ACM Privacy Notice

This Privacy Notice sets out:

  • who we are;
  • why we need to collect your personal data;
  • the general categories of personal data that we may process;
  • the purposes for which we may process your personal data;
  • the legal bases of the processing;
  • who has access to your data and who the data may be shared with;
  • how we will protect your data;
  • how long we will retain your data;
  • your rights as a data subject;  

Who we are

ACM Limited (company number 04437689) is the data controller. ACM is a subsidiary of EMB-Group Limited and is part of the EMB Group of companies: www.emb-group.co.uk. More information about ACM can be found at: www.acmcert.com

ACM is committed to being transparent about how it collects and uses personal data and to meeting its data protection obligations.

ACM’s Data Privacy Manager can be contacted at: dataprotectionenquiries@emb-group.co.uk

A copy of EMB Group’s Data Protection and Privacy Policy can be found online at: http://www.emb-group.co.uk/data-protection-privacy-policy/

Purpose of the processing and the lawful basis for the processing

Processing of your personal data may be necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. 

Processing of your personal data may also be necessary to enable ACM to comply with legal obligations to which ACM is subject.  For example, we may be required to collect personal data of interviewees in the course of an audit.

The personal data that we may collect includes your name, job title, address and contact details, including email address and telephone number.

Who has access to your data?

Your information may be shared internally, including with ACM staff and managers and IT staff if access to the data is necessary for performance of their roles.

Your data may be shared with UK Accreditation Service (UKAS), the national accreditation body for the United Kingdom that oversees organisations that provide certification, testing, inspection and calibration services. Your data may also be shared with the Chartered Quality Institute for the International Register of Certificated Auditors (IRCA) and Safety Schemes in Procurement Limited (SSIP) for compliance and registration purposes.

ACM, as data controller, also shares your data with third parties that process data on its behalf and which provide services to ACM and its clients, including agents and auditors employed by ACM to undertake audits. ACM does not permit third parties to use the data for any other purpose.

How does ACM protect your data?

ACM takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised employees in the performance of their duties. The EMB Group of companies holds ISO27001:2013 information security certification as well as Cyber Essentials Plus certification.

Where ACM engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

ACM will not transfer your data to countries outside the European Economic Area.

Retention period

ACM normally holds data for seven years after performance. Data held by ACM is securely destroyed at the end of the retention period.

Consequences of failure to provide personal data

Failure to provide the required personal data may mean that ACM is unable to provide you with services.

Automated decision making

ACM does not use automated decision-making.

Your rights as a data subject

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • request the organisation to delete or stop processing your data, when the data is no longer necessary for the purposes of processing.

If you would like to exercise any of these rights, please contact ACM’s Data Privacy Manager by e-mail at: dataprotectionenquiries@emb-group.co.uk

If you believe that ACM has not complied with your data protection rights, you can complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/handling/

GET A QUOTE

Get a quote for certification

WORKSHOPS AND TRAINING

ACM workshops and training calendar

CONTACT US

Get in touch with ACM on 0845 504 6262 or email: info@acmcert.com
.