This banner reel contains paid advertising

SITMA GDPR Policy

Introduction

The General Data Protection Regulation (GDPR) is a comprehensive EU data protection law that came into effect on May 25, 2018. The purpose of this policy is to establish guidelines and procedures related to the management of personal data within the Sound Insulation Testing and Measurement Association (SITMA) in compliance with the GDPR. This policy applies to all individuals and entities involved in the collection, processing, storage, and dissemination of personal data related to the certification scheme.

Data Management

Collection: 

Personal data collected during the certification process shall only be used for the purpose of assessing and maintaining certification. The collection of personal data shall be limited to what is necessary and relevant to the certification process. Personal data shall only be collected with the consent of the individual concerned and in accordance with all applicable data protection laws and regulations, including the GDPR.

All test data uploaded by individuals to the SITMA lodgement system may be used for the used and shared with pre-approved research bodies and home nation governments. Any personal data that may be included in the test data shall be strictly managed in accordance with applicable privacy and data protection laws and regulations.

Processing: 

All personal data shall be processed in accordance with the GDPR and all applicable privacy and data protection laws and regulations. The organisation shall ensure that personal data is accurate, up-to-date, and not kept longer than necessary. Access to personal data shall be limited to authorized personnel only.

Storage: 

All personal data shall be stored securely in accordance with the GDPR and all applicable privacy and data protection laws and regulations. Personal data shall be adequately protected against unauthorised access, accidental loss or damage, and unlawful destruction or disclosure. The organisation shall ensure that all data processors and third-party service providers involved in the storage of personal data meet the same strict security requirements.

Dissemination: 

Personal data shall not be disclosed to third parties without the explicit consent of the individual concerned, unless required by law or for the purpose of certification. the organization shall ensure that any third parties with access to personal data comply with the GDPR and all applicable privacy and data protection laws and regulations.

Data Subject Rights

All individuals providing personal data to the SITMA certification scheme have the following GDPR-related rights:

  1. Right to Access: Any individual has the right to obtain confirmation as to whether or not their personal data is being processed, and if so, to access their personal data and related information.
  2. Right to Rectification: Any individual has the right to request the rectification of their personal data if it is inaccurate, incomplete, or out-of-date.
  3. Right to Erasure: Any individual has the right to request the erasure of their personal data in certain circumstances, such as if the personal data is no longer necessary for the purpose for which it was collected.
  4. Right to Restriction of Processing: Any individual has the right to request the restriction of processing of their personal data in certain circumstances, such as if the accuracy of the personal data is contested.
  5. Right to Data Portability: Any individual has the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  6. Right to Object: Any individual has the right to object to the processing of their personal data in certain circumstances, such as if the processing is for direct marketing purposes.
  7. Right to Withdraw Consent: Any individual has the right to withdraw their consent to the processing of their personal data at any time.

Implementation

This policy shall be implemented by all relevant personnel within the organisation. SITMA shall provide appropriate training and resources to ensure compliance with the GDPR and all applicable privacy and data protection laws and regulations. This policy shall be reviewed and updated as necessary to reflect changes in the organisation’s activities and regulatory environment.

Conclusion

SITMA is committed to ensuring compliance with the GDPR and all applicable privacy and data protection laws and regulations. This policy sets out our framework for the management of personal data within the SITMA certification scheme in accordance with the GDPR, reflecting our commitment to the highest standards of data security and confidentiality.

 

PUS020 v1.0