Legal

Privacy Policy

How BCERT LTD collects, uses and protects your personal data.

Last Updated13 March 2025
Effective Date13 March 2025
ControllerBCERT LTD
JurisdictionEngland & Wales (UK GDPR)

1. Who We Are

BCERT LTD ("BCERT", "we", "us", "our") is an ISO certification body registered in England and Wales, with its registered office at 7 Bell Yard, London, WC2A 2JR, United Kingdom.

We are the data controller for personal data collected through our website bcert.uk and in connection with our certification services. For any data protection queries, contact us at info@bcert.uk.

2. Data We Collect

We collect personal data in the following circumstances:

When you submit an enquiry or contact form:

  • Name and surname
  • Business email address
  • Organisation name and size
  • Country of operation
  • Standard(s) of interest
  • Any additional information you choose to provide

When you access our website:

  • IP address and browser type (via server logs)
  • Pages visited and time of visit
  • Referring website

When you engage our certification services:

  • Business contact details of key personnel
  • Audit-related documentation as required under ISO/IEC 17021-1

We do not knowingly collect personal data from individuals under the age of 18.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your certification enquiry and provide a quote
  • To deliver certification and audit services under contract
  • To maintain records as required by ISO/IEC 17021-1 and our accreditation body ASCB
  • To send service-related communications (e.g. audit scheduling, certificate renewal reminders)
  • To improve our website and services through anonymised analytics
  • To comply with our legal and regulatory obligations

We will never sell your personal data to third parties, or use it for unsolicited marketing without your explicit consent.

We process your personal data on the following legal bases under UK GDPR:

  • Consent — when you submit an enquiry form and tick the consent checkbox
  • Contract — when processing is necessary to provide certification services you have requested
  • Legal obligation — to comply with accreditation requirements and applicable law
  • Legitimate interests — for website security, fraud prevention, and improving our services, where these interests are not overridden by your rights

5. Sharing Your Data

We do not sell or rent your personal data. We may share it only in the following limited circumstances:

  • ASCB (our accreditation body) — as required under ISO/IEC 17021-1 for oversight and accreditation purposes
  • Service providers — trusted third-party processors who assist us (e.g. email delivery, form handling via Web3Forms) under data processing agreements
  • Legal requirements — if required by law, court order, or regulatory authority

All third parties are contractually required to process your data only as instructed and in accordance with applicable data protection law.

6. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected:

  • Enquiry data — up to 12 months if no contract is formed
  • Certification records — 7 years after certificate expiry, as required by ISO/IEC 17021-1
  • Website logs — up to 90 days

After these periods, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access — to obtain a copy of your personal data
  • Right to rectification — to correct inaccurate data
  • Right to erasure — to request deletion of your data in certain circumstances
  • Right to restriction — to limit how we process your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at info@bcert.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Our website uses only essential cookies necessary for the website to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies that identify individual users.

Essential cookies used include session management cookies that expire when you close your browser. No cookie consent banner is required for essential cookies under UK GDPR.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include HTTPS encryption, access controls, and regular security reviews.

While we take all reasonable steps to protect your data, no internet transmission is 100% secure. If you believe your data has been compromised, contact us immediately at info@bcert.uk.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

This policy is governed by the laws of England and Wales and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.