Confidentiality policy

This policy describes our confidentiality principles that we commit not to disclosing the information belonging to the client as stipulated.

This policy aims at ensuring the credibility of our certification service with respect to processing information which is controlled by the client.

All personnel involved in certification activities comply with requirements regarding the confidentiality of information obtained during the certification process by signing the Code of Conduct of VCC&C and Confidentiality Statement.

Principles referring to the confidentiality of information are as follows:

– All information within the certification file are confidential;

– Access to information from the certification file is granted only to certification personnel;

– Other persons’ access to the information within the certification file or revealing of information is made only with the written approval by the client;

– Information of any kind, including device, graphics, written material or other information in tangible or intangible
form, obtained during the certification process, shall not be disclosed to third parties and shall not be used for another professional activities apart from the certification process;

– At the end of retaining period, the file containing certification documents shall be destroyed and electronic file shall also be deleted;

– Access to VCC&C internal documents and records is made only with the legal representative’ approval and client’s consent.

The confidentiality principles do not apply to information which is already public and / or which is required to be publicly available under the rules of the applicable certification scheme, regulation, law or contractual arrangements.

In case of collaboration with external companies / individuals that perform activities together with VCC&C or in its name, an equivalent confidentiality agreement shall be signed where the confidentiality of information is stipulated for certification activities.

VCC&C shall not publish, disclose, disseminate or otherwise make publicly available or use information or data obtained from certification processes except for uses stipulated in Rainforest Alliance Rules, Supply Chain Policy, and certification agreements. For the avoidance of doubt, VCC&C shall (i) share data associated with the audit process with Rainforest Alliance, and (ii) publish audit report, public summaries for all audit types, regardless of whether the client/certificate holder passed such audit. Public summaries may include a description of nonconformities.

Rainforest Alliance retains the right to publish contact and organizational information about VCC&C and client/certificate holders on its website due to its commitment to transparency. Under exceptional circumstances, client/certificate holder can request through VCC&C that RA not publish certain information if its publication poses proven threats to the health and safety of client/certificate holders’ owners or employees. VCC&C shall agree with these client/certificate holders on alternative contact and organizational information that is directly linked to client/certificate holders.

We also follow best practices related to IT security and applies reasonable security measures to safeguard all electronic information obtained from the client and communication with the client.