Privacy Notice - UKMCAB

This notice sets out how we will use your personal data, and your rights. It is made under the Data Protection Act 2018 which is the UK’s implementation of the General Data Protection Regulation (GDPR).

Who we are

The Office of Product Safety and Standards (OPSS) is a departmental office within the Department for Business and Trade (DBT) and responsible for operating the UK Market Conformity Assessment Bodies (UKMCAB) service. The UKMCAB service replaced the equivalent European Union service known as NANDO in March 2019. The UKMCAB service is the definitive source and a register of UK Government appointed Conformity Assessment Bodies (CABs) who can certify goods for both the GB and NI markets.

Our privacy commitment

OPSS is committed to protecting your privacy. This “Privacy Notice”, explains what personal information we collect about you either directly or indirectly and how we use, share and look after that information for the UKMCAB. We encourage you to review this Privacy Notice carefully. In addition to the commitments set out in this Privacy Notice, we operate in accordance with a set of data privacy rules which apply to the processing of all personal data by the entire Department of Business and Trade. These privacy rules can be found at the Department for Business and Trade Personal Information Charter (opens in a new tab).

Other websites

Please note this Privacy Notice only applies when you are using the UKMCAB website and service, and alternative privacy notices may apply when you are using other sections of https://www.gov.uk/. For example, if you are using the OPSS section of https://www.gov.uk/, the OPSS privacy notice will apply. Please ensure you have reviewed and understand the applicable privacy notice to the service you are using. If you have any questions about how we handle or protect your personal information, please contact us using the contact details below.

What Personal Data is

Personal Data is any information which we collect about you that can be used to identify you and includes any information, such as your name, address, IP address.

It is our intention to provide you with as much information as possible about what we do with that Personal Data, so that when you provide the Personal Data to us, you do so with an awareness of how it will be used.

What Personal Data we collect

For an organisation or public user searching the UKMCAB service, we collect the following Personal Data:

  • Internet Protocol (IP) address, and details of which version of web browser used.
  • Information on how the site, cookies and page tagging techniques are used (please see the analytics section below for more information).
  • Questions, feedback and email address you might provide if you contact us or subscribe to email alerts on CAB records and search results.

For an organisation entered into the service with a CAB profile, we collect the following information:

  • Company name, address, phone number, email address, registered office location, locations the company tests within, type of approved body and the legislative areas the organisation operates within.
  • Internet Protocol (IP) address, and details of which version of web browser used.
  • Information on how the site, cookies and page tagging techniques are used (please see the analytics section below for more information).
  • Questions, feedback and email address you might provide if you contact us or subscribe to email alerts on CAB records and search results.

For a registered user, such as users from UKAS, OPSS, and Other Governmental Departments (OGDs) involved in the monitoring and approvals of CAB records, we collect the following Personal Data:

  • Your contact details such as name, organisation, business address, telephone number and details of your organisation.
  • Internet Protocol (IP) address, and details of which version of web browser used.
  • Information on how the site, cookies and page tagging techniques are used (please see the analytics section below for more information).
  • Questions, feedback and email address you might provide if you contact us or subscribe to email alerts on CAB records and search results.

What Special Categories Personal Data we collect

We do not process Special Categories Personal Data in relation to the UKMCAB. If this changes you will be notified of the details of any such processing and the legal basis on which we rely to do so.

How we collect your Personal Data

We collect Personal Data from various sources including :

  • From UKAS and OGDs when CAB records are entered into the system for accreditation and approval.
  • From you when you contact us directly regarding feedback or any questions on the service.
  • Cookies and Google Analytics when you approve these and interact with the service.

How we use your Personal Data

We use your information for the following purposes:

  • To capture information relating to feedback and questions regarding the service.
  • To enable reporting and analysis of CABs history and distribution across the various categories within the UKMCAB service.
  • To enable email notifications when signing up to email alerts for searches and CAB records.
  • To create registered accounts for users involved in in the monitoring and approvals of CABs within the service, including UKAS, OPSS and OGDs.
  • To enable email notifications for registered users for accreditation review dates and approval actions are required.
  • To conduct analytics on how the website is used and navigated (please see below for more information).

Analytics

We use Google Analytics software to collect information about how the website is used. We do this to help make sure the site is meeting the needs of its users and to help us make improvements, for example improving site search.

Google Analytics stores information about:

  • the pages you visit
  • how long you spend on each page
  • how you got to the site
  • what you click on while you’re visiting the site.

We do not collect or store your personal information as part of the analytics process so this information cannot be used to identify who you are.

We also collect data in order to:

  • improve the site by monitoring how you use it
  • gather feedback to improve our services, for example our email alerts
  • respond to any feedback you send us, if you’ve asked us to
  • send email alerts to users who request them
  • allow you to access the UKMCAB service and enter data as well as provide you with information related to the service.

How we use cookies

This website uses cookies. A cookie is a small file of numbers and letters that we put on your device if you agree. These cookies allow us to distinguish you from other users of the website and tell us how you are using the website. Some cookies help us to provide you with a good experience as you browse our website; others enable us to gather information that informs how we improve our website. For further information on the cookies we use on this website, please refer to our Cookies Policy.

What legal basis we rely on

Where you contact us regarding feedback or questions on the UKMCAB service and provide us with your contact details, we will ask you for your consent to store and use your personal contact information. We will rely on consent as our legal basis for such processing.

For any other processing of Personal Data in relation to UKMCAB our legal basis for processing is the performance of a task in the public interest.

How we share your data

We share your personal data in the following ways:

  • If we are required to do so as part of our regulatory oversight enforcement operations or by law – for example, by court order, or to prevent fraud or other crime.
  • If we are required to do so as part of agreeing a future relationship between the UK and the EU and respective regulatory bodies.

We will take steps to anonymise information wherever possible when sharing information internally or with third parties. The process of anonymisation removes the personal identifiers from the information and thus means that the information no longer contains Personal Data.

We ensure that any third parties with whom we share Personal Data to process it on our behalf adopt equivalent or superior data protection standards to our own.

How we transfer your Personal Data overseas

We do not send or store your Personal Data outside of the European Economic Area. If this changes you will be notified of the details of any such transfer and the adequacy mechanisms put in place to ensure the security of your Personal Data.

How long we keep your data

We will only retain your Personal Data for as long as it is needed for the purposes set out in this document or the law requires us to. We may retain it for a longer period if directed to do so by law enforcement authorities and/or in connection with criminal proceedings.

Where your Personal Data is processed and stored

We choose our systems carefully to make sure that your data is as safe as possible while under our control. Your Personal Data will be hosted using a Platform as a Service product located in the UK and will not be stored outside of the UK at any time.

How we protect data and keep it secure

We are committed to doing all that we can to keep your Personal Data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your Personal Data, for example, we protect your data using varying levels of encryption and run regular penetration tests to assess our security standards.

Your information rights

You have a number of rights in relation to your personal data, these include the right to:

  • be informed about how we use your personal data;
  • obtain access to your personal data that we hold;
  • request that your personal data is corrected if you believe it is incorrect, incomplete or inaccurate;
  • request that we erase your personal data in the following circumstances:
    • if we are continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
    • if we are relying on consent as the legal basis for processing and you withdraw consent;
    • if the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation);
    • if it is necessary to delete the personal data to comply with a legal obligation;
  • ask us to restrict our data processing activities where you consider that:
    • personal data is inaccurate;
    • our processing of your personal data is unlawful;
    • where we no longer need the personal data but you require us to keep it to enable you to establish, exercise or defend a legal claim;
    • where you have raised an objection to our use of your personal data and we are considering if we have legitimate grounds which override ;
  • request a copy of certain personal data that you have provided to us in a commonly used electronic format. This right relates to personal data where we are relying on consent to process your personal data;
  • object to our processing of your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal data;
  • not be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you.

Changes to this policy

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately. If these changes affect how your Personal Data is processed, DBT will take reasonable steps to let you know.

You can see previous versions of this page.

Contact us or make a complaint

Contact the Data Protection Officer (DPO) if you: have any questions about anything in this document or think that your Personal Data has been misused or mishandled.

Data Protection Officer
Department for Business and Trade
Old Admiralty Building
Admiralty Place
London
SW1A 2DY
Email data.protection@trade.gov.uk

If you have made a complaint to us about how we handle your personal information that we have not been able to resolve, you have the right to complain to the UK’s Information Commissioner’s Office, at an independent regulator.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email: casework@ico.org.uk
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm

Last updated 2nd May 2023

Is there anything wrong with this page?