Maverick Certification Services recognizes the importance of protecting personal data and is committed to processing all personal information in accordance with applicable data protection laws and regulations. As a certification body specializing in ISO 27701 (Privacy Information Management) and related standards, we hold ourselves to the highest standards of data protection in our own operations. This policy outlines how we collect, use, store, and protect personal data.
Scope of This Policy
This policy applies to all personal data processed by Maverick Certification Services, including but not limited to:
Client contact information and organizational details
Auditor and personnel records and qualifications
Certification documentation and audit records
Personal data accessed during audit activities
Data Protection Principles
Maverick Certification Services adheres to the following data protection principles in all processing activities:
Lawfulness & Fairness
Personal data is processed lawfully, fairly, and in a transparent manner with clear legal basis for all processing activities.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.
Data Minimization
Only personal data that is adequate, relevant, and limited to what is necessary for certification purposes is collected.
Accuracy
Personal data is kept accurate and up to date, with reasonable steps taken to ensure inaccurate data is corrected or deleted.
Storage Limitation
Personal data is retained only for as long as necessary to fulfill certification requirements and legal obligations.
Security
Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access or loss.
Our Data Protection Commitments
Maverick Certification Services and all members of its team commit and adhere to the following data protection policies:
- MCS will process personal data only where we have a lawful basis, such as contractual necessity for certification services, legitimate business interests, legal obligations, or explicit consent from the data subject.
- We will collect only the personal data necessary for certification activities and will not request or retain information beyond what is required for the stated purposes.
- Personal data will be protected through appropriate technical and organizational security measures, including encryption, access controls, secure storage systems, and regular security assessments.
- MCS will not disclose personal data to third parties without explicit written consent from the data subject, except where required by law, accreditation bodies, or regulatory authorities with proper jurisdiction.
- All personnel with access to personal data will receive appropriate training on data protection requirements and will be bound by confidentiality obligations.
- MCS will maintain accurate records of all data processing activities, including the categories of data processed, purposes of processing, and retention periods.
- Where personal data is transferred internationally, MCS will ensure appropriate safeguards are in place consistent with applicable data protection regulations and international standards.
- MCS will promptly respond to data subject requests regarding access, rectification, erasure, restriction, or portability of their personal data within the timeframes specified by applicable law.
- We will maintain incident response procedures to detect, investigate, and report personal data breaches to relevant authorities and affected individuals in accordance with legal requirements.
- This policy and our data protection practices will be reviewed annually and updated as necessary to ensure continued compliance with evolving regulations and best practices.
Your Rights
Data subjects have the following rights regarding their personal data processed by MCS:
Right to Access
Right to Rectification
Right to Erasure
Right to Restrict
Right to Portability
Right to Object
To exercise any of these rights, please contact our Data Protection Officer using the contact details provided below. We will respond to your request within 30 days or as required by applicable law.
Data Retention
- Certification records and related personal data will be retained for the duration of the certification cycle plus a minimum of one full certification cycle thereafter, or as required by accreditation body requirements.
- Personnel records will be retained for the duration of employment or engagement plus the period required by applicable employment and tax laws.
- Audit records containing personal data will be retained in accordance with ISO/IEC 17021-1 requirements and applicable accreditation body rules.
- Upon expiration of the retention period, personal data will be securely deleted or anonymized in accordance with our data disposal procedures.
Data Breach Response
- MCS maintains documented procedures for detecting, reporting, and investigating personal data breaches.
- In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, MCS will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
- Where a breach is likely to result in a high risk to individuals, MCS will notify affected data subjects without undue delay.
- All data breaches, including those not requiring notification, will be documented and reviewed to implement measures preventing recurrence.
.png)