Document Control Information
Policy Number: GDPR-SSSCP/SSSCSW-2024
Registration Reference (Ltd): ZB761611
Registration Reference (CIC): [to be added once registered]
Date Registered: 26 September 2024 (Ltd)
Registration Expires: 25 September 2025 (Ltd)
Document Owner: Data Protection Officer
Review Frequency: Annual, with additional reviews as required by regulatory changes or organisational updates.
This GDPR Privacy Policy applies to:
SSS Compliance Services Ltd (Company No. 15493208) trading as SSS Competency Passport (SSSCP).
SSS Competence, Skills & Wellbeing CIC (SSSCSW CIC) (Company No. 1671806), a not-for-profit, asset-locked community interest company.
Both organisations are committed to protecting privacy and ensuring that personal data is collected, used, stored, and shared in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We may collect and process:
Contact details: name, address, phone, email.
Identity and verification documents: right-to-work documents, qualifications, certifications, site cards.
Professional information: CV, employment history, licences, memberships, insurances (Ltd only).
Programme and participation data: enrolments, attendance, activity records (CIC only).
Wellbeing reflections: information voluntarily shared in CIC programmes.
Financial data: payments, donations, Gift Aid records.
Directly from individuals (registration, uploads, donations, participation).
From employers, training providers, or regulators (for competence verification).
Through programme delivery (attendance, reflection tools, surveys).
Via trusted third-party verification or payment providers.
We use personal data to:
For Ltd (SSSCP):
Manage membership accounts.
Enable competence verification via Profile Checker.
Provide compliance support through TRACK-IT.
Meet legal obligations under the Building Safety Act and related frameworks.
For CIC (SSSCSW):
Deliver wellbeing and community programmes.
Manage donations and apply funds to community benefit.
Report anonymised outcomes to funders and regulators.
Fulfil safeguarding duties.
We may share personal data with:
Employers, clients, or regulators conducting compliance checks (Ltd).
Funders, regulators, or partners for reporting purposes (CIC).
Trusted service providers (IT hosting, payment processors).
Safeguarding or legal authorities where required by law.
We never sell personal data.
Encrypted storage and transmission of all records.
Access restricted to authorised personnel only.
Confidentiality agreements in place for staff, trustees, and providers.
Data breach response protocol: ICO and affected individuals notified within 72 hours if required.
SSSCP membership data: retained for as long as the account is active; deleted when closed unless required by law.
CIC programme data: retained only for the life of the project and reporting cycle.
Wellbeing reflections: deleted or anonymised unless ongoing consent is given.
Financial and donation records: retained for 7 years for HMRC compliance.
Under GDPR, individuals have the right to:
Access their personal data.
Request corrections to inaccurate data.
Request deletion (subject to legal or safeguarding obligations).
Restrict or object to processing.
Request portability (transfer of data to another provider).
Withdraw consent where processing is based on consent.
Requests should be made to admin@ssspassport.co.uk.
Both organisations commit to:
Regular monitoring of data access and use.
Annual data protection reviews.
Staff and trustee training on GDPR compliance.
We may update this policy from time to time to reflect changes in law or organisational practice. Significant changes will be communicated via our websites or directly where appropriate.
Data Protection Officer
SSS Compliance Services Ltd (15493208) & SSSCSW CIC (1671806)
10 Netherfield Lane
Old Church Warsop
Mansfield
Nottinghamshire
NG20 0RR
Email: admin@ssspassport.co.uk
