> Data protection & privacy

BRIDGEHOUSE COMPANY SECRETARIES LIMITED

PRIVACY NOTICE 

(Last reviewed and updated August 2023)

BACKGROUND:

Bridgehouse Company Secretaries (also referred to as “Bridgehouse”, “We”, “Us”, “Our”) understand that Your privacy is important to You and that You care about how Your personal data is used. We respect and value Your privacy and will only collect and use personal data in ways that are described here, and in a way that is consistent with Our obligations and Your rights under the law.

The use of “You” or “Your” in this Privacy Notice refers to the relevant individual who is the subject of the personal data (the “Data Subject”).

Any reference in this Notice to Our “clients” or “suppliers” includes their employees, officers (including but not limited to non-executive directors) or other staff or meeting attendees whose personal data We collect and process.

1. Information About Us and How to Contact Us

Bridgehouse Company Secretaries Limited is company limited by shares, registered in England and Wales under company number 05620693. Our contact details are as follows: Registered address: Suite 2:06, Bridge House, 181 Queen Victoria Street, London, EC4V 4EG

Email address: contactus@bhcsecretaries.co.uk.

Telephone number: 08450558260.

Postal Address: Suite 2:06, Bridge House, 181 Queen Victoria Street, London, EC4V 4EG

Our website address is www.bhcsecretaries.co.uk

Should You have any questions regarding the contents of this Privacy Notice or Our data protection policies in general, please contact Us using one of the methods above and making it clear Your query is in relation to data protection.

2. What Does This Notice Cover?

This Privacy Notice explains how We collect and process Your personal data. It also explains Your rights under the law relating to Your personal data (See Part 4).

3. What is Personal Data?

Personal data is any information about You that enables You to be identified. The personal data that We collect and use is set out in Part 5, below.

4. What Are My Rights?

Under the law, You have certain rights, which We will always work to uphold. In brief, these rights are as follows:

4.1         The right to be informed about Our collection and processing of Your personal data. This Privacy Notice should tell You everything You need to know, but You can always contact Us to find out more or to ask any questions using the details in Part 1.
4.2         The right to access the personal data We hold about You. Part 11 will tell You how to do this.
4.3         The right to request that Your personal data be rectified if any of Your personal data held by Us is inaccurate or incomplete.
4.4         The right to request that We erase the personal data We hold about You (also known as the “right to be forgotten”).
4.5         The right to restrict (i.e. prevent) the processing of Your personal data.
4.6         The right to data portability. This means that, if You have provided personal data to Us directly, We are using it with Your consent or for the performance of a contract, and that data is processed using automated means (i.e. electronically), You can ask Us for a copy of that personal data to re-use with another service or business in many cases.
4.7         The right to object to Us using Your personal data for a particular purpose or purposes. You have an absolute right to stop your data being used for direct marketing.
4.8         Rights relating to automated decision-making and profiling. We do not use Your personal data in this way.

Please note that some of the rights listed above only apply in certain circumstances. Further information about Your rights can also be obtained from the Information Commissioner’s Office (“ICO”)  www.ico.org.uk or Your local Citizens Advice Bureau.

For more information about Our use of Your personal data or exercising Your rights as outlined above, please contact Us using the details provided in Part 1.

If You have any cause for complaint about Our use of Your personal data, You have the right to lodge a complaint with the ICO. We encourage You to contact Us in the first instance as We aim to promptly and efficiently resolve any concerns or complaints You may have to Your satisfaction.

5.0 What Personal Data Do You Collect, who is the Data Collected From and What is Our Legal Basis for Processing the Data?

You are requested only to share personal data with Us when strictly necessary for the purposes for which You have engaged with Us. If You share anybody else’s personal data with Us You should inform them and refer them to this Privacy Notice. For example, if You, as an employer share with Us personal data concerning an employee, You should inform that employee and refer them to this Privacy Notice.

We do not collect data concerning children, criminal offences or convictions, or special category data (special category data, also known as “sensitive data” includes data concerning details of Your race/ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information and genetic and biometric data).

Personal data may be collected directly from You which could mean it is collected when You contact Us in person (or give Us a business card), contact US via telephone, email, post, social media or via Our website (Contact Us form or Our Newsletter Sign Up form). It could also be collected when You provide Us with certain data in connection with Our due diligence/”Know Your Client”/contractual obligations prior to or on becoming a client, enter into a contract with Us, participate in Our seminars or events or market or provide goods or services to Us.

Personal data may be collected automatically as You use Our website by using cookies and similar technologies.  Please see Part 6 below for more details about this.

Your personal data may be received from third parties such as:

  • Your employer
  • A third party referral
  • When We conduct due diligence/”Know Your Client” checks
  • From public registers such as those maintained by Companies House and the Charities Commission (this is a publicly available source)
  • From Social media such as Linked-In (this is a publicly available source)
  • Analytics providers such as Google Analytics.

Under the law, We must always have a lawful basis for processing personal data. The data We may collect (depending upon Your relationship with Us), who it may be collected from and the legal basis for processing Your personal data relied upon by Us are as shown in the table below.

* Google Analytics Privacy Notice can be viewed at http://www.google.com/policies/privacy/

You can request that We stop sending You marketing messages at any time by using the opt-out links on any marketing message sent to You, or by contacting Us using one of the methods detailed in Part 1.

If You opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions with Us.

In some instances We are permitted or required by the law to collect and/or process Your personal data, such as when We carry out due diligence/”Know Your Client” and money laundering checks or in order to be able to enter into a contract with You.  If You fail to provide the information needed when requested, it is likely that We will be unable to enter into any contract with You.

6. Cookies

Cookies are small pieces of data, stored in text files, that are stored on Your computer or other device when websites are loaded in a browser. They are widely used to ensure a consistent and efficient experience for visitors, and perform essential functions enhancing users’ experience of use of websites. If You are uncomfortable with the use of Cookies, You can disable Cookies on Your device by changing the settings in the preferences or options menu in Your browser.  You can set Your browser to reject or block Cookies or to tell You when a website tries to put a Cookie on Your device. You can also delete any Cookies that are already stored on Your device.  However, please be aware that if You do delete and block all Cookies from Our website, parts of the site my not fully function. For more information see Our Cookie Policy available on Our website or upon request by contacting Us using one of the methods in Part 1.

7. How Do You Use My Personal Data?

We will only collect and process Your personal data for the purposes for which We collected it.  If We need to use Your data for an unrelated purpose, We will notify You and explain the legal basis which allows Us to do this.

Your personal data may be used for one of the following purposes:

  • Managing Our relationship with You
  • Developing and supplying Our services to You (including Your business/employer)
  • Entering into a contract with You
  • Communicating with You. This may include responding to, amongst other things, emails, letters or calls from You
  • Hosting and facilitating the hosting of events
  • Supplying You with information by email that You have either opted to receive or are receiving automatically as part of the client/supplier relationship with Us (You may unsubscribe or opt-out at any time by clicking on the unsubscribe link at the bottom of all such emails or by contacting Us (see Part 1).
  • Administration and management of Our website
  • Maintaining and using Our IT systems
  • Security, risk management and security activities
  • Managing Our account with You with respect to the services You provide to Us and payment to You
  • Providing and managing Your account with Us with respect to payment, fees and charges (including the recovery of money owed to Us).
  • Managing and protecting Our business including dealing with any complaints
  • Interaction with government or regulatory authorities in relation to You or Your business/employer
  • Complying with any requirement of law, regulation or professional body of which We are a member
  • Obtaining or maintaining insurance policies
  • Obtaining professional advice
  • Sending occasional gift or promotional items
  • With Your permission and/or where permitted by law and/or as advised in the Privacy Notice, We may use Your personal data for marketing purposes, which may include promotional events and seminars and newsletters. This may involve contacting You by email with information, news, and offers on Our You will not be sent any unlawful marketing or spam. We will always work to fully protect Your rights and comply with Our obligations under the law and You will always have the opportunity to opt-out of receiving such communications.
8. How Long Will You Keep My Personal Data?
  • We will not keep Your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
Classification of Data
How long before the data is deleted/destroyed
Rational for storage time
Prospective client data  

Data will be deleted once it is established that the prospective client will not become a client (max 12 months)

 

Data is kept for as short as time as possible to establish if prospective client will become a client
Client data – voice recordings of meetings  

All such recordings shall be securely disposed of following the approval by the Client’s board or committee of the meeting minutes.

 

 

Data is kept for as short as time as possible to establish that the Client is happy with the meeting minutes provided.
Client data – all other data 6 years after contract ends Limitation Act 1980
Supplier data 6 years after contract ends  

 

Limitation Act 1980

 

 

Usage data This does not include personal data and is not stored
Marketing & Communication data  

Until subscriber opts out, unsubscribes or withdraws consent

 

 

To continue to send You free resources and newsletters until You no longer require this service.

 

Should You require further details regarding data retention, please contact us for a copy of our Data Retention Policy.

9. Do You Disclose My Personal Data?

We may have to disclose Your personal data to the following:

  • Service providers who provide IT and system administration services
  • Professional advisers including lawyers, accountants, auditors, bankers, insurers
  • Government bodies that require Us to report processing activities or otherwise disclose Your personal data
  • Fraud prevention agencies
  • Third parties to whom We may sell, transfer or merge parts of Our business or assets

If any of Your personal data is shared with a third party, as described above, We will take steps to ensure that Your personal data is handled safely, securely, and in accordance with Your rights, Our obligations, and the third party’s obligations under the law.

We will never share Your personal data with third parties for marketing purposes.

10. Do You Transfer Personal Data Outside the UK or EEA?

 We may store or transfer some or all of Your personal data in countries that are not part of the UK or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Countries not within the EEA are known as “Third Countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that We will take additional steps in order to ensure that Your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows:

  • We will only transfer Your personal data to Third Countries if the UK authorities has deemed that they provide an adequate level of protection; or
  • We will use clauses in contracts with suppliers based outside the UK and EEA which have been approved by the UK authorities as giving personal data the same protection it has in the UK or EEA; or
  • Where We transfer Your data to a third party based in the US (a Third Country), We will check to ensure that third party is part of the EU-US Privacy Shield or an equivalent UK-US arrangement. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. If they are not part of such arrangements, We will use appropriate contract clauses as outlined in the second point above.
11. Data Security
  • The security of Your personal data is essential to Us, and to protect Your data, We have taken measures to prevent Your personal data being accidentally lost, deleted/destroyed, altered, disclosed or accessed.  Only authorised personal have access to Your personal data and all are subject to an undertaking to keep it confidential.
  • We are aware of Our legal obligations regarding suspected data breaches and have the appropriate procedures in place regarding the notification of the ICO and of the individuals affected by the breach.
12. How Can I Access My Personal Data?
  • If You want to know what personal data We have about You, You can ask Us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “Subject Access Request”.
  • All Subject Access Requests should be made in writing and sent to the email or postal addresses shown in Part 1.
  • There is not normally any charge for a Subject Access Request. If Your request is ‘manifestly unfounded or excessive’ (for example, if You make repetitive requests) a fee may be charged to cover Our administrative costs in responding.
  • We will respond to Your Subject Access Request within one month of receiving it. Normally, We aim to provide a complete response, including a copy of Your personal data within that time. In some cases, however, particularly if Your request is more complex, more time may be required up to a maximum of three months from the date We receive Your request. You will be kept fully informed of Our progress.
13. Changes to this Privacy Notice
  • We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if We change Our business in a way that affects personal data protection.
  • The date of the last review and update of this Notice is shown at the top of the first page. Please ensure that, each time you visit Our website, you have read the latest version.

Contact us