PRIVACY POLICY
Updated June 2020
This privacy notice explains in clear language, how Burgess Hill Business Parks Association LTD uses the personal information we collect from Data Subjects, whether through using our website, or in any other way, electronically, verbally or in writing.
Topics:
- Data Controller
- Basis for collecting your data (lawful processing)
- Recipients of data and data transfers
- Sensitive information
- Categories and type of Personal Data collected
- Retention Policy
- Your rights as a Data Subject
- Automated decision making
Data controller
Burgess Hill Business Parks Association LTD is the Data Controller. We can be contacted at martyn@bhbpa.co.uk or on telephone number +44 (0)7740 638414.
On what basis do we collect and process your data?
Data Privacy law defines the basis by which we can lawfully collect and process personal data. For the data where we act as Data Controller, we have determined the following bases:
In our legitimate interest:
We will collect and process personal data where it is in the legitimate interest of Burgess Hill Business Parks Association LTD to do so. Specifically, we use legitimate interest in relation to our newsletter subscribers, enquirers, members and prospective members. This will include, but is not limited to, the continued processing and retention of records of our transactions and interactions. In our view the legitimate interests of the organisation do not outweigh those of the data subject. The data collected will not be used for any unlawful or unethical purpose.
To enter into or in pursuance of a Contract:
We will collect personal data when engaging with individuals to enter into a business to business contract, such as a service contract or an affiliation. We will continue to process that data for the duration and store it for up to 7 years after the contract expires or is terminated.
Data recipients and data transfers
We do not sell any personal data to any third parties.
Where required, Burgess Hill Business Parks Association LTD will share personal data with service providers such as accountants. We may share your personal information with printing and mailing companies, email service providers, web & IT service providers and other delivery companies in their capacity of providing a service to BHBPA.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, we will disclose your personal data in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Sensitive information
Burgess Hill Business Parks Association LTD does not process sensitive data as defined by Article 9 of the GDPR.
Categories and types of data
We process data related to Newsletter Subscribers, Enquirers, Members and organisations we contract with in some way.
We process the following data of our Newsletter Subscribers:
- Name
- Email address
- Phone number(s)
- Company name
- Opt in, opt out decisions and dates
- Dates re the opening of newsletters
- Click through information
We process the following data of our Enquirers:
- Name
- Email address
- Phone number(s)
- Company name
- Details of the enquiry
We process the following personal data of our Members:
- Name of Principal Point of Contact
- Name of Member (usually a business)
- Type and category of business
- Images and description of services
- Address
- Email address
- Phone number(s)
- Subscription fee
- Invoice details (number, date, value etc.)
- Payments received
- Membership dates (start and end)
- Account number
- Details of correspondence including responses to surveys we conduct from time to time, including registrations to attend BHBPA events.
We process the following personal data of those we Contract with:
- Name of Business contracted with
- Address
- Email address
- Phone number(s)
- Purchase details (reference numbers, dates and values etc).
We collect data in relation to Enquirers, Members, and Contracting parties’ communications and interactions with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we collect as Data Controllers from our Data Subjects is obtained directly from either the Data Subject themselves or is obtained from sources such as the contracting client or from social media platforms.
Please see our Cookie Policy for information on the data collected by our website.
Retention Policy
The data we collect directly from Newsletter Subscribers, Enquirers, Members and Contracting parties is the minimum we require to facilitate the lawful processing described above. Burgess Hill Business Parks Association LTD has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it and for our legitimate purposes.
Generally, we will retain personal data of Enquirers for 1 year should that enquiry not result in membership or a commercial engagement.
We will retain Newsletter Subscribers personal data for 1 year after it has become evident that such persons have either opted out from receiving the BHBPA Newsletter or have stopped opening it.
Personal data for our Members will be retained for approximately 1 year after they have ceased to be members.
Personal data of our Contracting Parties will be held for the duration of any commercial agreement between us and to protect our lawful interests for a period after a contract ends.
Personal data may be retained for other periods if required by legal obligation, such as HMRC requirements.
Data Storage and Security
The data we process is held as follows:
- Our accounting data is held in Xero which is an ISO/IEC 27001:2013 compliant information management security system
- Our email system is Microsoft Outlook which provides us with data that is held in Microsoft 365 and stored in a Microsoft data centre. As per Microsoft, “the requirements of the EU Data Protection Directive have been accounted for in the design and operation of their services for normal use, and they continually monitor this area for changes relevant to the evolution of the services.” –https://legal.office.com/en-gb/docid31
- Our Microsoft Office files e.g. Word, Excel and PowerPoint are stored on and backed up to the Apple cloud. This cloud solution is located in the USA and is subject to the Privacy Shield framework. This framework has been subject of an adequacy decision by the European Data Protection Board.
Burgess Hill Business Parks Association LTD follows suitable security procedures to ensure that personal information is not damaged, destroyed, or disclosed to a third party without appropriate permission and to prevent unauthorised access. Our data is subject to rigorous back up regimes as operated by the cloud service providers we use so as to prevent data loss and continuance of service.
The information we collect and process as data controllers is restricted to our appointed officers / directors and only those persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly or using the appropriate online update facilities where available.
Cookies from our website
To make our website work properly, we place small data files called cookies on your device.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. They can also provide analytical data about your usage of our website.
How do we use cookies?
This website uses Google Analytics to provide us with generalised information about visitors to our site. To find out more about Google Analytics visit http://www.google.com/analytics/learn/privacy.html. You may install an add-on for your browser to opt out of Google Analytics tracking inclusion here https://tools.google.com/dlpage/gaoptout.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
Cookies we use are:
_gid Performance Google Analytics used to store and update a unique value for each page visited.
_ga Performance Used to calculate visitor, session and campaign data for the site’s analytics reports.
How to control cookies
You can control and/or delete cookies as you wish – for details, see www.aboutcookies.org – you can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Burgess Hill Business Parks Association LTD is committed to upholding those rights and those applicable to the personal information we collect and process as listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
- The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information.
- Right of Access – you have the right to know what personal information is held, by whom and why.
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability –You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object –You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, the Information Commissioners Office – www.ico.org.uk
Automated decision making
Burgess Hill Business Parks Association LTD does not use automated decision making to process personal data.
Third party websites
Our website, directory and newsletters contain links to other websites. This privacy policy only applies to Burgess Hill Business Parks Association facilities, so if you follow a link to another website, you should read that organisation’s own privacy policy.
Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in June 2020.
How to contact us
You can write to us at this address:
Burgess Hill Business Parks Association LTD, c/o Lea Graham Associates, 84 Valebridge Road, Burgess Hill, RH15 0RP
Alternatively, you can telephone us on this number: +44 (0)7740 638414 or you can email us by using this link: martyn@bhbpa.co.uk