CERT Privacy Policy

Who CERT are

CERT comprises of two companies CERTLabel Ltd – based in the UK and CERTLabel UG – based in Germany (further referred to as ‘CERT’). We provide technical and regulatory support to the retail and manufacturing industry, with a focus on product development. The objective is to ensure your products are safe and compliant for the intended market to be sold in.

Our website address is: https://certlabel.com.

What personal data CERT collect and why it is collected

Comments

When visitors leave comments on the site CERT collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. The website currently does not have any facility to do this, but note has been made so you are aware in case the opportunity arises.

Contact forms

All details left on contact forms are emailed directly to CERT and are not distributed any further. CERT respects it’s clients and confidentiality surrounding the work CERT do.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, CERT will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who CERT share your data with

CERT do not share client data unless a project requires additional third-party technical support (e.g. Test House or Government Official) to conclude a project. If this needs to happen, the client will be informed prior to the event and confirmation obtained on the information to be shared and the reasoning behind this. This may be required if CERT are assisting in registration requirements as an example.

How long CERT retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so CERT can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), CERT also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data CERT hold about you, including any data you have provided to us. You can also request that CERT erase any personal data CERT hold about you. This does not include any data CERT are obliged to keep for administrative, legal, or security purposes.

Where CERT send your data

Visitor comments may be checked through an automated spam detection service. Apart from this, all data submitted is held on record within CERT filing systems which is appropriately firewalled with industry leading protection and under password access.

Your contact information

Contact information provided to CERT is solely for the use of contacting you regarding support on projects taken out with CERT. CERT do not adopt any marketing software or third-party systems and has no intention of doing promotional broadcasts using contact details. All communication done will be specific project requests or communication regarding current projects being carried out. Your contact information will be contained and remain internally for contact purposes, however can be removed on request via: [email protected]

Additional information

How CERT protect your data

All data provided to CERT is treated in strictest confidence and held within password protected storage within CERT. Information is only used with the clients consent and for the benefit of client and CERT.

What data breach procedures CERT have in place

Every care is taken to protect personal data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security. All data is password protected with appropriate anti-hacking software, firewalls and IP tracking.

In the unfortunate circumstance data has been breached, a full investigation will need to take into account the following:

  • the type of data involved;
  • its sensitivity;
  • the protections are in place (e.g. encryptions);
  • what has happened to the data (e.g. has it been lost or stolen);
  • whether the data could be put to any illegal or inappropriate use;
  • data subject(s) affected by the breach, number of individuals involved and the potential effects on those data subject(s);
  • whether there are wider consequences to the breach.

What third parties CERT receive data from

CERT receive data from third party online plugin software which provides anonymous feedback of countries visiting the site, head-count via IP address and the pages visited for reference purposes. CERT do not employ any third party marketing systems or contribute to any marketing databases.

What automated decision making and/or profiling CERT do with user data

CERT do not use automated decision making or profiling as we value our customers and provide tailored solutions for each customer.

Industry regulatory disclosure requirements

If an individuals personal data is affected by an incident, and it has been considered likely to result in a high risk of adversely affecting that individual’s rights and freedoms; they will be informed without undue delay. Notification will include a description of how and when the breach occurred and the data involved. Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks. Individuals will also be provided with a way in which they can contact CERT for further information or to ask questions on what has occurred.