Scroll Top

PRIVACY POLICY

PRIVACY POLICY

Effective Date: 01 January 2025
Last Updated: 01 January 2025

At GCAI Certification, we are committed to protecting your privacy and ensuring that all personal information is handled responsibly, transparently, and in compliance with ISO/IEC 17021-1:2015 Clause 8.5, applicable data protection laws, and international best practices.

Scope

This Privacy Policy applies to:

  • Visitors to our website and digital platforms
  • Clients and applicants for certification services
  • Vendors, contractors, and stakeholders who engage with us
  • Personnel participating in audits, appeals, complaints, or impartiality activities

It covers data collected through:

  • Our website and portals
  • Contact forms, applications, and communications
  • Certification and audit-related processes
  • Accreditation and regulatory interactions

Information We Collect

We may collect the following categories of personal data:

  • Contact Information: Name, job title, email, phone number, organization
  • Certification & Audit Data: Application forms, audit evidence, corrective actions, decisions
  • Technical Data: IP address, device/browser details, usage logs
  • Communications: Emails, feedback forms, calls, and meeting records
  • Stakeholder Data: Information from complaints, appeals, impartiality declarations

๐Ÿ‘‰ Sensitive personal data (e.g., health, biometrics) is not collected unless explicitly required and with written consent.

Purpose of Processing

We process your personal data for legitimate and lawful purposes, including:

  • To manage certification and audit activities (application, audit, decision, surveillance, recertification)
  • To communicate updates on certification status, changes, and regulatory requirements
  • To respond to inquiries, complaints, or appeals
  • To meet obligations to accreditation bodies (e.g., IAS, IAF members)
  • To improve our website, portals, and client experience
  • To comply with legal and contractual obligations

We never sell or rent your data to third parties.

Sharing of Information

Your data may be shared, only when necessary, with:

  • Accreditation Bodies: For compliance verification (e.g., IAS assessments)
  • Regulators or Authorities: When legally required
  • Auditors & Experts: Bound by confidentiality and contractual obligations
  • Service Providers: IT, hosting, or support vendors under data protection agreements

All third parties are required to implement appropriate confidentiality and security safeguards.

International Data Transfers

Where personal data is transferred outside your jurisdiction, we ensure protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant regulators
  • Binding confidentiality agreements

Data Security

We implement technical and organizational controls to protect data, including:

  • Role-based and need-to-know access control
  • Multi-factor authentication for systems access
  • Encrypted communication (TLS/SSL, VPN)
  • Secure backups and disaster recovery measures
  • Confidentiality agreements for all staff, auditors, and contractors

Data Retention

We retain data only as long as necessary for:

  • Certification lifecycle (application to withdrawal/expiry)
  • Accreditation and legal obligations (e.g., IAS/IAF retention requirements)
  • Audit trail for appeals, complaints, impartiality reviews

Retention is typically 6โ€“10 years depending on scheme requirements. Data is securely destroyed when no longer needed.

Your Rights

Depending on applicable data protection laws (e.g., GDPR, PDPB, CCPA), you may have rights to:

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion where legally permissible
  • Restriction: Limit certain types of processing
  • Objection: Withdraw consent or object to processing
  • Data Portability: Receive your data in a usable format
  • Complaint: File a complaint with your local data protection authority

๐Ÿ‘‰ Requests are processed within 30 days of verification. Contact us via ๐Ÿ“ง operations@gcaicert.com.

Cookies & Analytics

Our website uses cookies to:

  • Improve functionality and security
  • Analyze website usage for performance improvements

You can manage or disable cookies via browser settings.

Governance & Oversight

  • Oversight is managed by the Data Protection Officer (DPO) and monitored by Top Management.
  • Risks to data protection are reviewed annually in Management Review and during accreditation audits.
  • This policy is reviewed annually or sooner if laws, regulations, or standards change.

Contact Us

Data Protection Officer โ€“ GCAI Certification
๐Ÿ“ง operations@gcaicert.com | โ˜Ž๏ธ +91 9986877136
๐ŸŒ www.gcaicert.com