Key Members
The key members of staff responsible for the data within SITMA are:
·       Barry Cope – Scheme Manager
·       David Pickavance – Chairman
There are multiple members of staff that use data to conduct their everyday jobs but do not have overall responsibility, such as our Technical Manager, Quality Manager and Auditors.

Types of Personal Data Held

SITMA holds very few pieces of personally identifiable data for each registered tester or member:
·       Name (first and surname)
·       Email Address
·       Telephone Number
·       Photo

Why we hold this data

We need to hold the above types of data in order to:
Communicate with the individual testers
·      Updates to the scheme
·      Information requests (audits etc)
·      Technical Support

Maintain a list of registered testers
·      As required by the Government
·      Ensure testers are visible

Invoicing
·      Ensure we know who to send invoices to
·      Ensure we know who to contact if there are any issues

How we collect this data (Consent)

SITMA collect data through either 

Application forms
·      Paper Copies
·      Digital

Website
·      Industry stakeholders to maintain contact (email distribution list)

Telephone
·      Users may make contact directly through the telephone and ask us to update details

Lodgement
·      Users are able to add and edit their details through our various lodgement portals.

Where we store your data

When a tester registers, data is stored in multiple locations, on multiple websites. This is in order for us to effectively and efficiently carry out our core business.

Accounting Software
SITMA uses a cloud-based accounting package to store details, create invoices / credits etc.

Lodgement Portal
SITMA operates a Lodgement portal which is saved on Microsoft servers (Azure platform).

Email accounts
SITMA hold user data on our email accounts, including a list of contacts.

Mobile telephones
SITMA holds user data on our mobile telephones in order for us to make and receive calls whilst out of the office. The scheme manager has access to all SITMA contacts on his personal phone for emergency use only.

SharePoint
SITMA keeps all data in a SharePoint which is accessible only to SITMA employees. This is cloud based with local copies on our computers.

The scheme manager has access to all data on his personal computer in case of emergency.

How we keep your data secure

Accounting Software
The accounting software is secured with a username and password
It is also encrypted with a class 2 SSL certificate.
SITMA is under contract with the accounting software provider to not share data in accordance with its own GDPR processes. (QMS009 – GDPR & Data Management Page 3 of 3 Document reference: QMS009 Issue Date: 12 Jul 2021 Revision & Issue number: 1.1 Review Date: 12 Jul 2023)

The controlled copy of this document is held on the SITMA computer network. All printed copies are considered uncontrolled.

Lodgement Portal
Contracts with a non-disclosure agreement are in place between the Developers and SITMA so that no data is to be shared externally.
All data is saved on a Microsoft server and is password restricted
The website is secured with a class 2 SSL certificate.

Email accounts and SharePoint
All data is saved on a Microsoft server and is password restricted
The website is secured with a class 2 SSL certificate.

Mobile Telephones
All mobile phones are secured with a thumb print and/or a password to enter.

Rights of Access to Data (Subject Access Requests)

At any time, users may access a copy of all of the data we hold with their personal details on. SITMA acknowledges is has 30 days to comply with any request.

Access can be granted by making a formal request to the Scheme Manager in writing. Email requests are considered acceptable.

SITMA acknowledges that it cannot charge for this service, unless the request is manifestly unfounded or excessive.

Time we keep data

SITMA will keep data indefinitely that is used as part of the lodgement system. The legal justification for this is that we record and test buildings multiple years in the future and it is therefore necessary to know who tested a product and when.

Where testing companies are no longer affiliated with SITMA we remove their name from all public mediums. We keep the data for a minimum of 10 years before all other data is destroyed.