Privacy Policy - Certsee Ltd Services

GDPR Data Policy Notice

Terms and Conditions

By acceptance and consent including sign-in to using our Service, Website and/or Web Portal you are agreeing to Certsee Ltd Data Privacy Policy and GDPR Policy notice therein below offered.


Who are we?
We are: CertSee Ltd
Company Registration Number: 602241
Registered Office: 7 The Green, Burkeen, Wicklow, Co. Wicklow.

What is our role under the General Data Protection Regulation (GDPR)?
We consider ourselves to be the Data Processor acting on behalf of Client Company Corporate Sponsor, School, University, College, Education Institute or Business entity who are the Data Controllers for whom we act.

Both the Data Controllers and the Data Processors are subject to the: 
Office of the Data Protection Commissioner, the Supervisory Authority. 
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
LoCall 1890 25 22 31
Email: info@dataprotection.ie
Web: https://www.dataprotection.ie

Where we act as Web Portal Services Agent:
Where did we get your data?
Originally your data was received through the Registration process of entry into the Web Portal Service as a member or client party (who subsequently any data received by us was through the Data Controller as the client party for the purposes described below)

What is the purpose of processing your data?
Your participation in access to and utilising the Web Portal by consent is subject to ‘Terms & Conditions’ to which you the Data Subject, and the Client Company who is the Data Controller are in agreement and consent exclusively to use. We have been appointed by your Client Company Corporate Sponsor, School, University, College, Education Institute or Business entity to administer fully those ‘Terms and Conditions’. This involves maintaining accounts, operate fully the Web Portal service and all its API’s, company corporate compliance and managing data and web portal/s access/s matters.

What is the lawful basis for this processing?
Processing is necessary for the performance of a contract to which the data subject is party [ Article 6 GDPR (1)b ].
Processing is necessary for compliance with a legal obligation to which the Data Controller is subject
[ Article 6 GDPR (1)c ]. In this instance Client Data Controllers as a Business are required by the Companies Act 2014 to maintain adequate accounting and corporate compliance records. Failure to do so would constitute a breach of the Companies Act 2014 which could result in civil action.
Example of data managed and utilised:

 

What type of data do we keep?
Name, address, email, phone, other general contact information, certified dates of renewals, payment process through encrypted service/s, payment/s comment, Documents in file transfer formats provided by you or contractors, general notes, your password control and logged transaction details,  

Where is this data stored?
This data is stored in a MySQL database on a server which is operated by SuperHosting.BG Ltd. located in Bulgaria. Data stored and transferred is encrypted. Access is only granted to authorised administrators associated with our organisation.

Who is this data shared with?
This data is shared only with similar Data Processors for the purpose described above. These Data Processors are:  could be as list below ‘Classes of Processors’.
Such data shared with each ‘Processor’ is exclusively applied to the type and form of data utilised in the support to the Web Portal service to which each member or client requires the service delivery from.

How long will the data be stored?
Your data will be maintained by us for as long as the member/s access agreement to the Web Portal service is utilised, and as an operational contract between the Data Controller and CertSee Ltd (the Data Processor on behalf of the Data Controller) exists, or for as long as required by legislation or State authorities.

What if your Subscription as a Member lapses?
 There is still an obligation on the Data Controller to maintain adequate accounting and ‘member/s’ records, and a list of past and present members of the Web Portal Access Logging. However if your subscription lapses we will contact you as reminder/s to renew your subscription until you advise of ‘terminated subscription’, there after only your name, email and transaction details are necessary to satisfy this data retention requirement. All other contact details and payment process(s) information is erased.

What if you terminate your subscription to CertSee Web Portal or Service?
There is still an obligation on the Data Controller to maintain adequate accounting and ‘member/s’ records, and a list of past and present members of the Web Portal Access Logging. However if you terminate your subscription only your name, email and transaction details are necessary to satisfy this requirement. All other contact details and payment process(s) information is erased.

Classes of Processors:
This data is shared only with similar Data Processors for the purpose described above.
The classes of Data Processors are:
CertSee Call Centre Service, Web Portal Code Writers, API’s Support Call Centre, Web Portal Access control specialists, Payment Process Agencies (eg: PayPal or similar), Portal Equipment Maintenance Engineers, Database Management Provider, Information Technology Specialists.
This list is not exhaustive and will be extended, we have had to deal with these classes at various times in our various departments and at times these processors have to deal with each Client Company Sponsor, School/s, Universities, Colleges, Education Institute, Corporate Organisations or Business entity(s)
Each Data processor will be subject to an ‘accreditation period’ where ‘Data Sharing and Processor/s Agreements are entered into and signed to ensure consistency & compliance with our overall Data Privacy Policy.

What are your rights? 
You have a right to be informed.
You may request a copy of your member or client data stored ‘live’ at that current date of request.
You may request correction to any erroneous data.
You may request deletion of data, if not in violation of Statutory / State Law authorities, Financial Regulator requirements or Contractual/Terms & Conditions requirements.
You may lodge a complaint in writing to the Client Data Controller or object to processing.
You may lodge a complaint to the Supervisory Authority.
You may withdraw consent if processing originally required specific consent.

What happens in the event of a ‘Data Breach’?
In the case of a data breach by discovery or notified by customer, the Data Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority and Data Subject, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
In the event of a data breach affecting you please email to us: dpo@certsee.com

Changes to this Notice
This Policy may be subject to change the latest version will be on our website.

You can find more information here:
GDPR Act 2016 (pdf):  CLICK HERE
GDPR Act Easy Read:  https://gdpr-info.eu
Official GDPR Website:  https://www.eugdpr.org

Published on:
Last updated: 31/05/2019
Web Version: CertSee_1.03 Final

END OF POLICY



Download your data subject access request form here:  CLICK HERE

CertSee Ltd
Company Registration Number: 602241
Registered Office: 7 The Green, Burkeen, Wicklow, Co. Wicklow.

Due to the many different relationships you may have with CERTSEE LTD if you are going to request information as a data subject we would like to give you the best possible answer.
 
To assist us make a timely reply to` you in gathering the information we have on file, we have generated this handy PDF document (see below) or click HERE for download which will advise of data you should request to get a clear and accurate answer.