Privacy & Confidentiality Policy Statement
Staff and Sub contractor Requirements
All information received by or available toTUV SW staff, sub-contractors or committee members (in whatever format) received in conducting audit activities, or during other certification activities, or during any dealings with an organisation for any other reason shall be regarded as strictly confidential and shall not be divulged to any 3rd party (unless specified in ISO/IEC 17021–1:2015 ) without the express permission of the organisation or individual concerned. The requirement to keep confidential any information will also include any organisation that has a legitimate right to audit or inspect TUV SW.
Where TUV SW is required by law to release confidential information to a third party the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided.
However where the organisation is seen to be operating contrary to legal requirements or has operating practices which pose a danger to staff, customers or the environment SouthWest Certification reserves the right to immediately report any such incident to the relevant authority. Any such reporting will only be undertaken with the permission of a CEO.
Access to Records
All records will be retained in a secure manner, only accessible to authorized staff via either paper records or password controlled electronic records. Sub-contractors will be limited to accessing information produced by them in conducting an audit. Records will only be made available to organisations who can demonstrate a legitimate (and legal) right to view those records and specifically to Accreditation Bodies. e.g. DAC and IAF.
All staff, Sub Contractors, CEOs and Committee Members will be required to agree to SouthWest Certification confidentiality policy and sign a confidentiality agreement. Sub-contractors will also sign an agreement which also contains the responsibility to maintain confidentiality.