Data Policy

1. General principles about data protection

Verified Establishment ID keeps certain information about data subjects. To work in accordance to the law, all personal data has to be:
• Attained fairly and legally. It shall be processed only after making sure that certain conditions are met;
• Obtained for specific and legal purposes. This data cannot be processed for any other purposes that do not match the previously specified ones;
• sufficient, relevant and moderate;
• precise and new;
• kept for no longer than necessary;
• Processed according to the rights of the data subjects;
• Kept safe through a strong and appropriate security system.

2. Collection and registration of data

The mission of the verified Establishment ID system is to verify the credibility and integrity of any Establishment . This is done in accordance with the International Standard Certificate number ISCN through giving each Establishment holder a unique ID. This ID could be used through an electronic gateway that reads the ID and gives all the information about the Establishment holder and his/her qualifications and achievements. The system provides a documented and trusted platform in order to resolve the problem of fake Establishment .

The contractual context between Verified Establishment ID system and Establishment holders, who fill the data, guarantees that each Establishment holder, registered on the system and was given an ID, has authorized the acquirement of a copy of the database of each Establishment holder by the system. This contractual context also guarantees that either the information is already in the public domain or these have consent from the Establishment holders whose information they are using.

The Establishment holders asking for IDs warrant that it is done with the consent of the individuals to which the IDs are assigned.

3. Correction and updating of information

Data subjects are stimulated to correct and update the information contained in the Verified Establishment ID system database. They also choose the use of their data contained in the system database.

The system database receives data from several and various sources. The Verified Establishment ID Data Quality document frameworks the interaction roles of the system data providers, ID Assignment Agency and the system Quality Team to maximize the quality of the database.

4. Security of processing

Verified Establishment ID system guarantees (i) that the integrity of the personal data is confirmed and legalized; (ii) the continuous confidentiality, reliability, accessibility and flexibility of systems and services processing personal data; and (iii) that the repair of the availability and access to data is done in a short time in case of a physical or technical problem.

The system also warrants protection of the data subjects against unauthorized or illegal processing and against accidental loss, destruction or damage, using suitable technical or administrative measures.

The data subject has the right to know the receivers to whom the personal data are disclosed, and whether his/her personal data has been disclosed to a public authority at the authority's request.

5. Cancellation/Deletion of an international Verified ID

The Verified Establishment ID system responds to requests from the data subjects within a reasonable period of time.

The system will delete the personal data if the data subject asks for so. This deletion will happen without undue delay and the system will notify each data subject of its deletion unless this is impossible or requires a disproportionate effort.

If the system has made the personal data public without a justification, it would take all reasonable steps to have the data erased by third parties. The system shall inform the data subject, if it is possible, of the action taken by the relevant third parties.

In certain cases, the verified Establishment ID can preserve the ID identifier for documentation purposes provided that the system needs to maintain the ID identifier and personal data for purposes of proof.

The Establishment holders can request that their data be removed from the database except where the data subject has requested complete removal of his/her ID. However, removal of data by any data source will not result in the de-assignment of an ID. All data from a contributing source may be removed, including the direct URI link to the source’s database, with the exception of deleting the ID itself.

6. Notification of data held

Upon request, data subjects concerned are entitled to know:

• what personal information the system holds about them and the purpose for which it is used;
• How to gain access to it;
• What Verified Establishment ID is doing to comply with its legal obligations.

This information is available from the system data protection coordinator.

7. Applicability and applicable law

This Policy applies, no matter whether the processing takes place in the European Union or not. This Policy is governed by the laws of England and Wales.

8. Privacy

The verified Establishment ID system Privacy Statement for end users can be found here .

9. Handling of requests from those who have been assigned an international ID

The information provided is stored in a non-displayable field that generates an alert to the system Quality Team. If an e-mail address is supplied, a personal response is made in addition to any enhancements and corrections as a result of the input. Data subjects are using this method for requesting enriched information to be added to their profile and to correct errors and to request the suppression of information. Verified Establishment ID strives to respond to such input within a suitable time, usually within 7 days.