Privacy Policy

QISMET’s Data Protection Policy

1. Introduction

QISMET needs to collect and use certain types of information about the individuals who come into contact with us in order to carry out our work. This personal information must be collected and dealt with appropriately whether it is collected on paper, stored in a computer database, or recorded in any other way.

2. Data Controller

Graham Baker is the Data Protection Officer for QISMET, which means that he determines for what purposes personal information is held and will be used for.  He is also responsible for notifying the Information Commissioner of the data QISMET holds or is likely to hold, and the general purposes that this data will be used for.

3. Disclosure

QISMET collects and processes information only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements.  We do not share personal data with any other agencies.

4. Data collection

When collecting personal data, QISMET ensures that the individual:

  • Clearly understands why the information is needed
  • Understands what it will be used for and what the consequences are should the individual decide not to give consent to processing
  • As far as is reasonably possible, grants explicit consent (usually in writing) for data to be processed
  • Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
  • Has received sufficient information on why their data is needed and how it will be used

5. Data Storage

Information and records relating to individuals is stored securely and is only accessible to Directors.

Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately.

It is QISMET’s responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.

6. Data access and accuracy

All individuals have the right to access the information QISMET holds about them. QISMET will also take reasonable steps to ensure that this information is kept up to date by asking data subjects whether there have been any changes.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to legislation.

In case of any queries or questions in relation to this policy please contact the QISMET Data Protection Officer.


Your Personal Data

What we need

QISMET is what is known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special types of information or location based information. This does however include name, address, email etc.

Why we need it

We need to know your basic personal data in order to provide certification services. We will not collect any personal data from you we do not need in order to provide this service.

What we do with it

All the personal data we process is processed in the UK by QISMET Directors.  No third parties have access to your personal data unless the law requires them to do so.
We have a data protection regime in place to oversee the effective and secure processing of your personal data.

How long we keep it

We keep information for the length of the time of our relationship with you, then it is destroyed.

What are your rights?

If at any point you believe the information we process on you is incorrect you can request to see this information and if appropriate have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

Our Data Protection Officer is Graham Baker and you can contact them at


Types of Personal Data held

Names, addresses, telephone numbers and emails addresses of the following categories of people:

  • Directors
  • Auditors
  • Contacts at certificated bodies
  • Contacts at other organisation that have enquired about certification or wish to engage with


Where that Data is Held

On the pcs of Graham Baker, Suzanne Lucas and Phil Baker.  Initial contacts are made through the QISMET website, when names, phone numbers and email addresses may be recorded.

Need consent words for website