ISUC Data Policy

ISUC Data Policy

1. General principles about data protection

ISUC keeps certain information about data subjects. To work in accordance to the law, all personal data has to be:
• Attained fairly and legally. It shall be processed only after making sure that certain conditions are met;
• Obtained for specific and legal purposes. This data cannot be processed for any other purposes that do not match the previously specified ones;
• sufficient, relevant and moderate;
• precise and new;
• kept for no longer than necessary;
• Processed according to the rights of the data subjects;
• Kept safe through a strong and appropriate security system.

2. Collection and registration of data

The mission of the ISUC is to verify the credibility and integrity of any institution . This is done in accordance with the International Standard Certificate number ISCN through giving each Establishment holder a unique ID. This ID could be used through an electronic gateway that reads the ID and gives all the information about the Establishment holder and his/her qualifications and achievements. The system provides a documented and trusted platform in order to resolve the problem of fake Establishment .

the ISUC guranteed the privacy of any institutios rigistered at the system , ISUC doesnt need any kind of access to institutions database 

All ISUC transactions done in accordance to GDPR regulations.

3. Correction and updating of information

Data subjects are stimulated to correct and update the information contained in the ISUC database. They also choose the use of their data contained in the system database.

The system database receives data from several and various sources. The Verified Establishment ID Data Quality document frameworks the interaction roles of the system data providers, ID Assignment Agency and the system Quality Team to maximize the quality of the database.

4. Security of processing

ISUC guarantees (i) that the integrity of the personal data is confirmed and legalized; (ii) the continuous confidentiality, reliability, accessibility and flexibility of systems and services processing personal data; and (iii) that the repair of the availability and access to data is done in a short time in case of a physical or technical problem.

The system also warrants protection of the data subjects against unauthorized or illegal processing and against accidental loss, destruction or damage, using suitable technical or administrative measures.

The data subject has the right to know the receivers to whom the personal data are disclosed, and whether his/her personal data has been disclosed to a public authority at the authority's request.

5. Cancellation/Deletion of an ISUC:

The ISUC system responds to requests from the data subjects within a reasonable period of time.

The system will delete the personal data if the data subject asks for so. This deletion will happen without undue delay and the system will notify each data subject of its deletion unless this is impossible or requires a disproportionate effort.

If the system has made the personal data public without a justification, it would take all reasonable steps to have the data erased by third parties. The system shall inform the data subject, if it is possible, of the action taken by the relevant third parties.

In certain cases, the ISUC can preserve the ID identifier for documentation purposes provided that the system needs to maintain the ID identifier and personal data for purposes of proof.

The ISUC holders can request that their data be removed from the database except where the data subject has requested complete removal of his/her ID. However, removal of data by any data source will not result in the de-assignment of an ID. All data from a contributing source may be removed, including the direct URI link to the source’s database, with the exception of deleting the ID itself.

6. Notification of data held

Upon request, data subjects concerned are entitled to know:

• what personal information the system holds about them and the purpose for which it is used;
• How to gain access to it;
• WhatISUC is doing to comply with its legal obligations.

This information is available from the system data protection coordinator.

7. Applicability and applicable law

This Policy applies, no matter whether the processing takes place in the European Union or not. This Policy is governed by the laws of England and Wales.

8. Privacy

The ISUC system Privacy Statement for end users can be found  .

9. Handling of requests from those who have been assigned an international ID

The information provided is stored in a non-displayable field that generates an alert to the system Quality Team. If an e-mail address is supplied, a personal response is made in addition to any enhancements and corrections as a result of the input. Data subjects are using this method for requesting enriched information to be added to their profile and to correct errors and to request the suppression of information. ISUC strives to respond to such input within a suitable time, usually within 7 days.