Principles of confidential data protection

In order to properly assess conformity, the certification body requests from its clients information which may be of a confidential nature. The following measures are taken to maintain the confidentiality of these information:

  • a permanent or external employee, subcontractor, or a member of a commission is contractually obliged not to prejudice the interests of LL-C and the applicant for certification in any way, in particular by disclosing the findings of the audit, conformity assessment, testing or inspection to a third party, or by providing the third party with information and documents that are the of LL-C (Certification) s or the applicant's property
  • LL-C (Certification) informs the client in advance about the information he intends to place on the publicly available domain
  • non-public information about the product or supplier may be provided to a third party only by an LL-C (Certification) representative, with the prior written consent of the client's statutory body. An exception to this policy is possible only if required by a generally binding legal regulation, e.g. courts, trials, police, trade inspection, etc.
  • with regard to the protection and processing of confidential data, the client is acquainted with the terms concerning the obligations and rights of the certification body through the Business Conditions (F32)
  • Rule 05 sets out the responsibilities of the staff of the certification body. As per this this Rule, employment contracts, works contracts or cooperation contracts shall be concluded with specific provisions guaranteeing confidentiality of information and compliance with all CO directives
  • in specific cases, or at the request of some clients, NDAs can be stipulated
  • selected procedures according to the ISO 27001 standard are applied to prevent misuse of the certification body's information. Their verification is subject to internal audits
  • all findings recorded at the client's premises are protected against unauthorized manipulation
  • access to digitally stored documents is password protected and assigned to authorized operators/employees. Each employee has an individual username and password, which he must not share with anyone. If a user was to suspect that his password may have been compromised, he must ask the LL-C (Certification) representative to provide a new one
  • the premises of LL-C's headquarters are locked and secured by the central security of the building
  • for specific schemes requirements (GMP +, FSSC 22000, etc.), audit results can be uploaded to the scheme owner's IT platform