CREST
(International) (hereafter referred to as “CREST”) includes means CREST (International), with Company
Registration number 09805375, and any or all of its group of companies.
CREST will
use its best endeavours to safeguard the privacy of its contacts and website
visitors. In compliance with UK and European data protection regulations, this
Privacy Policy explains what information we collect, how we use any personal
information that we may collect about you and the data processing practices of
the Company.
Topics:
·
How do we collect information
from you?
·
What information do we collect?
·
Why do we need personal
information?
·
How is your information used?
·
Who has access to your
information?
·
How secure in information about
me?
·
How long is data kept?
·
Does CREST share the
information it receives?
·
Email messages
·
Information to improve our
website
·
Subject Access Requests
·
Cookies
·
Changes to our Privacy Policy
·
Contact
How do we
collect information from you?
We obtain information
about you in a variety of ways including when you contact us about our products
and services, complete an Agreement with us, submit a membership application or
renewal form to us, book an examination with us, make an enquiry to us or when
you use our website.
What
information do we collect?
You provide
most of such information when you request further information about our
services, make an enquiry or communicate with us regarding our services.
As a result
of those actions, you might supply us with such information as title, name,
postal address, email address, telephone number(s), IP address. We will also
collect information from you if you complete any forms, including any on our
website, or if you contact us with comments or specific requests.
Why do we
need personal information?
We need to
collect personal information in order to:
·
ensure member companies are
getting the full benefit of their membership;
·
ensure that we manage CREST
Qualified Individual certifications accurately;
·
endeavour to improve our
services for you.
How is
your information used?
CREST may
use the information you provide us with to:
·
respond to your requests;
·
carry out our obligations
arising from any contracts or agreements entered into by you with us;
·
communicate with you about our
work and services for you;
·
tell you about CREST services;
·
seek your views or comments on
the services we provide for you;
·
notify you of changes to our
services;
·
update our records when
necessary;
·
support our activities on your
behalf (eg. external venues);
·
for marketing purpose
unless you
tell us that we may not do so.
Who has
access to your information?
We may pass
your details on to third parties that are contracted to CREST in the course of
dealing with your request and if this is likely to happen, we will make it
clear to you. These third parties are
obliged to keep your details securely and will use them only to fulfil the
request.
Third
parties that we may share your information with include:
·
The Bank of England (eg. STAR
and CBEST data)
·
The National Cyber Security
Centre (eg. CHECK data, CIR/CIE services)
·
The Civil Aviation Authority
(eg. ASSURE services)
·
Dubai Electronic Security
Centre (eg. CyberForce framework)
We will
never collect sensitive information about you without your explicit consent for
each category and will only collect such data for statistical purposes (our
Legitimate Interest as identified in GDPR Provisions Article 6(1)(f) and
Article 9 (2)(j)).
Please note
that in agreeing to share these details you have not forfeited your rights as
prescribed under the Data Protection Act 1998 and CREST will continue to apply
the same level of care to safeguard your privacy and use of your information
across all our services. Your service
entitlement from CREST will not be affected should you decide not to allow your
data to be shared in this way or if you change your mind at any time in the
future.
How
secure is information about me?
We maintain
physical, electronic and procedural safeguards in connection with the
collection, storage and disclosure of customer information and personal data.
Our internal personnel, who have access to the data, have been trained to
maintain the confidentiality of such information.
How long
is data kept?
The personal
information you provide to us may be retained for up to 15 years or as required
by law. At that point, you will be contacted to seek your consent for us to
retain it for a further period. At the same time, you will have the option to
instruct us to delete it.
If you
choose to visit our website, https://www.crest-approved.org, your visit and any dispute over privacy
is subject to this Privacy Notice, including limitations on damages and
application of the laws of England. If you have any concerns about privacy
please email us at [email protected] a thorough description and we
will do our best to investigate it.
As our
business changes, so may our Privacy Notice.
You should check our website frequently to see recent changes. Unless stated otherwise, our current Privacy
Policy applies to all information that we have about you.
Does
CREST share the information it receives?
Client
privacy is an important aspect of our business and we do not sell it or rent it
to third parties. We will not share your
information with third parties for marketing purposes.
CREST would
share client information only as described below.
·
Within the CREST Group: to
respond to your requests and to manage the purposes for which it was collected.
See also What do we use personal information for? above.
·
Business transfers: as we
continue to develop our business, we might sell or buy other companies,
subsidiaries or business units. In such
transactions, customer information generally is one of the transferred business
assets but remains subject to the promises made in any pre-existing Privacy
Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that CREST or
substantially all of its assets are acquired, customer information will of
course be one of the transferred assets.
·
Protection of CREST: we may
release account and other personal information when we believe release is
appropriate to comply with law or to protect the rights, property or safety our
users or others. This includes exchanging information with other companies and organisations
for fraud protection and credit risk reduction. Where required by law, we will notify
you if such disclosures are necessary.
Email
Messages and Marketing
You may
receive e-mail messages from CREST on matters that we consider may be of
interest to you, if you have provided your email address to us for this
purpose. If you do not wish us to communicate
with you in this way, please tell us. We will provide you with as many means of
doing this as we can.
Information
to improve our website
We collect
web statistics automatically about your visit to our website. This information
is used to help us follow browsing preferences on our website so that we can
regularly improve our website. These statistics
do not contain personal data and cannot be traced back to an individual.
Your
choices
You have a
choice about whether or not you wish to receive information from us. You can
change your preferences at any time by contacting us using the details below.
If you
change email address or any of the other information we hold is inaccurate or
out of date, please contact us using the details below.
Subject
Access Requests
You have the
right to request a copy of the information that we hold about you. If you would
like a copy of some or all of your personal information, please email us or
write to us using the contact details below. We will provide the information
within one month of receipt of the request. By law, we are required to verify
your identity.
We may make
a small charge for this service if the request is excessive or repetitive or
requiring further copies of the same information.
We want to
make sure that your personal information is accurate and up to date. You may
ask us to correct or remove information you think is inaccurate. Under the Data
Protection Act 1998, you can make a formal request for information including:
·
clarification that your
personal data are being processed by the Company;
·
a description and copies of
such personal data;
·
the reasons why such data are
being processed;
·
details of to whom they are or
may be disclosed.
You may view
the Company’s Data Protection Notification (Reg No.: ZA229721) by visiting the
Data Information Commissioner’s Web site.
Other
websites
Our website
contains links to other websites. This
Privacy Policy only applies to our website, crest-approved.org, so when you
link to other websites, you should read their own Privacy Policies.
CREST does
not guarantee the accuracy, relevance, timeliness, or completeness of any
information on these external websites.
Liability
CREST
assumes no responsibility for errors or omissions in the contents of the
website. In no event shall CRET be
liable for any special, direct, indirect, consequential, or incidental damages
or any damages whatsoever, whether in an action of contract, negligence or
other tort, arising out of or in connection with the use of the website or the
contents of the website.
CREST does
not warrant that the Service is free of viruses or other harmful components.
Annual Members Survey 2024 – Prize draw competition rules (March 2024)
CREST International launched its Annual Member Survey 2024 at 9am on Thursday 21 March 2024.
As part of this, we launched a Prize Draw. The rules of the draw are set out and available at the link below.
View
the prize draw competition rules
Changes
to our Privacy Policy
We keep our
Privacy Policy under regular review and we will place any updates on this
webpage. This privacy Policy was last updated in March 2024.
Contact
If you have
any questions about our Policy or information we hold about you please email [email protected].
