Webcertain and the GDPR

Webcertain complies with all laws and regulations and this includes the General Data Protection Regulation which came into force on May 25th, 2018. Here are the steps we take to ensure our compliance, if you need any further information please email privacy@webcertain.com:

Data Protection Audit

Webcertain has implemented a process to review and audit the company’s compliance with GDPR on an annual basis. This document follows a first audit which implemented a number of changes to our personal data management.

Personal data

Webcertain has documented the personal data it handles and manages’ bearing in mind that Webcertain operates as a business-to-business supplier. Predominantly, the data we use relates to businesses and is not personal. However, we aim to deliver high standards of data protection to business data also.

Lawful basis for processing personal data

Webcertain needs to process some personal data (mainly contact data and job role information) in order to effectively deliver its contracts for customers. Webcertain also obtains consent to provide useful “how to” information and guidance as part of its own marketing.

Obtaining consent

Consent is sought before a user subscribes to our know-how platform which distributes useful “how-to” information. We explicitly ask for consent and this is recorded in our system.

Systems for consent

Global Central is our core data management platform that manages consent. It also provides a control panel that any user can use to view, change or remove any data we hold on them.

Children’s personal data

Webcertain doesn’t store children’s data.

Registered with ICO

Webcertain has registered with ICO as a data processor - A8355790.

Privacy information built into the business

Webcertain has always approached privacy carefully and continues to do so and to comply with the law. GDPR has been introduced to staff with regularly training provided to enhance awareness.

Provide right of access and download capabilities - staff and customers

Both customers and staff are provided with control panels where they can access the data that is stored on them. The customer control panel is part of the Global Central technology. Customers can request to close their subscription accounts themselves. Where the data is contract-based they’ll need to request it from an Account Manager.

Rectification

Webcertain always rectifies any incorrect data immediately once notified.

Right to erasure

All consent-based customers, ex-employees and former contract-based customers, have the right to have their data erased and need to request this via privacy@webcertain.com.

Options to restrict onward processing

Webcertain has no method for restricting processing, but does not share personal data with third parties, so the Personal Control Panel allows for maximum adjustment of the data processed by Webcertain.

CSV download for right to data portability

The Personal Control Panel will shortly have a CSV download option added but until then this can be requested via the email privacy@webcertain.com.

Rights related to automated decision making including profiling

Webcertain uses personalisation tools within its Global Central technology which gives scores to countries and areas of interest. These scores are available currently as downloads by request at privacy@webcertain.com , but will become editable in the Personal Control Panel by users shortly.

Accountability

Webcertain adopts a “data protection by design and default” approach as recommended by the ICO. Our core technology Global Central provides us with clear tools to use to manage data and provide compliance and is being continuously improved. Meanwhile, our contracting process incorporates GDPR for the companies’ suppliers and supplier contracts.

Data protection awareness training for staff

All staff have been made aware of GDPR, a training programme for GDPR has been introduced and GDPR is covered in the inductions for new staff.

Processor contracts

Customer personal data held by Webcertain is not processed by third party processors.

Information risks

Webcertain implements Data Protection Impact Assessments whenever there is shown to be a high risk to personal data. This is normally rare, as we hold relatively low levels of personal data.

Data protection officer

Webcertain believes we aren’t required to appoint a Data Protection Officer but have decided to do so in any case and for the avoidance of doubt. The current Data Protection Officer is CEO Andy Atkins-Krueger.

Management responsibility

The management takes all aspects of GDPR seriously and the CEO is the Data Protection Officer.

Information security policy

Webcertain uses appropriate technical and organisational measures to ensure the security of all the data we hold and especially the personal data. Additionally, we continuously review our security measures.

Breach notification

If you become aware of a breach of our policy on GDPR, please notify us using the email privacy@webcertain.com.

international transfers

Webcertain does not transfer personal data outside of the European Union.

Cookies

We use cookies to personalise your experience enabling you to use the full functionality of our site. You are given the opportunity to accept cookies when you first visit our website. You will be able to edit your preferences with certain cookies (e.g. third-party cookies) in your account profile, and from any marketing email we send you.

Essential cookies

These are necessary to enable the basic features of our site to function, such as providing secure log-in.

Functional and Performance cookies

These types of cookies allow us to analyse your experience of the site to evaluate and improve performance.

Targeting/ advertising cookies

Advertising cookies allow us to show you ads that are more relevant to you. We share some information with third parties whom we advertise with, so we know how you have reached our website. This information is not personal and cannot be used to identify you online. We also use cookies to identify the parts of the website that you are interested in. We then use this information to tailor how we communicate with you and the content we send you. You can opt out of these.