country and preferred language.
We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.
We may process data about your use of our website and services, referred to as ‘usage data’. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
We also collect information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for technical support. When you contact us, such as for technical support, phone conversations with our representatives may be monitored and recorded.
Product-specific sections below describe data collection practices applicable to the use of those products.
Stroma Certification has detailed in this section the following key elements of how we will use personal data:
The categories of personal data that we may process through our levels of interaction.
The source and categories of personal data that we did not obtain directly from you.
The purposes of how we may process personal data.
The legal requirement for processing personal data.
The purpose for using the data we collect is either to operate our business and provide the services we offer; to send communications (including promotional communications) or to exercise the terms of a specific contract made with a client or member.
Each client or member of Stroma Certification has an account created within our internal CRM system. We use your Account Data to provide the services we offer and perform essential business operations. This includes quoting for our services, providing those services, conducting research, and providing technical support:
Providing our Services: We use data to deliver service estimates, and quotations and to provide our services to you.
Technical Support: We use data to diagnose problems in our software, resolve lodgement enquiries and provide other client care and support services.
Service/Product Improvement: We use data to improve our services and products continually. For example, we use errors reported in our software to perform bug fixes and software updates.
Complaint and Dispute Resolution: We use data to protect the security and safety of our clients, members, and the end user, to resolve disputes and settle complaints. For example, lodgement notifications for Energy Performance Certificates can be used to resolve complaints if a homeowner highlights a discrepancy in the EPC rating determined by an energy assessor.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
Stroma Certification may process information relating to transactions, including purchases of software products and services, that you enter into with us and/or through our website, and is referred to as ‘transaction data’. The transaction data may include your contact details, your credit/debit card details and the transaction details. The transaction data may be processed for supplying the purchased products and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
We use data we collect to communicate with you. For example, we may contact you by phone or email, or other means to advertise forthcoming training courses, send industry news and newsletters, inform you of regulatory changes, update you or enquire about a service request, invite you to participate in a survey, or request information relating to the status of an ongoing project. Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional communications from Stroma Certification by email, post and telephone.
We process your data to analyse the use of our website and for business intelligence. This is done via Google Analytics to monitor and improve our website for all visitors and to report on the performance of our website. Further information can be found in our Cookies section. The legal basis for this processing is our legitimate interests.
Stroma Certification may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. Please do not supply any other person's personal data to us, unless we prompt you to do so.
We share your personal data with your consent or as necessary to provide any service you have requested or authorised. For example, we share your data with third parties when you tell us to do so. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services and for fraud prevention and credit risk reduction. Please note that some of our websites include links to the websites of third parties whose privacy practices differ from Stroma Certifications. If you provide personal data to any of those products, your data is governed by their privacy statements.
You can request access to your personal data by completing the online form or by downloading and completing the paper-based form under Section 1.2 Right of Access on the following webpage: https://www.stromacert.com/data-protection.
You can make a request to rectify your personal data by completing the relevant form under Section 1.3 Right to Rectification on the following webpage: https://www.stromacert.com/data-protection.
You can make a request to erase your personal data by completing the relevant form under Section 1.4 Right to Erasure on the following webpage: https://www.stromacert.com/data-protection.
You can choose whether you wish to receive promotional communications from Stroma Certification by email, postal mail and telephone. If you receive promotional email messages from us and would like to opt out, you can do so by following the directions in those messages. These choices do not apply to mandatory service communications that are part of certain Stroma Certification services or to surveys or other informational communications that have their own unsubscribe method.
Stroma Certification ensures that data is managed in line with the latest Data Protection legislation and the General Data Protection Regulation (GDPR) to deliver the following rights. Further details on the remaining 8 individual rights are published on the Stroma Certification website.
Upon receipt of a written request, we will provide stakeholders and employees with a report showing what data is held on them. This will be provided within 30 days of the request’s receipt.
Upon receipt of a written request, we will amend any inaccurate information held on stakeholders and employees within 30 days of the request’s receipt.
Upon receipt of a written request, Stroma Certification will delete the information held on stakeholders and employees within 30 days of receipt. Where there is a clear reason for this data to remain on Stroma Certification records, and this reason will be given to the individual in writing.
Email - email@example.com
Telephone - 0345 621 1111
Writing - 1 Silkwood Park, Fryers Way, Wakefield, WF5 9TJ
This policy statement has been endorsed and approved by:
Stroma Certification Managing Director
Updated: 23rd February 2023