> Data protection & privacy
Date of Publication: 5th July 2018
Version Number: 3
Due for Review: 5th July 2019
BRIDGEHOUSE COMPANY SECRETARIES LIMITED
Bridgehouse Company Secretaries (also referred to as “Bridgehouse”, “We”, “Us”, “Our”) understand that Your privacy is important to You and that You care about how Your personal data is used. We respect and value Your privacy and will only collect and use personal data in ways that are described here, and in a way that is consistent with Our obligations and Your rights under the law.
The use of “You” or “Your” in this Privacy Notice refers to the relevant individual who is the subject of the personal data (the “Data Subject”).
Any reference in this Notice to Our “clients” or “suppliers” includes their employees or other staff whose personal data We collect and process.
1. Information About Us and How to Contact Us
Bridgehouse Company Secretaries Limited is company limited by shares, registered in England and Wales under company number 05620693. Our contact details are as follows: Registered address: Third Floor 5 St. Bride Street, London, England, EC4A 4AS.
Email address: email@example.com.
Telephone number: 08450558260.
Postal Address: Third Floor 5 St. Bride Street, London, England, EC4A 4AS.
Our website address is www.bhcsecretaries.co.uk
Should You have any questions regarding the contents of this Privacy Notice or Our data protection policies in general, please contact Us using one of the methods above and making it clear Your query is in relation to data protection.
2. What Does This Notice Cover?
This Privacy Notice explains how We collect and process Your personal data. It also explains Your rights under the law relating to Your personal data (See Part 4).
3. What is Personal Data?
Personal data is any information about You that enables You to be identified. The personal data that Wecollect and use is set out in Part 5, below.
4. What Are My Rights?
Under the law, You have certain rights, which Wewill always work to uphold. In brief, these rights are as follows:
4.1 The right to be informed about Ourcollection and processing of Your personal data. This Privacy Notice should tell You everything You need to know, but You can always contact Us to find out more or to ask any questions using the details in Part 1.
4.2 The right to access the personal data We hold about You. Part 11 will tell You how to do this.
4.3 The right to request that Your personal data be rectified if any of Your personal data held by Us is inaccurate or incomplete.
4.4 The right to request that We erase the personal data We hold about You (also known as the “right to be forgotten”).
4.5 The right to restrict (i.e. prevent) the processing of Your personal data.
4.6 The right to data portability. This means that, if You have provided personal data to Us directly, We are using it with Your consent or for the performance of a contract, and that data is processed using automated means (i.e. electronically), You can ask Us for a copy of that personal data to re-use with another service or business in many cases.
4.7 The right to object to Us using Your personal data for a particular purpose or purposes. You have an absolute right to stop your data being used for direct marketing.
4.8 Rights relating to automated decision-making and profiling. We do not use Your personal data in this way.
Please note that some of the rights listed above only apply in certain circumstances. Further information about Your rights can also be obtained from the Information Commissioner’s Office (“ICO”) www.ico.org.uk or Your local Citizens Advice Bureau.
For more information about Ouruse of Your personal data or exercising Your rights as outlined above, please contact Us using the details provided in Part 1.
If You have any cause for complaint about Ouruse of Your personal data, You have the right to lodge a complaint with the ICO.We encourage You to contact Us in the first instance as We aim to promptly and efficiently resolve any concerns or complaints You may have to Your satisfaction.
5. What Personal Data Do You Collect, who is the Data Collected From and What is Our Legal Basis for Processing the Data?
You are requested only to share personal data with Us when strictly necessary for the purposes for which You have engaged with Us. If You share anybody else’s personal data with Us You should inform them and refer them to this Privacy Notice. For example, if You, as an employer share with Us personal data concerning an employee, You should inform that employee and refer them to this Privacy Notice.
We do not collect data concerning children, criminal offences or convictions, or special category data (special category data, also known as “sensitive data” includes data concerning details of Your race/ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information and genetic and biometric data).
Personal data may be collected directly from You which could mean it is collected when You contact Us in person (or give Us a business card), contact US via telephone, email, post, social media or via Our website (Contact Us form or Our Newsletter Sign Up form). It could also be collected when You provide Us with certain data in connection with Our due diligence/”Know Your Client” obligations prior to or on becoming a client, enter into a contract with Us, participate in Our seminars or events or market or provide goods or services to Us.
Personal data may be collected automatically as You use Our website by using cookies and similar technologies. Please see Part 6 below for more details about this.
Your personal data may be received from third parties such as:
- Your employer
- A third party referral
- When We conduct due diligence/”Know Your Client” checks
- From public registers such as those maintained by Companies House and the Charities Commission (this is a publicly available source)
- From Social media such as Linked-In (this is a publicly available source)
- Analytics providers such as Google Analytics.
Under the law, We must always have a lawful basis for processing personal data. The data We may collect (depending upon Your relationship with Us), who it may be collected from and the legal basis for processing Your personal data relied upon by Us are as shown in the table below.
|CLASSIFICATION OF DATA||WHAT THE DATA COLLECTED MAY INCLUDE||WHO IS THE DATA COLLECTED FROM?||WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?|
|Prospective Client Data
This is data that may be collected and processed whether or not You go on to becoming a client of Ours
– Telephone Number
– Email Address
– Business Name
– Job title
Directly from You or from a third party
|The processing of Prospective Client Data is to enable Us to take steps at Your request to enter into a contract with You or to actually enter into such contract. Such processing may also be necessary due to Us having a legal or regulatory obligation to keep records and for Our legitimate interests to enable Us to communicate with You, keep records, and to establish, pursue or defend legal claims if necessary.|
This is data which may be collected and processed should You become a client
|As for Prospective Client Data above and in addition:
– Billing Address
– Payment Details
Directly from You
|The processing of client data is to enable Us to take steps at Your request to enter into a contract with You or to actually enter into such contract. Such processing is also necessary due to Us having a legal or regulatory obligation to keep records and is in Our legitimate interests to enable Us to communicate with You throughout Our relationship in order to maintain Our business and provide Our services, keep records, and to establish, pursue or defend legal claims if necessary. It is also in the legitimate interests of Our clients to enable them to receive services from Us necessary for the running of their business.|
This is data which may be collected and processed should You become a supplier of goods or services to Us
|Directly from You or from a third party
|The processing of supplier data is to enable Us to enter into a contract with You for the supply of Your products and/or services. We are also under a legal or regulatory obligation to keep records. It is also in Our legitimate interests to process this data for the purposes corresponding with You and obtaining the products and services required by Our business.|
|Details of payments to You.||Directly from You|
|IP Address (anonymised)
Pages on our Website that you have visited and how your arrived there – i.e. via another site or an internet search
|Via Google Analytics*
cookies on Our website
|The processing of Usage Data is in Our legitimate interests in that the collection of such information allows Us to administer Our website as well as to protect Our business and Our website.|
|Marketing and Communications Data
This is data collected when You opted to receive Our newsletter or free resources and includes information regarding Your marketing and communication preferences
|Directly from You||The processing of Marketing and Communications Data is to enable Us, at Your request, to send You Our free resources and/or Our newsletter
Our legal basis for processing of Marketing and Communications Data is that it is only done with Your consent WHICH CAN BE WITHDRAWN AT ANY TIME.
* Google Analytics Privacy Notice can be viewed at http://www.google.com/policies/privacy/
You can request that We stop sending You marketing messages at any time by using the opt-out links on any marketing message sent to You, or by contacting Us using one of the methods detailed in Part 1.
If You opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions with Us.
In some instances We are permitted or required by the law to collect and/or process Your personal data, such as when We carry out due diligence/”Know Your Client” and money laundering checks or in order to be able to enter into a contract with You. If You fail to provide the information needed when requested, it is likely that We will be unable to enter into any contract with You.
7. How Do You Use My Personal Data?
We will only collect and process Your personal data for the purposes for which We collected it. If We need to use Your data for an unrelated purpose, We will notify You and explain the legal basis which allows Us to do this.
Your personal data may be used for one of the following purposes:
- Managing Our relationship with You
- Developing and supplying Our services to You (including Your business/employer)
- Entering into a contract with You
- Communicating with You. This may include responding to, amongst other things, emails, letters or calls from You
- Hosting and facilitating the hosting of events
- Supplying You with information by email that You have opted to receive (You may unsubscribe or opt-out at any time by clicking on the unsubscribe link at the bottom of all such emails or by contacting Us (see Part 1).
- Administration and management of Our website
- Maintaining and using Our IT systems
- Security, risk management and security activities
- Managing Our account with You with respect to the services You provide to Us and payment to You
- Providing and managing Your account with Us with respect to payment, fees and charges (including the recovery of money owed to Us).
- Managing and protecting Our business including dealing with any complaints
- Interaction with government or regulatory authorities in relation to You or Your business/employer
- Complying with any requirement of law, regulation or professional body of which We are a member
- Obtaining or maintaining insurance policies
- Obtaining professional advice
- With Your permission and/or where permitted by law, We may also use Your personal data for marketing purposes, which may include promotional events and seminars and newsletters.This may involve contacting You by email with information, news, and offers on Our You will not be sent any unlawful marketing or spam. We will always work to fully protect Your rights and comply with Ourobligations under the law and You will always have the opportunity to opt-out of receiving such communications.
8. How Long Will You Keep My Personal Data?
We will not keep Your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
|Classification of Data||How long before the data is deleted/destroyed||Rational for storage time|
|Prospective client data||Data will be deleted once it is established that the prospective client will not become a client (max 12 months)
|Data is kept for as short as time as possible to establish if prospective client will become a client|
|Client data||6 years after contract ends||Limitation Act 1980|
|Supplier data||6 years after contract ends||Limitation Act 1980
|Usage data||This does not include personal data and is not stored|
|Marketing & Communication data||Until subscriber opts out, unsubscribes or withdraws consent
|To continue to send You free resources and newsletters until You no longer require this service.
Should You require further details regarding data retention, please contact us for a copy of our Data Retention Policy.
9. Do You Disclose My Personal Data?
We may have to disclose Your personal data to the following:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, accountants, auditors, bankers, insurers
- Government bodies that require Us to report processing activities or otherwise disclose Your personal data
- Fraud prevention agencies
- Third parties to whom We may sell, transfer or merge parts of Our business or assets
If any of Your personal data is shared with a third party, as described above, We will take steps to ensure that Your personal data is handled safely, securely, and in accordance with Your rights, Ourobligations, and the third party’s obligations under the law.
We will never share Your personal data with third parties for marketing purposes.
10. Do You Transfer Personal Data Outside the EEA?
We may store or transfer some or all of Your personal data in countries that are not part of the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Countries not within the EEA are known as “Third Countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that We will take additional steps in order to ensure that Your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows:
- We will only transfer Your personal data to Third Countries if the European Commission has deemed that they provide an adequate level of protection; or
- We will use clauses in contracts with suppliers based outside the EEA which have been approved by the European Commission as giving personal data the same protection it has in Europe; or
- Where We transfer Your data to a third party based in the US (a Third Country), We will check to ensure that third party is part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission. If they are not part of the EU-US Privacy Shield, We will use appropriate contract clauses as outlined in the second point above.
11. Data Security
The security of Your personal data is essential to Us, and to protect Your data, We have taken measures to prevent Your personal data being accidentally lost, deleted/destroyed, altered, disclosed or accessed. Only authorised personal have access to Your personal data and all are subject to an undertaking to keep it confidential.
We are aware of Our legal obligations regarding suspected data breaches and have the appropriate procedures in place regarding the notification of the ICO and of the individuals affected by the breach.
12. How Can I Access My Personal Data?
If You want to know what personal data We have about You, You can ask Us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “Subject Access Request”.
All Subject Access Requests should be made in writing and sent to the email or postal addresses shown in Part 1.
There is not normally any charge for a Subject Access Request. If Your request is ‘manifestly unfounded or excessive’ (for example, if You make repetitive requests) a fee may be charged to cover Our administrative costs in responding.
We will respond to Your Subject Access Request within one month of receiving it. Normally, We aim to provide a complete response, including a copy of Your personal data within that time. In some cases, however, particularly if Your request is more complex, more time may be required up to a maximum of three months from the date We receive Your request. You will be kept fully informed of Our progress.
13. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if We change Our business in a way that affects personal data protection.
The date of and the version number of this Notice is shown at the top of the first page. Please ensure that, each time you visit Our website, you have read the latest version.