GDPR Data Management

The purpose of this page is to define how the Air Tightness Testing & Measurement Association (Herein “ATTMA”) receives, records, stores, manages and share’s personal data within the business. This document also sets out the key people responsible for managing data within the business.

Key Members
The key members of staff responsible for the data within ATTMA are:
·       Barry Cope – Scheme Manager
·       David Pickavance – Chairman
There are multiple members of staff that use data to conduct their everyday jobs but do not have overall responsibility, such as our Technical Manager, Quality Manager and Auditors.

Types of Personal Data Held
ATTMA holds very few pieces of personally identifiable data for each registered tester or member:
·       Name (first and surname)
·       Email Address
·       Telephone Number
·       Photo
Why we hold this data
We need to hold the above types of data in order to:
Communicate with the individual testers
·      Updates to the scheme
·      Information requests (audits etc)
·      Technical Support
Maintain a list of registered testers
·      As required by the Government
·      Ensure testers are visible
·      Ensure we know who to send invoices to
·      Ensure we know who to contact if there are any issues
How we collect this data (Consent)
ATTMA collect data through either
Application forms
·      Paper Copies
·      Digital
·      Industry stakeholders to maintain contact (email distribution list)
·      Users may make contact directly through the telephone and ask us to update details
·      Users are able to add and edit their details through our various lodgement portals.
Where we store your data
When a tester registers, data is stored in multiple locations, on multiple websites. This is in order for us to effectively and efficiently carry out our core business.
Online CRM
·      Data is stored on an Access Database of which the backend of the database is saved on a network attached storage drive in the office.
·      It is not accessible without a username and a password.
Accounting Software
·      ATTMA uses a cloud based accounting package to store details, create invoices / credits etc.
Lodgement Portal
·      ATTMA operates three Lodgement portals for various tests. All of which are saved on Microsoft servers (Azure platform).
Email accounts
·      ATTMA hold user data on our email accounts, including a list of contacts.
Mobile telephones
·      ATTMA holds user data on our mobile telephones in order for us to make and receive calls whilst out of the office. The scheme manager has access to all ATTMA contacts on his personal phone for emergency use only.
·      ATTMA keeps all data in a Sharepoint which is accessible only to ATTMA employees. This is cloud based with local copies on our computers. The scheme manager has access to all data on his personal computer in case of emergency.
How we keep your data secure
Access Database
·      ATTMA ensures security by requiring a password for the NAS drive to gain access to data.
·      The NAS drive is secured in a data storage unit with a key, only held by the data controller.
Accounting SoftwareThe accounting software is secured with a username and password
·      It is also encrypted with a class 2 SSL certificate.
·      ATTMA is under contract with the accounting software provider to not share data in accordance with its own GDPR processes.
Lodgement Portal
·      Contracts with a non-disclosure agreement are in place between the Developers and ATTMA so that no data is to be shared externally.
·      All data is saved on a Microsoft server and is password restricted
·      The website is secured with a class 2 SSL certificate.
Email accounts and Sharepoint
·      All data is saved on a Microsoft server and is password restricted
·      The website is secured with a class 2 SSL certificate.
Mobile Telephones
·      All mobile phones are secured with a thumb print and/or a password to enter.
Rights of Access to Data (Subject Access Requests)
At any time, users may access a copy of all of the data we hold with their personal details on. ATTMA acknowledges is has 30 days to comply with any request.
Access can be granted by making a formal request to the Scheme Manager in writing. Email requests are considered acceptable.
ATTMA acknowledges that it cannot charge for this service, unless the request is manifestly unfounded or excessive.
Time we keep data
ATTMA will keep data indefinitely that is used as part of the lodgement system. The legal justification for this is that we record and test buildings multiple years in the future and it is therefore necessary to know who tested a product and when.
Where testing companies are no longer affiliated with ATTMA we remove their name from all public mediums. We keep the data for a minimum of 10 years before all other data is destroyed.