{"id":2137,"date":"2021-01-06T15:51:55","date_gmt":"2021-01-06T15:51:55","guid":{"rendered":"https:\/\/www.bcta.group\/attma\/?page_id=2137"},"modified":"2022-05-27T10:00:25","modified_gmt":"2022-05-27T09:00:25","slug":"gdpr-data-management","status":"publish","type":"page","link":"https:\/\/www.bcta.group\/attma\/gdpr-data-management\/","title":{"rendered":"GDPR Data Management"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

GDPR Data Management<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n

The purpose of this page is to define how the Air Tightness Testing & Measurement Association (Herein \u201cATTMA\u201d) receives, records, stores, manages and share\u2019s personal data within the business. This document also sets out the key people responsible for managing data within the business.<\/p>\n\n\n\n

Key Members<\/strong>
The key members of staff responsible for the data within ATTMA are:
\u00b7       Barry Cope \u2013 Scheme Manager
\u00b7       David Pickavance \u2013 Chairman
There are multiple members of staff that use data to conduct their everyday jobs but do not have overall responsibility, such as our Technical Manager, Quality Manager and Auditors.<\/p>\n\n\n\n

Types of Personal Data Held<\/strong><\/h5>\n\n\n\n
ATTMA holds very few pieces of personally identifiable data for each registered tester or member:
\u00b7       Name (first and surname)
\u00b7       Email Address
\u00b7       Telephone Number
\u00b7       Photo<\/h5>\n\n\n\n
Why we hold this data<\/strong><\/h5>\n\n\n\n
We need to hold the above types of data in order to:
Communicate with the individual testers
\u00b7      Updates to the scheme
\u00b7      Information requests (audits etc)
\u00b7      Technical Support<\/h5>\n\n\n\n
Maintain a list of registered testers
\u00b7      As required by the Government
\u00b7      Ensure testers are visible<\/h5>\n\n\n\n
Invoicing
\u00b7      Ensure we know who to send invoices to
\u00b7      Ensure we know who to contact if there are any issues<\/h5>\n\n\n\n
How we collect this data (Consent)<\/strong><\/h5>\n\n\n\n
ATTMA collect data through either<\/h5>\n\n\n\n
Application forms
\u00b7      Paper Copies
\u00b7      Digital<\/h5>\n\n\n\n
Website
\u00b7      Industry stakeholders to maintain contact (email distribution list)<\/h5>\n\n\n\n
Telephone
\u00b7      Users may make contact directly through the telephone and ask us to update details<\/h5>\n\n\n\n
Lodgement
\u00b7      Users are able to add and edit their details through our various lodgement portals.<\/h5>\n\n\n\n
Where we store your data<\/strong><\/h5>\n\n\n\n
When a tester registers, data is stored in multiple locations, on multiple websites. This is in order for us to effectively and efficiently carry out our core business.<\/h5>\n\n\n\n
Online CRM
\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Data is stored on an Access Database of which the backend of the database is saved on a network attached storage drive in the office.
\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0It is not accessible without a username and a password.<\/h5>\n\n\n\n
Accounting Software
\u00b7      ATTMA uses a cloud based accounting package to store details, create invoices \/ credits etc.<\/h5>\n\n\n\n
Lodgement Portal
\u00b7      ATTMA operates three Lodgement portals for various tests. All of which are saved on Microsoft servers (Azure platform).<\/h5>\n\n\n\n
Email accounts
\u00b7      ATTMA hold user data on our email accounts, including a list of contacts.<\/h5>\n\n\n\n
Mobile telephones
\u00b7      ATTMA holds user data on our mobile telephones in order for us to make and receive calls whilst out of the office. The scheme manager has access to all ATTMA contacts on his personal phone for emergency use only.<\/h5>\n\n\n\n
Sharepoint
\u00b7      ATTMA keeps all data in a Sharepoint which is accessible only to ATTMA employees. This is cloud based with local copies on our computers. The scheme manager has access to all data on his personal computer in case of emergency.<\/h5>\n\n\n\n
How we keep your data secure<\/strong><\/h5>\n\n\n\n
Access Database
\u00b7      ATTMA ensures security by requiring a password for the NAS drive to gain access to data.
\u00b7      The NAS drive is secured in a data storage unit with a key, only held by the data controller.<\/h5>\n\n\n\n
Accounting SoftwareThe accounting software is secured with a username and password
\u00b7      It is also encrypted with a class 2 SSL certificate.
\u00b7      ATTMA is under contract with the accounting software provider to not share data in accordance with its own GDPR processes.<\/h5>\n\n\n\n
Lodgement Portal
\u00b7      Contracts with a non-disclosure agreement are in place between the Developers and ATTMA so that no data is to be shared externally.
\u00b7      All data is saved on a Microsoft server and is password restricted
\u00b7      The website is secured with a class 2 SSL certificate.<\/h5>\n\n\n\n
Email accounts and Sharepoint
\u00b7      All data is saved on a Microsoft server and is password restricted
\u00b7      The website is secured with a class 2 SSL certificate.<\/h5>\n\n\n\n
Mobile Telephones
\u00b7      All mobile phones are secured with a thumb print and\/or a password to enter.<\/h5>\n\n\n\n
Rights of Access to Data (Subject Access Requests)<\/strong><\/h5>\n\n\n\n
At any time, users may access a copy of all of the data we hold with their personal details on. ATTMA acknowledges is has 30 days to comply with any request.<\/h5>\n\n\n\n
Access can be granted by making a formal request to the Scheme Manager in writing. Email requests are considered acceptable.<\/h5>\n\n\n\n
ATTMA acknowledges that it cannot charge for this service, unless the request is manifestly unfounded or excessive.<\/h5>\n\n\n\n
Time we keep data<\/strong><\/h5>\n\n\n\n
ATTMA will keep data indefinitely that is used as part of the lodgement system. The legal justification for this is that we record and test buildings multiple years in the future and it is therefore necessary to know who tested a product and when.<\/h5>\n\n\n\n
Where testing companies are no longer affiliated with ATTMA we remove their name from all public mediums. We keep the data for a minimum of 10 years before all other data is destroyed.<\/h5>\n\n\n\n

<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

GDPR Data Management The purpose of this page is to define how the Air Tightness Testing & Measurement Association (Herein<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-2137","page","type-page","status-publish","hentry"],"publishpress_future_action":{"enabled":false,"date":"2026-04-18 00:48:42","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/pages\/2137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/comments?post=2137"}],"version-history":[{"count":6,"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/pages\/2137\/revisions"}],"predecessor-version":[{"id":3227,"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/pages\/2137\/revisions\/3227"}],"wp:attachment":[{"href":"https:\/\/www.bcta.group\/attma\/wp-json\/wp\/v2\/media?parent=2137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}