Our privacy policy

Information about us

niceic.com is a site operated by Certsure LLP, trading as NICEIC, ("We"). We are registered in England and Wales under company number OC379918 and have our registered office at Warwick House Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire, LU5 5ZX. Our main trading address is as above.

We are committed to protecting and respecting your privacy. We are responsible for protecting your personal information as a “data controller” under applicable data protection legislation. If you have any queries about this policy or how we use your personal information, please contact us by writing to us at Certsure, Warwick House Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire, LU5 5ZX.

This policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Our nominated contact for data protection can be contacted by email DPO@certsure.com, or by writing to the Data Protection Officer, Certsure LLP, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, LU5 5ZX or by calling 0333 015 6625.

What information do we collect?
We collect personal data as defined by applicable data protection legislation (‘personal information’). We collect information about:
• NICEIC-certified businesses, individuals and their staff
• sub-contractors and clients
• service providers
• payment details
• your customers.

The personal information we collect might include name, date of birth, email address, national insurance number, postal address, and telephone number. We may collect special categories of personal information, including your disabilities to provide tailored services.

If you fail to provide this information, we are unable to fulfil your requirement or orders.

How do we collect information?
If you have purchased goods or services from us (including NICEIC training), we will collect information about your purchase history.

If you are an NICEIC-certified business, we will collect information about your business, its processes and key contacts within your organisation.

We may collect information that is available in the public domain, for example: newspaper or online media items, publicly available posts on LinkedIn or social media or Companies House listings.

We record your requests for information and any feedback we receive from you.

We record telephone calls and emails for quality assurance purposes.

We obtain personal information from you when you use our website, enquire about our activities, register with us, send, or receive an email, ask a question, or otherwise provide us with personal information.

We also collect information relating to your use of our SMS messages, emails, websites, digital applications and mobile apps including your location, browser type, device or the Internet Protocol (IP) address used to connect your device to the internet.

We also gather general information about the use of our SMS messages, emails, websites digital applications and mobile apps, such as which pages users visit most often and which services, events or facilities are of most interest. We may also monitor users when they click on links in emails. We may use this information to personalise the way our websites, digital applications and mobile apps are presented when users visit, to make improvements to our websites digital applications and mobile apps and to ensure we provide the best service for users.

We may also receive information about you from third parties, for example from government departments or from individuals or third party organisations who share our interests and may introduce you to us.

Why do we collect this information?
We collect this information for the purpose of enabling our customers to demonstrate compliance with the standards they wish to be certified for, or the products and services they want. The lawful basis for which we process your information is:
• your consent
• processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information, we may be unable to perform the contract
• processing is necessary for compliance with our legal obligations
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. You are obliged to provide this information because as an operating certification body providing accreditation standards such as ISO/IEC 17065 / 17021 / 17024 we are required to retain records of activities that we undertake and our clients’ adherence to the standards which they operate. If you fail to provide this information, the consequences are de-registration, removal of services and publication of this action
• processing is necessary for the purpose of the legitimate interest pursued by us or a third party, except where your rights as a data subject override our legitimate interest. The legitimate interest we rely on is the protection of consumers and the right of consumers to achieve the service they have paid for – we may engage with Trading Standards, authorised departments of Government, such as the HSE, and Insurance bodies pursuant to the achievement of consumer rights and protection.

How do we use this information?
We will use your personal information:

To provide you with services, products or information you have requested.

For administration purposes including to create an account for you if you register with us; to notify you about changes to our services; as part of our efforts to keep our site safe and secure; and to ensure that content from our site is presented in the most effective manner for you and for your computer.

We may contact you by email, telephone, post, or text message with information about our services, and the latest news and technical information from NICEIC. But only when we are allowed to do so (for example, we will need your consent before sending you a marketing email or text message). When we are not relying on consent as our lawful basis, we are relying on our legitimate interest in marketing our services instead.

We will share your personal data with NICEIC Insurance Services (a trading name of Marsh Ltd) for marketing purposes if you consent to this.

If you tell us that you do not want to be contacted for marketing purposes we will of course respect that. You can manage your marketing preferences at any time by visiting the preference centre if you decide that you would prefer not to receive our marketing communications, please rest assured you will still receive important information from us, known as our service emails, if these are relevant to you.

Do we share your information with anyone else?
We may share your personal information with third parties for marketing purposes in accordance with your communication preferences. If you do not want us to share your personal data with any third party for marketing purposes, please update your records at our preference centre.

We transfer your information to third party suppliers.

We may need to provide your information to our contractors and suppliers who provide services on our behalf, to the extent necessary to enable you to receive those services.

We may share your information with the service providers or other associated organisations as identified in this policy to use the information for their own purposes as described above.

If you make a payment to us, we will need to share your information with our payment processor. By paying via our payment processor, you agree to accept their terms and conditions for the use of their services, including their privacy policy. We suggest that you read their privacy policy when using their service as we are not responsible for data you share with them.

We may also need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How long do we keep your information for?
We keep your information for no longer than is necessary, as set out in our Data Retention Policy. We will retain your information for any period required by law, for example for compliance with HMRC requirements. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.

If you have any questions about how long we keep your information, please write to us at Certsure, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, LU5 5ZX.

Your rights

If you have created an account with us, you can sign into your account to access and update your information. You have a right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’). To request this access please contact Customer Services on 0333 015 6625 or email: enquiries@niceic.com

You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or complete information which is incomplete (‘right to rectification’). If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so they may update their own records.

We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided us with changes, for example if you change your email address, name, payment details, or if you wish to cancel your registration, please let us know using the contact details at the end of this policy.

You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data you may withdraw your consent. You should note that we are entitled to and reserve the right to retain your data for statistical purposes. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.

You have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
• you contest its accuracy and we need to verify whether it is accurate
• the processing is unlawful and you ask us to restrict use of it instead of erasing it
• we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims
• you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests
• you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons.

You have a right to prevent us from processing your data for the purposes of marketing.

If you would like to exercise any of your rights above, please let us know using the contact details at the end of this policy. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge.

You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113.

Our websites, digital applications and mobile apps uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you use our website, digital applications and mobile apps and also allows us to improve our service. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Changes to this policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. This privacy policy was last amended in April 2024.