The General Data Protection Regulation (GDPR) is a comprehensive EU data protection law that came into effect on May 25, 2018. The purpose of this policy is to establish guidelines and procedures related to the management of personal data within the Sound Insulation Testing and Measurement Association (SITMA) in compliance with the GDPR. This policy applies to all individuals and entities involved in the collection, processing, storage, and dissemination of personal data related to the certification scheme.
Collection:
Personal data collected during the certification process shall only be used for the purpose of assessing and maintaining certification. The collection of personal data shall be limited to what is necessary and relevant to the certification process. Personal data shall only be collected with the consent of the individual concerned and in accordance with all applicable data protection laws and regulations, including the GDPR.
All test data uploaded by individuals to the SITMA lodgement system may be used for the used and shared with pre-approved research bodies and home nation governments. Any personal data that may be included in the test data shall be strictly managed in accordance with applicable privacy and data protection laws and regulations.
Processing:
All personal data shall be processed in accordance with the GDPR and all applicable privacy and data protection laws and regulations. The organisation shall ensure that personal data is accurate, up-to-date, and not kept longer than necessary. Access to personal data shall be limited to authorized personnel only.
Storage:
All personal data shall be stored securely in accordance with the GDPR and all applicable privacy and data protection laws and regulations. Personal data shall be adequately protected against unauthorised access, accidental loss or damage, and unlawful destruction or disclosure. The organisation shall ensure that all data processors and third-party service providers involved in the storage of personal data meet the same strict security requirements.
Dissemination:
Personal data shall not be disclosed to third parties without the explicit consent of the individual concerned, unless required by law or for the purpose of certification. the organization shall ensure that any third parties with access to personal data comply with the GDPR and all applicable privacy and data protection laws and regulations.
All individuals providing personal data to the SITMA certification scheme have the following GDPR-related rights:
This policy shall be implemented by all relevant personnel within the organisation. SITMA shall provide appropriate training and resources to ensure compliance with the GDPR and all applicable privacy and data protection laws and regulations. This policy shall be reviewed and updated as necessary to reflect changes in the organisation’s activities and regulatory environment.
SITMA is committed to ensuring compliance with the GDPR and all applicable privacy and data protection laws and regulations. This policy sets out our framework for the management of personal data within the SITMA certification scheme in accordance with the GDPR, reflecting our commitment to the highest standards of data security and confidentiality.
PUS020 v1.0
SITMA are committed to running impartial schemes. Our impartiality statement, GDPR data management, data, whistleblowing policies can be accessed using the links above. This also include SITMA’s full complaints procedure if you are not happy with SITMA’s service.
The Sound Insulation Testing & Measurement Association
Head Office
Unit 3 Tannery Road Industrial Estate
Tannery Road
High Wycombe
Buckinghamshire
HP13 7EQ
+44 (0)1494 358 159
admin@bcta.group