1. Introduction
Universal Certification Platform LLC ("UCP Group", "we", "our") is committed to protecting the privacy and personal data of individuals whose information we process in the course of providing certification services. This Policy explains what data we collect, why we collect it, how we use and protect it, and your rights under applicable U.S. federal and state privacy laws.
2. Data Controller
Data Controller: Universal Certification Platform LLC
Address: 30 N Gould St, Ste R, Sheridan, WY 82801, United States
Privacy Officer: Juma Hashim, Managing Member
Contact Email: [email protected]
3. Categories of Personal Data We Collect
3.1 Data Provided by Clients and Audit Subjects
- Contact information: names, job titles, email addresses, telephone numbers of client personnel.
- Organizational information: company name, address, registration details, industry sector.
- Audit-related data: management system documentation, process records, interview notes, audit evidence, non-conformity reports, corrective action records.
- Financial data: billing contact details, payment records (we do not store full payment card numbers).
3.2 Data Collected Automatically via Our Website
- IP address, browser type and version, operating system.
- Pages visited, time spent, referring URLs.
- Cookie data (see our Cookie Policy for details).
4. Purposes and Legal Bases for Processing
We process personal data for the following purposes:
- Performance of certification services (contractual necessity): conducting audits, issuing certificates, maintaining certification records, performing surveillance and recertification.
- Compliance with legal obligations: maintaining records required by accreditation bodies, responding to regulatory requests.
- Legitimate business interests: improving our services, internal training, quality assurance, fraud prevention, business communications.
- Consent: marketing communications (where applicable; consent may be withdrawn at any time).
5. Data Sharing and Transfers
We may share personal data with:
- Accreditation bodies exercising oversight of our certification activities.
- Subcontracted auditors engaged by UCP Group, who are bound by confidentiality agreements.
- Professional advisors (legal, accounting) where necessary.
- Regulatory or law enforcement authorities where required by law.
We do not sell personal data to third parties. Where data is transferred outside the United States, we ensure appropriate safeguards are in place in accordance with applicable data protection requirements.
6. Data Retention
We retain personal data for the following periods:
- Certification records (audit reports, certificates, corrective actions): minimum 6 years from the end of the certification cycle, or as required by accreditation bodies.
- Client contractual records: 6 years from the end of the business relationship.
- Website analytics data: 26 months from collection.
- Marketing consent records: until consent is withdrawn.
Data is securely deleted or anonymized at the end of the retention period.
7. Data Security
We implement appropriate technical and organizational measures to protect personal data, including: access controls, encryption of data in transit and at rest, secure storage of audit records, staff confidentiality obligations, and regular security reviews.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: request a copy of the personal data we hold about you.
- Correction: request correction of inaccurate or incomplete data.
- Deletion: request deletion of your data where there is no compelling reason for continued processing.
- Restriction: request that we limit processing in certain circumstances.
- Data portability: receive your data in a structured, commonly used format.
- Object: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 calendar days of receiving a verified request.
9. Data Subject Access Requests
Requests should be submitted in writing to [email protected]. We may request identity verification before processing the request. There is no fee for standard requests. We will respond within 30 calendar days; complex requests may be extended by a further 60 days with prior notification.
10. Complaints
If you are dissatisfied with our handling of your data, you may contact us directly at [email protected]. You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction, including the Federal Trade Commission (FTC) in the United States.
11. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated to affected parties. The latest version is always available on our website.
12. Contact
Privacy Officer: Juma Hashim, Managing Member
Email: [email protected]
Address: 30 N Gould St, Ste R, Sheridan, WY 82801, United States