- What information do we collect?
- How do we use this information and what is the legal basis for this use?
- With whom and where will we share your personal data?
- How long will you keep my personal data?
- Where is my data stored and where is it sent?
- What are my rights in relation to my personal data?
- What should you do if your personal information changes?
- What if you choose to withdraw use of your data from us?
- Where can I find more information about this?
IRATA International (ICO registration Z9527276) (herein known as “IRATA”) takes your privacy seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you require more information, please contact us at email@example.com.
Our personal data handling policy and procedures have been developed in line with the requirements of the General Data Protection Regulation (in force from 25 May 2018) and applicable laws of the United Kingdom. Where you use services provided by IRATA, the controller of your personal data will be IRATA.
2. WHAT INFORMATION DO WE COLLECT?
We collect and process personal data about you when you interact with us and our members and affiliates.
We collect personal data about you (or your business) from the personal data you provide to us:
- when you apply for our products, services or events (e.g. rope access technician certification or membership);
- when you deliver services on our behalf;
- when you talk to us on the phone;
- in feedback and surveys;
- in a complaint or appeal;
- medical reports or information that you have provided us with;
- when you use our website; and
- in emails, letters or other documents.
The personal data we process may include:
- your name;
- your date of birth;
- your username and password;
- your home or work address, email address and/or phone number;
- your payment and delivery details, including billing and delivery addresses, where you make payments to us;
- information with regard to key contacts within your organisation;
- information related to the browser or device you use to access our website;
- internet browser and operating system;
- your IRATA identification number;
- a photographic image of you;
- information regarding complaints or appeals you may have been involved in;
- training records;
- assessment (examination) records;
- information you provide to us within an application;
- any other information you provide directly or via an IRATA member company;
- IRATA related travel and accommodation information (where applicable); and
- details of your employer.
3. HOW DO WE USE THIS INFORMATION AND WHAT IS THE LEGAL BASIS FOR THIS USE?
3.1 Member Companies, IRATA Certified Persons and General Service Users
Where you are an IRATA Member Company, an Applicant IRATA Member Company, a General Service User, an IRATA Certified Person, an individual candidate for IRATA certification; or an IRATA Committee Member; the controller of your personal data will be IRATA.
IRATA processes the personal data, listed in Section 2, for the following purposes:
- as required to establish and fulfil a contract with you. This may include verifying your identity, taking payments, communicating with you, providing our certification services and arranging provision of products or services. We require this information in order to enter into a contract with you and may be unable to do so without it;
- to comply with applicable law and regulation;
- in accordance with our legitimate interests in protecting IRATA’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
- to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our services; our members or certified persons;
- to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
- to monitor use of our websites and online services. We may use your information to help us check, improve and protect our content, services and websites, both online and offline, in accordance with our legitimate interests;
- to use third parties (such as POS payment providers) to check the validity of payment information you submit in order to prevent fraud, in accordance with our legitimate interests and those of third parties;
- in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests;
- to invite you to take part in research, invite feedback or collect personal data in accordance with our legitimate interests; and
- to send you direct marketing in relation to relevant IRATA services, events or meetings in accordance with our legitimate interests. However, IRATA does not use your personal data to engage in direct marketing by 3rd parties.
3.2 Committee Members
3.2.1 Where you are an IRATA Committee Member your personal data will be used for our legitimate interests to:
- enable us to generate standards, administer standards development, validate your involvement in a committee and enable you to liaise with other committee members including through digital conferencing;
- administer the standards and rope access related process, including running committees and maintenance and monitoring of committee membership in order to ensure compliance to IRATA requirements;
- address matters related to legal claims, compliance, regulatory and investigative purposes;
- invite you to take part in project research or to send you committee information and updates;
- invite you to committee meetings and events;
- respond to your comments or complaints, including to investigate any complaints received from you or from others;
- generate lists, information and statistics regarding the composition of committees;
- monitor use of our websites and online services and use your information to help us check, improve and protect our products, content, services and websites, both online and offline;
- identify IRATA Committee Members on the https://irata.org website;
- monitor use, prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime and unauthorised use of IRATA documentation in accordance with applicable law; and
- conduct ballots.
3.2.2 How long will you keep my personal data?
Where you are a Committee Member, we will keep your personal data for the lifecycle of your committee involvement. Beyond that, we will retain your details to evidence past activities of the committees in so far they relate to IRATA governance.
3.3 Job Applicants
Unless we inform you otherwise during the recruitment process, IRATA will be your data controller and will be the company to which you provide your consent for the processing of your personal data.
3.3.1 We collect and process personal data about you when you apply for a job with us in order to comply with applicable law and regulation, liaise with recruitment agencies (if applicable), take up references, fulfil our legitimate interests and evaluate your application. The personal data we may hold includes:
- your name, home address, email address and/or phone numbers;
- your date of birth, nationality, National Insurance number and banking details (where you provide this to us);
- your educational and employment history;
- other information contained within your CV or other documents or information you submit to us;
- information from the selection process, if any;
- references and assessments relating to your work for previous employers;
- information to confirm your identity and right to work, such as a copy of your passport;
- details of any unspent criminal convictions; and
- with your specific consent, information relating to your gender, nationality, disability and other diversity-related information.
3.3.2 What is the source of this information
We obtain this information directly from you, our personnel, through our systems and equipment, as well as from third parties such as recruitment agencies, background checking companies, former employers, or other referees. We may also obtain it from your public profiles available online.
3.3.3 How do we use this information and what is the legal basis for this use?
We process the personal data above for the following purposes only in accordance with our legitimate interests:
- to enable us to comply with our legal and regulatory obligations;
- to make recruitment decisions;
- to prevent and detect fraud and other wrongdoing;
- to establish, exercise or defend our legal rights; and
- to manage risk.
4. WITH WHOM AND WHERE WILL WE SHARE YOUR PERSONAL DATA?
We may share your personal data with IRATA member companies and partners to process it for our legitimate interests and to deliver services where elements of these are provided by member companies other than those with which you have directly contracted.
We may also share your personal data with third parties such as:
- our staff, professional advisors such as our auditors, assessors, verifiers and external legal and financial accountants;
- credit reference and fraud prevention agencies
- payroll service providers;
- public information sources such as Companies House;
- agents working on our behalf; and
- our suppliers, business partners, recruitment agencies and sub-contractors.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of IRATA for the purposes above. Such third parties include, but are not limited to, providers of website hosting, maintenance and related certification activities.
We may also share your personal data if the make-up of IRATA changes in the future. For example, we may restructure our organisation.
5. HOW LONG WILL YOU KEEP MY PERSONAL DATA?
Where you are certified by us, we will keep your information indefinitely for one of these reasons:
- to respond to any questions or complaints;
- to show that we treated you fairly;
- for certification purposes;
- to maintain records according to rules that apply to us; or
- for research or statistical purposes.
We are also required to retain certain information as required by law, or for as long as is reasonably necessary, to meet regulatory requirements resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a service user and you have expressly consented to us contacting you, we will only retain your personal data until you unsubscribe from our communications. However, if you unsubscribe from our communications, it may mean that we cannot provide our services. It could mean that we cancel a product or service you have with us.
In the case of any contact you may have with our Administrative Team, we will retain these details for as long as is necessary to resolve your query and they may be kept on file to provide an audit trail.
We will not keep the personal data connected to an unsuccessful job application (including any interview records) for any period longer than required to notify you that your application has been unsuccessful or such time that the record is no longer required for the prevision of feedback.
In some instances, laws may require IRATA to hold certain information for specific periods other than those listed above.
6. WHERE IS MY DATA STORED AND WHERE IS IT SENT?
The personal data that we collect from you may be transferred to and stored outside the European Economic Area (“EEA”) for activities related to your certification or for compliance with legal duties.
It may also be processed by our member companies outside the EEA who work with us in relation to our certification activities, in which case these third parties will have applicable safeguards in place. For example, we may transfer information to a non-EEA country with privacy laws that provide the same protection as the EEA or put in place a contract with the third party that protects personal data to the same standards in the EEA.
7. WHAT ARE MY RIGHTS IN RELATION TO MY PERSONAL DATA?
You have the right to ask us not to process your personal data for direct marketing purposes, for example to let you know about events or changes to significant documents or processes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal data, contacting us on firstname.lastname@example.org, or clicking the unsubscribe button on any communication we have sent to you.
Where you have consented to us using your personal data, you can withdraw that consent at any time. If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.
Where you have provided your personal data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you are able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data: (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don’t have a good reason to continue to use it; or (d) if we haven’t handled your personal data in accordance with our obligations.
8. WHAT SHOULD YOU DO IF YOUR PERSONAL INFORMATION CHANGES?
You should tell us immediately by writing to: email@example.com.
9. WHAT IF YOU CHOOSE TO WITHDRAW USE OF YOUR DATA FROM US?
If you want to object to how we use your personal data, or ask us to restrict its use or delete it, please contact us.
We may need to collect personal data by law, to fulfil our legitimate interests or under the terms of a contract we have with you.
If you choose not to allow us to continue using this personal data or to withdraw it, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the activities needed to provide our services. It could mean that we have no alternative but to cancel your certification, a product or service we provide to you.
IRATA will not sell your personal data or share it with other parties for marketing purposes.
11. WHERE CAN I FIND MORE INFORMATION ABOUT THIS?
Should you have any queries regarding this Privacy Notice, about IRATA’s processing of your personal data, or wish to exercise your rights you can contact IRATA using this email address: firstname.lastname@example.org.