Citation ISO Certification
Privacy Policy

The Citation ISO Certification privacy policy (the “Privacy Policy”) is all about letting you know that we take the protection and management of your personal information very seriously. As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. We, therefore, take great care to protect your personal information or anything which might identify you personally such as:

• Name
• Email address
• Telephone number
• Organisation information (e.g. job title)
• Online identifiers (e.g. IP address)

We collect personal data from you when:

• You express an interest in our products and services either over the phone, via email, social media, webforms, contact us provision, when signing up to newsletters and other communications, when downloading certain content from our website, at events we attend or host or through the live chat on our website.
• If you contact one of our teams you may be asked for your name, company name and other information to assist us in dealing with your query.
• When you make a purchase, we will require financial information for invoicing and collection purposes, this may include bank details, credit card information, invoice name, address, and point of contact.
• Information collected during an assessment, this may include qualifications, training and other evidence necessary to complete the assessment.
• If you attend an event where we are participating, you may have given additional consent to be contacted by us following the event.
• If you connect with us through a social media channel, we will know your social media handle and any other information including photos you make available through our interactions and your profile.
• If you complete surveys or enter competitions they may require contact information such as name, phone number, email address, company name and job title.
• If you complete a registration form on our website when downloading content, we will ask for details such as name, email address, phone number, company name etc…
• When you interact with our live chat function, we may need a name and email address for the functionality to work.
• If you are an applicant for a role at Citation ISO Certification we will require information relating to your employment history which will also include name, address, phone number and email address along with personal data relating to potential referees
• If you visit our office, you will be asked to provide your name, signature, company name and car registration number.

We will also gain personal information from other sources; this includes third parties we purchase or obtain data from to help us identify and grow our business which could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.

We also obtain information from other companies within the Citation Group in order to provide a greater level of service and service offering, or to better understand clients and industries we operate in, or where synergies apply to our business and to yours.

Typically, the personal information we get from third parties includes name, phone number, email address, company name, job title, contact preferences.

When you access our website or use our SaaS products, we use tools such as cookies, beacons, and similar technologies to automatically collect information which may contain personal data from your device and usage of our site and services. The nature of what these tools collect differ between website and SaaS product but still fall into similar categories.

For further information regarding cookies and other similar technologies, please see our cookies policy here.

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser.

If you’d like to opt-out, you can do so at https://mouseflow.com/opt-out. If you’d like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at [email protected]

For more information, see Mouseflow’s Privacy Policy at https://mouseflow.com/privacy/
For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/
For more information on Mouseflow and CCPA visit https://mouseflow.com/ccpa/

Our website uses social media icons such as Facebook and Twitter logos and other social sharing widgets. By using these features, you will be connecting to and sharing information from your browsing session with these organisations. If you are logged into your social media account, it is also possible that they will connect your activity on our site to your social media account.

This is also the case if you access our social media pages on a social media platform. The respective social media company may add your interaction to any information they may already have about you or your interests.

In all cases, in that transfer of data the social media provider is a data controller in their own right and are responsible for what they do with your personal data. Further information can be found in the social media providers privacy notice.

Information we obtain from you is used to:

• Improve and extend our services.
• Respond to your requests for specific services.
• Analyse user/purchaser/visitor interactions.
• Market additional Citation ISO Certification services.

We collect and process personal data for the following purposes and with the following legal bases engaged:

• Where our website is concerned, we are processing your personal data with your consent if it is required and for other elements of our website, we are processing based on the legitimate interest to operate and administer the site. Where site security is concerned and the activities through our cookies that enable a secure site, this is administered as a legitimate interest.
• To download some content from our site you are required to complete a form, this is done with your consent. We may also get in touch with you either by email and/or phone as a result of the download.
• The recording of phone calls by default on all calls is done as a legitimate interest in protecting both Citation ISO Certification and your interests. Call recordings are used for security, monitoring and training purposes.
• We may ask you for personal data when dealing with enquiries for our services, this data would be processed as a legitimate interest in being able to effectively follow up on your enquiry. This is also the case where it relates to a service enquiry or complaint, unless of course it is linked to a contractual obligation, this could include service updates and client communications, in which case it is processed as part of the fulfilment of our contract.
• Setting up and managing your journey as a client is again done as part and parcel of the performance of the contract. This is also the case when it comes to good administration of matters relating to your contract with Citation ISO Certification.
• Managing event registration and administration of the event is done as a legitimate interest in ensuring the efficient administration and follow up of the event. We also rely on legitimate interests to process client contact data for service surveys. If you choose to complete the survey with our partner this is done based on consent.
• Managing your payments and payments relating to the service we provide. This also includes the entirety of the payment process in line with the terms and conditions of our service. We may also from time to time have to escalate this process to a third-party debt collection service. This disclosure of such data would be as a legitimate interest and further processed as part of the contractual terms.
• The identification of opportunities both with prospects and opportunities within our existing client base is done in furthering the legitimate interests of the business. Any sharing of data internally within Citation Group companies is also a legitimate interest when it is done for similar purposes. This data may also be used to improve user experience and our understanding of both the client journey and appropriateness of products and services at different points of client lifecycle either within Citation ISO Certification or across the Citation group.
• Personal advertising on our website is done with your consent when you select ‘Accept All Cookies’. Where advertising of our products and services offline is done in the pursuit of our legitimate interest and is done so with prior consent that you have provided.
• Registering your information as a visitor to one of our offices will be done as a legitimate interest to protect you, our building, business, and colleagues.
• If you provided a testimonial of our service, you will be doing so of your own free will and will be retained until you ask us to remove it.
• Where you have applied as a candidate for a role at our company, we will process your information in order to progress your application, contact you with updates, assess your qualities and capabilities against the requirements of the role and against other candidates. You will also be asked for proof of qualifications, references, and other right to work information such as identification documents. This processing is done in part as a legitimate interest, in part with your consent and in part as a legal obligation. We may also use recruitment companies from time to time, where data is shared with these organisations, we will both be data controllers and you will have been referred to us from them. Further data protection information regarding their activities can be gained directly from the recruitment agency.
• We may use personal data relating to usage of our SaaS products for reporting and analytical purposes, this is a legitimate interest in trying to improve our offering and further the growth of the business.
• We will send sales and marketing communications such as emails or phone calls related to our services and those services of other companies in the Citation Group only if we can do so in accordance with data protection legislation.

Citation ISO Certification may be required under court order to provide personally identifiable information to government authorities. Providing such government departments/agencies have a legal right to access our records and such enquiries are correctly made, we will supply such authorities with the information they require.

We would only share personally identifiable information with third parties not already covered by this notice if:

• You agree to us sharing this information.
• We are forced to bring legal actions against a subscriber who has breached our user agreement.
• We sell, assign or transfer all or part of Citation ISO Certification and the services it provides, providing your personal information is sold, assigned, or transferred only to the acquirer as part of such a transaction.
• They are providing services to Citation ISO Certification. Such third parties are limited in their rights to use such information only for the provision of these services.
• They are affiliates subject to privacy policies that protect your personally identifiable information from disclosure are comparable to this privacy policy.
• If you are a client, we may share your details internally within the Citation Group in order to improve the service offering and range of services we provide, for the good administration and control of the business, marketing, reporting and account management purposes. Our Group companies are data controllers in their own right.

We retain your data for as long as necessary to fulfil the purpose for its collection and processing. In some instances, this may be a short period of time, for instance, as an unsuccessful job applicant we may retain your records for only 6 months once the process has concluded. In other instances, and especially where there is a legal obligation to retain your information for a certain period of time, we will do so in order to comply with the legal requirement; this is typically 6 years.

Once your data is no longer required it shall be deleted.

We record all incoming and outgoing calls for contractual and training purposes.

You have various rights in respect of the personal information Citation ISO Certification holds about you – these are set out in more detail below.  If you wish to exercise any of these rights, you can do so by contacting our Data Protection Officer at [email protected]. Please note that you will need to provide Citation ISO Certification with evidence of your identity for us to complete you request.

You have the right to: –

Request access to your personal information: You can ask us to provide you with a copy of the personal information that Citation ISO Certification holds about you.

Request correction: You can ask us to change or complete any inaccurate or incomplete personal information held about you.

Request erasure: You can ask us to delete your personal information where Citation ISO Certification has no lawful basis for keeping it.

Right to object: You can object to us processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request restriction: You can ask us to restrict our use of your personal information in the following circumstances: –

• If you want us to establish the data’s accuracy.
• Where our use of the data is unlawful, but you do not want the data to be erased.
• Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
• If you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer: You can ask us to provide you or a third party with some of the personal information that e hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

Withdraw consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Citation ISO Certification tries to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated.

If you have any queries concerning this policy, please email [email protected] or call us on 0333 3443 646. We endeavour to acknowledge all requests within 1 working day.

Citation ISO Certification tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It may not provide exhaustive detail of all aspects of Citation ISO Certification’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below:

Citation ISO Certification

Muspole Court

Muspole Street

Norwich

NR3 1DJ

Or you can email us at [email protected].

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns

Citation ISO Certification reserves the right to change its privacy policies at any time. This policy was last reviewed on the 25^th of January 2022.