Document Control Information Policy Number: GDPR-SSSCP-UNITE-2024 Registration Reference: ZB761611 Date Registered: 26 September 2024 Registration Expires: 25 September 2025 Document Owner: Data Protection Officer Review Frequency: Annual, with additional reviews as required by regulatory changes or organisational updates.
Introduction
At SSS Compliance Services Ltd. (SSSCP), we are committed to protecting your privacy and the security of your personal data across all services, including:
Membership Services: For creating and managing your membership, including verification and compliance.
SSSCP Software: Specifically the SSSCP Profile Checker and TRACK-IT tools used for compliance verification and regulatory support.
UNITE Social Media Platform: Our social platform for SSSCP members that facilitates networking, collaboration, and the sharing of knowledge.
This GDPR Privacy Policy outlines how we collect, use, store, and protect your personal data across these platforms. By accessing or using SSSCP services, including UNITE, you agree to the terms outlined in this policy.
Information We Collect
In order to provide a comprehensive service on UNITE, we may collect, store, and use the following types of personal data:
Contact Details: Name, email address, telephone number, and address.
Profile Information: Job role, company affiliation, and profile picture.
Content Uploads: User-generated content (such as posts, images, videos, and comments).
Verification Documents: Qualifications, certifications, and licences provided by the user to demonstrate skills and compliance.
Communication Records: Messages or posts made within the UNITE platform, including interactions between members.
Call Recording for Training and Improvement
As part of our commitment to improving service quality, SSSCP records calls for training, quality assurance, and improvement purposes. These recordings will be securely stored in third-party software for a maximum period of 3 months. We will not share these recordings with any third parties unless required by law. Access to the recordings is restricted to authorised personnel for training purposes only. By using our services, you acknowledge and consent to the recording and storage of your calls as per this policy.
Public Sharing of Member Information
By joining UNITE and using the Profile Checker, you agree that the information you provide (including qualifications, certifications, and professional details) may be shared publicly through the platform’s Profile Checker tool. This allows other members and external parties to access and verify your professional qualifications and compliance status. We ensure that only the information you choose to share through your profile will be made publicly available. You can control which information is visible to others through your privacy settings on the platform.
How We Collect Your Information
We collect your personal information in the following ways:
Direct Submission: When you register, create a profile, or upload content (e.g., CV, photos, certifications) to UNITE.
User Interactions: Information generated through your interactions with the platform (e.g., posts, comments, messages).
Third-Party Integrations: Information from third-party verification services or partners (e.g., certification bodies or government databases for identity verification).
How We Use Your Information
Your personal data is used to manage your participation in the UNITE platform and provide the following services:
User Profile Management: To create and manage your profile, ensuring accurate representation of your skills, qualifications, and professional background.
Content Sharing and Interaction: To allow you to post, share, and engage with other members, fostering collaboration and information exchange.
Verification and Compliance: To verify your qualifications and certifications for regulatory compliance and membership purposes.
Platform Communication: To send you important updates, notifications, and information related to your membership and platform activity.
Legal and Regulatory Compliance: To meet obligations under the Building Safety Act and other relevant regulations.
Data Sharing
We only share your personal data when necessary for the following purposes:
Verification: Your personal data may be shared with third-party verification providers to confirm your qualifications, certifications, and compliance.
Duty Holders and Partners: Data may be shared with relevant duty holders for compliance checks under the Building Safety Act or other regulatory frameworks.
Service Providers: Data may be shared with trusted third-party vendors that provide services necessary to run the platform, such as payment processing or content moderation.
All third-party providers are required to process personal data securely and in line with GDPR requirements, and they can only use your data as directed by UNITE.
Data Security
We take your privacy seriously and have implemented robust measures to protect your personal information from unauthorised access, alteration, or misuse. These include:
Encryption: Your personal data is encrypted both in transit and at rest to ensure its safety.
Access Control: Only authorised personnel and third parties with a legitimate need have access to your personal data.
Confidentiality Agreements: All employees, contractors, and third parties with access to your data are bound by confidentiality agreements.
Data Breach Response Protocol: In the event of a data breach, we will notify affected individuals and the relevant authorities within 72 hours of discovering the breach.
Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal or regulatory obligations. Once your data is no longer required, it will be securely deleted or anonymised.
Your Rights Under GDPR
As a user of UNITE, you have the following rights concerning your personal data:
Access: You have the right to request access to the personal information we hold about you.
Correction: You can request corrections if any of your personal data is inaccurate or incomplete.
Erasure: You have the right to request deletion of your data if it is no longer necessary for the purposes for which it was collected.
Restriction: You can restrict the processing of your data in specific circumstances.
Objection: You can object to the processing of your data, particularly for marketing purposes.
Data Portability: You can request that we transfer your personal data to another platform or service provider in a structured, machine-readable format.
To exercise any of these rights, please contact us at [email protected]. We will respond promptly, and most requests are free of charge, though we may charge a small fee for excessive or unfounded requests.
Right to Withdraw Consent
Where your personal data is processed based on your consent, you have the right to withdraw your consent at any time. To withdraw consent, contact us at [email protected]. Upon receiving your request, we will stop processing your data unless required to do so by law.
Monitoring, Reporting, and Accountability
To ensure ongoing compliance with GDPR, we implement the following monitoring and reporting practices:
Regular Data Monitoring: We track and monitor how data is accessed, used, and shared to ensure GDPR compliance.
Data Audits: Periodic audits are conducted to assess how personal data is being handled and identify areas for improvement.
Annual Privacy Impact Reports: We prepare annual reports to assess how personal data protection practices are functioning and share this information with stakeholders.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. Significant updates will be communicated via email or platform notification. We encourage users to regularly review this policy to stay informed about how we handle personal data.
Contact Us
If you have any questions or concerns regarding this Privacy Policy or your personal data, please contact us: Email: [email protected] Mail: Data Protection Officer, SSS Compliance Services Ltd.
By using UNITE and agreeing to this Privacy Policy, you acknowledge that you have read and understand how we handle your personal data.
Additional Considerations for Social Media Platform (UNITE)
User-Generated Content: Any content uploaded by users (posts, images, videos) will be processed according to the terms of this privacy policy. Users should be aware that their content may be shared within the platform but not publicly disclosed outside of it unless they take certain actions (e.g., posting publicly).
Data Sharing with Industry Partners: Since UNITE is designed to be a collaborative platform, data may be shared with industry-specific partners (e.g., training providers, certification bodies) for the purpose of authenticating skills and compliance.
Third-Party Integrations: If UNITE uses third-party tools or integrations (e.g., Google Analytics, social media sharing), users will be informed about how these third parties may process their data.