1. Introduction
Sustainable Management System Inc. (“we,” “our,” or “us”), along with its affiliated operational entities, is committed to protecting the privacy, confidentiality, and integrity of information belonging to our clients, partners, and website visitors.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit https://www.smscert.com and use our services, including certification, auditing, verification, and training.
2. Information We Collect
We may collect the following categories of information:
2.1 Personal Information
- Name
- Email address
- Phone number
- Company name
- Job title
- Billing and payment details
2.2 Business and Operational Information
- Facility and operational details
- Certification and audit-related documents
- Compliance data and reports
- Worker-related data (primarily anonymized and aggregated)
2.3 Technical Information
- IP address
- Browser type and device information
- Basic website usage data
3. How We Use Your Information
We use collected information to:
- Deliver certification, audit, and verification services
- Process payments and issue invoices
- Communicate with clients and stakeholders
- Conduct training and capacity-building programs
- Manage verification data (e.g., SLCP, Higg FEM where applicable)
- Improve our services and website functionality
- Fulfill legal, contractual, and accreditation requirements
4. Legal Basis and Compliance Approach
We process data based on:
- Contractual necessity
- Legal and accreditation obligations
- Legitimate business interests
- Client consent where applicable
We aim to follow widely accepted data protection principles, including transparency, confidentiality, and responsible data handling.
5. Information Sharing and Disclosure
We do not sell or trade personal data.
We may share information with:
- Accreditation bodies and regulatory authorities
- Verification platforms (e.g., SLCP Gateway, Higg FEM/Cascale systems)
- Approved auditors, technical experts, and partners
- Payment processors and financial institutions
- IT and hosting service providers
All such parties are expected to maintain confidentiality and appropriate data protection practices.
6. Confidentiality of Audit and Certification Data
Due to the nature of our services, strict confidentiality is maintained for:
- Audit findings and reports
- Client documentation and records
- Worker interviews and grievance-related information
- Certification decisions and evaluation outcomes
Information is disclosed only when:
- Required by applicable law or authority
- Required by accreditation or scheme owners
- Authorized explicitly by the client
7. Cookies and Tracking
Our website currently does not use advanced tracking tools such as Google Analytics or Meta Pixel.
Basic cookies may be used for essential website functionality.
Users may control cookie settings through their browser.
8. Data Retention
We retain information:
- As required for service delivery and certification cycles
- In accordance with accreditation and operational requirements
- As required by applicable laws
Data is securely deleted or archived when no longer necessary.
9. Data Security
We implement reasonable and appropriate security measures, including:
- Controlled access to sensitive information
- Secure storage systems
- Internal confidentiality policies
- Staff awareness and training
While we take appropriate precautions, no system can guarantee absolute security.
10. Your Rights
Depending on applicable laws, you may have the right to:
- Request access to your data
- Request correction of inaccurate data
- Request deletion (subject to contractual/legal limitations)
- Object to certain processing activities
Requests may be submitted to:
info@smscert.com
11. International Operations
We operate across multiple jurisdictions through affiliated entities, partners, and licensed operations.
Your information may be processed in different locations as necessary for service delivery. We take reasonable steps to ensure consistent data protection standards across all operations.
12. Third-Party Links
Our website may include links to external websites.
We are not responsible for the privacy practices of those sites.
13. Children’s Privacy
Our services are not intended for individuals under the age of 18.
We do not knowingly collect personal data from children.
14. Website Functionality and User Interaction
14.1 Comments
When visitors leave comments on our website, we may collect:
- Data shown in the comments form
- IP address
- Browser user agent string
This information is used for spam detection and security purposes.
An anonymized string (hash) generated from your email address may be shared with third-party services (such as Gravatar) to display profile images.
14.2 Media Uploads
If users upload images to the website, they should avoid including embedded location data (EXIF GPS), as such data may be accessible to others.
14.3 Cookies (Detailed Use)
- Comment cookies may store your name, email, and website for convenience
- Login cookies may store authentication and display preferences
- Temporary cookies may be used to check browser compatibility
- Editing or publishing content may generate temporary cookies
Users can manage cookies through browser settings.
14.4 Embedded Content from Other Websites
Articles on this website may include embedded content (e.g., videos, images, articles).
Embedded content behaves as if the visitor has accessed the third-party website directly. These websites may collect data, use cookies, and track interactions.
14.5 User Accounts (If Applicable)
If users register on our website:
- Personal information is stored in user profiles
- Users can view, edit, or delete their data (except username)
- Website administrators may access and manage this information
14.6 Data Retention for Website Interaction
- Comments and related metadata may be retained indefinitely
- User account data is retained as long as the account exists
- Administrative data may be retained as required
14.7 Password Reset
If a password reset is requested, the user’s IP address may be included in the reset email for security verification.
14.8 Spam Detection
Visitor comments may be processed through automated spam detection services.
15. Updates to This Privacy Policy
We may update this Privacy Policy periodically.
Updates will be posted on this page with a revised effective date.
16. Contact Information
For any questions or concerns regarding this Privacy Policy:
Sustainable Management System Inc.
Website: https://www.smscert.com
Email: info@smscert.com
