Privacy Policy

1.0 Introduction

Stroma is committed to safeguarding the privacy of our clients, members, applicants, website visitors and other service users. Your information is very important to us and we handle all of this in line with the current Data Protection laws and regulation. Stroma works to a quality management system recognised by international standards which facilitates our operational activity in working to the required policies and procedures.

This Privacy Policy explains what data Stroma collects from you, through our interactions with you and through our various services and how we use that data. It applies to the following divisions of the Stroma Group:

  • Stroma Building Control Ltd.
  • Stroma Built Environment Ltd
  • Stroma Certification Ltd
  • Stroma Specialist Access Ltd

Stroma offers a wide range of products and services to the construction industry and beyond. This includes Government approved certification schemes, Building Control compliance, environmental testing and energy consultancy and mobile data collection software. This Privacy Policy includes references to these services as well as other means of client interaction such as our websites and software applications.

We encourage you to read this policy in full to understand how we are using your information. We also draw your attention to the Divisional-specific details in this Privacy Policy, which provide additional information about the services offered by each division of the Stroma Group. This statement applies to all of Stroma’s interactions with you, the services listed below and other Stroma products and services which are displayed this statement. Should Stroma be made aware of any breaches to your personal data under any of the services listed below and other Stroma products and services displayed in this statement, Stroma will implement appropriate procedures immediately to mitigate the risks to your personal data.

2.0 Legal Basis

Stroma have reviewed the lawful basis for processing personal data under the General Data Protection Regulation. Stroma have determined that the following lawful bases are applicable for the processing of personal data:

  1. Consent.
  2. Contract.
  3. Legal Obligation.
  4. Legitimate Interests.

These have been selected based on the purpose and relationship with the individual in accordance with the Stroma Group business activities. It has been agreed that these 4 are the most suitable, and the justifications for selecting these are detailed below. Stroma have also documented our lawful basis for processing as well as the purposes of the processing within our Privacy Policy. Where Stroma needs to amend these, we may be able to continue processing under the original lawful basis if our new purpose is compatible with your initial purpose.

2.1 Consent

Stroma use consent as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. It will be used when we have received a positive ‘opt-in’ action within our marketing and customer facing business documents.

We have made the request for consent prominent and separate from our terms and conditions, adding a Permissions to Contact section for the customer to complete at the point of joining entering into an agreement with Stroma, i.e. certification scheme application form or online enquiry submission. Members, Clients or Contacts of Stroma are able to update these permissions at any time, and by deciding to ‘opt-out’ this will not be detrimental to the agreement with Stroma. It is not a precondition of working with Stroma that a customer has to ‘opt-in’ to anything; however, where the agreement in place requires updates to be made relating to that agreement, Stroma will have to contact the customer.

2.2 Contract

Stroma use contract as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. This will be used based on an agreement being in place between ourselves and someone enquiring about our services or where a formal agreement has been signed and is active. The requirement to process data will be detailed within the contract.

2.3 Legal Obligation

Stroma use legal obligation as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. It will be used for the retention and use of personal information, this for example can include employment records, accident reports for health and safety, DBS checks etc.

2.4 Legitimate Interests

Stroma uses legitimate interests as a legal basis as the most appropriate way of dealing with personal data that does not fit under one of the other 3 options. In processing personal data under legitimate interests, Stroma will:

  • Identify the legitimate interest for which the data is being processed under.
  • Show that the processing is necessary to achieve it; and
  • Balance its use against the individual’s, rights and freedoms.

The legitimate interests can be our own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits; however, we will ensure that that evidence can be provided as the necessity of using the personal data. Stroma will balance our interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests will override your legitimate interests of using their personal data, and therefore it will not be used.

3.0 What Data We Collect from You

Stroma collects data to operate effectively and provide the best services for our clients and members. You provide some of this data directly, such as when you request a quote for a Stroma service, apply for membership of a certification scheme, register for a Stroma event, download a Stroma Software product, upload a document to the Installer Portal, purchase a Stroma Warranty product or contact us for technical support. We get some of it by recording how you interact with our services by, for example, using cookies on our website. We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data. These thirdparty sources vary over time, but have included:

  • Social networks when you grant permission to a Stroma profile to access your data on one or more networks;
  • Partners with which we offer co-branded services or engage in joint marketing activities; and
  • Publicly-available sources such as open government databases or other data in the public domain.

You have control about the data we collect and if asked to provide personal data you have the option to decline. However, if certain data is required to provide a specific Stroma service or product, you may not be able to access that service or product. The data we collect depends on the context of your interactions with Stroma and the products and services you use. The data we collect can include the following:

3.1 Account Data

Stroma may process ‘Account Data’ when you apply or request a quote for one of our services. We collect your first and last name, email address, postal address, phone number and other similar contact data via you or your employer. The account data collected will be in accordance with the business relationship between Stroma and the individual or company in order to fulfil contractual requirements.

3.2 Demographic Data

We collect data about you such as your age, gender, country and preferred language.

3.3 Transaction Data

We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.

3.4 Usage Data

We may process data about your use of our website and services, referred to as ‘usage data’. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

3.5 Client Feedback Data

We also collect information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for technical support. When you contact us, such as for technical support, phone conversations with our representatives may be monitored and recorded.

Product-specific sections below describe data collection practices applicable to the use of those products.

4.0 How We Use Personal Data

Stroma have detailed in this section the following key elements of how we will use personal data:

  • The categories of personal data that we may process through our levels of interaction.
  • The source and categories of personal data that we did not obtain directly from you.
  • The purposes of how we may process personal data.
  • The legal requirement for processing personal data.

The purpose for using the data we collect is either to operate our business and provide the services we offer; to send communications (including promotional communications) or to exercise the terms of a specific contract made with a client or member.

4.1 Account Data

Each client or member of the Stroma Group has an account created within our internal CRM system. We use your Account Data to provide the services we offer and perform essential business operations. This includes quoting for our services, providing those services, conducting research and providing technical support:

  • Providing our Services: We use data to deliver service estimates, quotations and to provide our services to you.
  • Technical Support: We use data to diagnose problems in our software, resolve lodgement enquiries and provide other client care and support services.
  • Service/Product Improvement: We use data to continually improve our services and products. For example, we use errors reported in our software to perform bug fixes and software updates.
  • Complaint and Dispute Resolution: We use data to protect the security and safety of our clients, members and the end user, to resolve disputes and settle complaints. For example, lodgement notifications for Energy Performance Certificates can be used to resolve complaints if a homeowner highlights a discrepancy in the EPC rating determined by an energy assessor.

The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

4.2 Transactions

Stroma may process information relating to transactions, including purchases of software products and services, that you enter into with us and/or through our website, and is referred to as ‘transaction data’. The transaction data may include your contact details, your credit/debit card details and the transaction details. The transaction data may be processed for supplying the purchased products and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps-at your request-to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

4.3 Communications

We use data we collect to communicate with you. For example, we may contact you by phone or email or other means to offer a quotation for relevant services within the Stroma Group, advertise forthcoming training courses, send industry news and newsletters, inform you of regulatory changes, update you or enquire about a service request, invite you to participate in a survey, or request information relating to the status of an ongoing project. Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional communications from Stroma by email, post and telephone.

4.4 Website Usage

We process your data to analyse the use of our website and for business intelligence. This is done via Google Analytics to monitor and improve our website for all visitors and to report on the performance of our website. Further information can be found in our Cookies section. The legal basis for this processing is our legitimate interests.

4.5 Personal Data

Stroma may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. Please do not supply any other person's personal data to us, unless we prompt you to do so.

5.0 Reasons We Share Personal Data

We share your personal data with your consent or as necessary to provide any service you have requested or authorised. For example, we share your data with third parties when you tell us to do so, such as when you request a quotation for Stroma Insurance or Stroma Warranty. When you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services and for fraud prevention and credit risk reduction. Please note that some of our websites include links to the websites of third parties whose privacy practices differ from Stroma's. If you provide personal data to any of those products, your data is governed by their privacy statements.

6.0 How to Access and Control Your Personal Data

You can request access to your personal data by completing the online form or by downloading and completing the paper based form under Section 1.2 Right of Access on the following webpage: https://www.stroma.com/data-protection.

You can make a request to rectify your personal data by completing the relevant form under Section 1.3 Right to Rectification on the following webpage: https://www.stroma.com/data-protection.

You can make a request to erase your personal data by completing the relevant form under Section 1.4 Right to Erasure on the following webpage: https://www.stroma.com/data-protection.

You can choose whether you wish to receive promotional communications from Stroma by email, postal mail and telephone. If you receive promotional email messages from us and would like to opt out, you can do so by following the directions in those messages. These choices do not apply to mandatory service communications that are part of certain Stroma services, or to surveys or other informational communications that have their own unsubscribe method.

Stroma ensures that data is managed in line with the latest Data Protection legislation and the General Data Protection Regulation (GDPR) to deliver the following rights. Further details on the remaining 8 individual rights are published on the Stroma website.

6.1 Right of Access

Upon receipt of a written request, we will provide stakeholders and employees with a report showing what data is held on them. This will be provided within 30 days of the request’s receipt.

6.2 Right to Rectification

Upon receipt of a written request, we will amend any inaccurate information held on stakeholders and employees within 30 days of the request’s receipt.

6.3 Right to Erasure

Upon receipt of a written request, Stroma will delete the information held on stakeholders and employees within 30 days of receipt. Where there is a clear reason for this data to remain on Stroma records this reason will be given to the individual in writing.

6.4 Cookies

By using the Stroma website, www.stroma.com (including all online portals) and agreeing to this Privacy Policy, you consent to our use of cookies in accordance with the terms of this policy. Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications. You can also limit the publication of your information; however, this is may be subject to specific terms and conditions based on the agreement held with Stroma.

6.4.1 What is a Cookie?

A cookie is a small amount of data-which often includes a unique identifier-that is sent to your computer, tablet or mobile phone (all referred to here as a "device") or web browser, and is stored on your device's hard drive. Each website can send its own cookie to your web browser if your browser's preferences allow it. Many companies do this whenever a user visits their website to track online traffic flows. Similar technologies are also often used within emails to understand whether the email has been read or if any links have been clicked. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on the Stroma website. However, you can change your cookie settings at any time. During the course of any visit to a Stroma website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see if and finding, the cookie left there on the last visit.

6.4.2 How does Stroma use Cookies?

Information supplied by cookies can help us to understand the profile of our visitors and help us to provide you with a better user experience. Stroma uses this type of information to help improve the services we provide to our users. Certain areas of Stroma websites may use cookies for a specific reason - for example, to help you search for a Stroma-certified member.

Additionally, Stroma uses cookies to serve some targeted advertising on www.stroma.com. You can find out more and opt out of receiving these cookies by visiting our website.

6.4.3 Third party cookies in embedded content

Please note that during your visits to Stroma websites you may notice some cookies that are not related to Stroma. To support our content, we sometimes embed content from social media and other third party websites. These may include YouTube, Twitter, Facebook and Instagram. As a result, when you visit a page containing such content, you may be presented with cookies from these websites and these third party cookies may track your use of the Stroma website. Stroma does not control the dissemination of these cookies and you should check the relevant third party's website for more information. Where Stroma embeds content from social media and other third party websites, some websites may use Google Analytics to collect data about user behaviour for their own purposes. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie to evaluate the use of those services and compile a report for us. This is not something which Stroma controls.

6.4.4 Stroma cookies and how to reject cookies

Full information about how Stroma uses cookies and how to control what cookies are set on your device through the Stroma website can be found on our website. It is important to note that if you change your settings and block certain cookies, you will not be able to take full advantage of some features of Stroma services and we may not be able to provide some features that you have previously chosen to receive.

6.4.5 Performance cookies

Performance cookies help us to understand how people are using the Stroma website so we can improve it. Some examples of how we use these cookies are:

  • To collect information about which web pages visitors go to most often so we can improve the online experience
  • Error management to make sure that the website is working properly
  • Testing designs to help improve the look and feel of the website.

6.4.6 Do Not Track (DNT) browser setting

DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. The Stroma website does not currently respond to DNT requests.

6.4.7 Other information collected by Stroma

Stroma may also collect other information about your device, such as an IP address and details about the browser that you are using. If you have any concerns about the way that we use cookies or respect your settings, then please contact us at dataprotection@stroma.com

6.4.8 Updates and Amendments

Please refer to the Stroma Data Protection webpage to find out more information about how you can amend, delete or request information from Stroma concerning your personal data.

7.0 Policy Amendments

Stroma may make amendments to this Privacy Policy to improve our privacy control measures. The latest copy of the Privacy Policy will be displayed on the Stroma website.

8.0 Contact Details

If you have any questions concerning the Stroma Privacy Policy you can contact us using one of the following methods:

This policy statement has been endorsed and approved by: Mr Martin Holt

Stroma Group Chief Executive Officer

8th May 2019