Privacy Policy (UK GDPR / DPA 2018; includes Hostinger)

Who we are
IATSR is the data controller. Contact: info@iatsr.com

What we collect

• Website data: IP address, device, pages, timestamps, basic analytics, cookies.

• Enquiries: name, email, organisation, phone, message content.

• Client work: documents, test data, photos/samples necessary to deliver audits.

• Certificates directory (if applicable): company name, scope, certificate status.

Why we use it (lawful bases)

• Respond to enquiries and deliver services (contract).

• Operate and secure the website, prevent abuse, keep audit logs (legitimate interests).

• Maintain certification directory/mark control (legitimate interests/legal obligation).

• Comply with law and regulatory requests (legal obligation).
  Where consent is needed (e.g., certain cookies/marketing), we’ll ask you first and you can withdraw anytime.

Sharing

• Hostinger (our web host) processes server logs/hosting data as our processor.

• Other processors we use to deliver services (e.g., email, storage, lab partners) under written DPAs.

• Authorities where required by law. We do not sell personal data.

International transfers
If we transfer data outside the UK, we use approved safeguards (UK IDTA/Addendum, adequacy, or SCCs).

Retention
Enquiries: 24 months. Client files and test data: normally 2 years after the engagement (or as required by law/accreditation). Certification records: for the life of the certificate.

Your rights
Access, rectification, erasure, restriction, portability, objection, and the right to complain to the ICO (ico.org.uk). Contact us to exercise rights.

Cookies
We use essential cookies and, if enabled, analytics cookies. See our Cookie Notice for details and controls. (Implement a consent banner to meet PECR.)

Security
We use appropriate technical and organisational measures, including access controls, encryption at rest/in transit (where applicable), and staff confidentiality.

Contact
Privacy queries: info@iatsr.com