Telephone : 01908 041 464 | Email : sales@isocomplianceregister.co.uk

Data Protection and Data Privacy Policy

ISO Compliance Register (ICR) Limited Website, Promotion and Subscription Terms & Conditions

Data Protection and Data Privacy Policy

Please read these Date Protection and Data Privacy Policy carefully before using any services, online tool or
application provided by ICR.

Version

Version 1.  Dated 1st January 2023.

Registered Address

ISO Compliance Register;

Suite 14-3, Linford Forum, Rockingham Drive, Milton Keynes, MK14 6LY

Introduction

Your privacy is important to us, and the ISO Compliance Register Ltd (ICR) team are all committed to ensuring that your
privacy is protected.

In compliance with the General Data Protection Requirements and associated UK Legislation concerning Data Protection,
this privacy policy sets out how ICR will use and protect any information in our care.

We provide the following services:

  • Software
  • Direct consultancy
  • Online support

We use data in the following way:

  • Providing online information and support through a range of online tools
  • Providing the ICR Tool
  • Maintaining customer relationships through a CRM and email system
  • Maintaining consultancy information and general business information through office software and secure document
    sharing platforms

Should we ask you to provide certain information by which you can be identified, then you can be assured that it will
only be used in accordance with this privacy statement.

ICR may change this policy from time to time by updating this page. You should check this page from time to time to
ensure that you are happy with any changes. This policy is effective from 1st January
2023.

Definitions

For the purposes of these Terms and Conditions, the
following shall apply: Online tool or application: Refers to any online tool or application provided by ICR, including the:

  • ISOComplianceRegister.co.uk
  • App.isocomplianceregister.co.uk
  • Help/isocomplianceregister.co.uk

Applicable Law

ICR and it’s clients agree that the courts of the United Kingdom and England will have exclusive jurisdiction in
relation to any claims, disputes or difference concerning our engagement and any matters that arise from it.

Privacy Policy

In the scope of our operations as a Business to Business provider of consultancy services, ICR can be classified as
‘Controllers’ of data. We do not process information for others, nor do we profile or manipulate data to generate
insights into personal data. Where the following are applicable, we are committed to

  • Fair and transparent control or processing;
  • Legitimate interests pursued by controllers in specific contexts;
  • Clarity on the collection of personal data, where it is applicable to our systems;
  • The pseudonymisation of personal data;
  • Supporting our Clients with information they can provide to individuals and the exercise of individuals’
    rights;
  • We never work with Children, but we will support our Clients with information provided to and the protection of
    children by forwarding information from recognised government sources including the ICO (including mechanisms
    for obtaining parental consent);
  • Technical and organisational measures, including data protection by design and by default and security
    measures;
  • Breach notification;
  • Managing data transfers outside the EU;
  • Maintaining an Information Security system to the requirements of ISO 27001:2022 which includes procedures for
    Complaints and Dispute Resolution.

Cookies Policy

What are cookies?

This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we
collect using cookies and how that information is used, and how to manage the cookie settings.

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the
website is loaded on your browser. These cookies help us make the website function properly, make it more secure,
provide better user experience, and understand how the website performs and to analyze what works and where it needs
improvement.

How do we use cookies?

As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party
cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally
identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with
our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing
you with a better and improved user experience and help speed up your future interactions with our website.

Types of Cookies we use & Manage cookie preferences

You can change your cookie preferences any time by clicking the banner on the front end website. This will let you
revisit the cookie consent banner and change your preferences or withdraw your consent right away.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can
change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on
how to manage and delete cookies from the major web browsers.

Browser

Link

Chrome

https://support.google.com/accounts/answer/32050

Safari

https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox

https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Internet
Explorer

https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

Please note that ISO Compliance Registers Ltd cannot be responsible for external websites. You are searching this
information at your own risk.

If you are using any other web browser, please visit your browser’s official support documents.

Our Products

ICR offers the following:

  • ICR Website
  • ICR Helpdesk
  • ICR Compliance Register tool
  • Direct Consultancy Services

The ICR Website is used for the day to day management of business communications with our clients regarding the status
of projects. We provide a Compliance Register tool for the purposes of information and knowledge transfer about
legislation, associated guidance and other requirements that are relevant to ISO management systems.

  • We maintain personal information on the Compliance Register tool in the following way: User profile data as far
    as the User wants to enter such information, but this is limited to the address of the business and the title of
    the role they may have
  • The ISO Compliance Register tool provides functionality for Organisations to build capacity and training about
    information they choose to log in their legal registers. Organisations may share information about their
    registers with their teams / user communities.
  • Personal Data is maintained relevant to use of the system only.
  • Users access the system with encrypted passwords.

All our online tools and applications contain notifications linked to Users preferences, which can be discontinued at
any time. Data about these processes is not stored or processed.

All financial transactions are held in third party management systems and ICR holds no information on banking, payment
cards or accounts whatsoever.

Our Business to Business Data Systems

For the purposes of improving our relationship with our Customers, we may collect and store information about potential
and actual customers and store this in our Customer Relation Management system (CRM).

The scope of this information is in our business to business relationship. This would only classify as personal data
where the individuals business status is recognised as such in UK and European Law. The following information may be
collected:

  • Name and Job Title
  • Contact information including email address
  • Demographic information such as postcode, preferences and interests

We require this information to understand your needs and provide you with a better service, and in particular for the
following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • We may periodically send promotional emails about new products, special offers or other information which we
    think you may find interesting using the email address which you have provided. All recipients will have the
    ability to unsubscribe from the email service
  • From time to time, we may also use your information to contact you for market research purposes. We may contact
    you by email, phone, fax or mail. We may use the information to customise the website according to your
    interests.

We will never sell, distribute or lease your personal information to third parties.

Confidentiality

All Communication, by any mean or form, between us is confidential. We are happy to sign relevant Non-Disclosure
Agreements that Clients may require in addition. Where appropriate, and by prior agreement with Clients, we may promote
individual companies in marketing communications. These communications will in no way break any confidences in operating
methods or confidential information.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we
have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we
collect online.

Complaints

We are committed to providing you with our best service that is effective and efficient. If you do have any cause for
concern or complaint, please contact us immediately. We will follow our documented complaints management process to
ensure that the complaint is investigated, resolved and communication with relevant stakeholders maintained.

Trademark

ISO Compliance Register Ltd is protected under UK Law for:

Class 9: Training software.

Class 41: Training and education services.

Google Analytics

We use Google Analytics to collect information on how visitors use of our online tools and applications. This
information helps us to generate reports and to help us develop the use of the tools. These cookies collect information
in an anonymous form, the information collected is the number of visitors to the site, how visitors have arrived at our
website and all the pages that are visited. For further information you can visit
http://www.google.com/policies/privacy/

Links to other websites

Controlling your information given via our online tools and applications. You may choose to restrict the collection or
use of your personal information in the following ways:

  • If you fill out a contact form on ISOComplianceRegister.co.uk or any sub-domains, we will respond to you
    appropriately. We will not maintain any information until such time as we have established a working
    relationship with you.
  • You may request details of personal information which we hold about you. If you would like a copy of the
    information held on you, please write to us.
  • If you believe that any information we are holding on you is incorrect or incomplete, please write to or email
    us as soon as possible, at the above address. We will promptly correct any information found to be
    incorrect.

Virus Protection, Viruses, Hacking or other Information Security Issues

Under the Computer Misuse Act 1990, you may not misuse our online tools and applications by introducing viruses, Trojan
horses, worms, logic bombs, browser jacking software or other material or programmes that are malicious and harmful to
ours or other users technology. You must not attempt to gain access to our online tools and applications, our servers or
other hardware.

These Terms and Conditions are governed by the laws of the United Kingdom

Restrictions

You agree not to, and you will not permit others to use our online tools or applications to:

  • License, sell, rent, lease, assign, distribute, transmit, host, outsource, disclose or otherwise commercially
    exploit the Applications or make the Applications available to any third party.
  • Use the Applications for purposes of sharing or distributing:
    • articles, documents, images, speeches or videos that promote corruption, terrorism or encourage
      violence
    • content encouraging people to commit acts of terrorism
    • websites made by terrorist or extremist organisations
    • videos of terrorist attacks, extreme violence or glorification of violence
    • Anything to do with the manufacture, sales or trading in Armaments
    • Pornography or Pornographic material

If you do, you will be reported to the UK Government authorities or their relevant agencies.

Modifications to Online tools and Applications

ICR reserves the right to modify, suspend or discontinue, temporarily or permanently, any online tool or application, to
which it connects, with or without notice and without liability from any stakeholder.

Retention of Documents

Under UK legislation, we will maintain correspondence and papers relevant to our transactions and services for 7 years,
after which time it will be destroyed. You must tell us if you want this time period to be extended. Please note any
extension of time may incur a storage fee.

Amendments to this Agreement

ICR reserves the right, at its sole discretion, to modify or replace this Agreement at any time. If a revision is
material, we will provide at least 30 days’ notice prior to any new terms taking effect. What constitutes a material
change will be determined at our sole discretion. Reliance on Advice Whilst we take every effort to provide accurate
information and support to our clients, but we cannot provide legal advice. Therefore, legal advice, particularly on
matters regarding legislation, and matters of health and safety risk assurance should be sought from authorised and
qualified legal practitioners.

Updates to these Terms and Conditions

We may from time to time update and amend these Terms and Conditions based on changing requirements to technology and
legislation in the EU and United Kingdom. We will notify all users of changes via our website. If you want to be
notified individually, please contact us in writing.