BCN Group Ltd (“BCN Group”) are committed to protecting and respecting the privacy of our customers, contractors and partners. To ensure that everyone is confident about our use of their Personal Data when dealing with BCN Group we have prepared this Privacy Notice which sets out how we collect, store, use and share your Personal Data. It also explains your rights in relation to your Personal Data and how to contact us or supervisory authorities in the event you have a complaint.
BCN Group recognise and respect your right to privacy.
This notice recognises our responsibilities as a data controller. Where we process data as a processor, we would urge you check the privacy notice of the relevant data controller, with whom we have a contracted obligation to follow their instructions for use of that personal data. We only process data according to the various laws that govern data protection;
• GDPR (UK GDPR from Jan 2021)
• Data Protection Act 2018
• PECR (Privacy and Communications Act)
Information about the data controller
The data controller is BCN Group Ltd, Trident 3, Trident Business Park, Styal Road, Manchester Airport, M22 5XB. Our company registration number is 06893253 and our registration number with the Information Commissioner’s Office is ZA176233.
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at email@example.com.
The purpose and lawful basis for processing your personal data
We use information for a variety of purposes and these each have a different lawful basis. This section describes these in detail and, although it may sound technical, we’re required by law to explain this to you.
If you are an existing BCN Group customer, we hold your personal data to deliver our services (such as send you update emails when you need to take actions, send you invoices etc) We also hold technical information about services and products you use. We will hold your information according to our retention schedule.
If you are a previous BCN Solutions customer, in the three-year period following the end of our contract, we may continue to contact you with information about BCN services because we think you will find it useful. We believe we have a legitimate interest in this direct marketing activity (and this is also permitted under the Privacy and Electronic Communications Regulations or “PECR”) but you are always able to unsubscribe by clicking the link at the bottom of the emails we send, or by emailing us at firstname.lastname@example.org.
If you are an employee of (or temporary or contract worker at) an existing BCN Solutions customer, you should note that we have most likely been given your personal data by your employer, we may not have collected it from you directly. We hold your name and contact details so that we can help deliver our services to your organisation. We have a legitimate interest in being able to use your information in this way, we believe it’s also in your interests to be able to support and assist you under our contractual requirements with your employer.
If you have provided us with your email address via this website for our newsletter we use consent as the legal basis. Should you wish to withdraw your consent, you can do so at any time by clicking the unsubscribe link on each newsletter or contact us using the details on this privacy notice.
If you have used the “contact us” section of this website to enquire about our services, we use “performance of a contract” as the legal basis for processing your data if you enter into negotiations about becoming a client. If you do not become a client we use our legitimate interests as our legal basis to process your data, however we have strict retention schedules for how long this is appropriate.
Where we use legitimate interests, it is when we have a legitimate business or commercial reason to use your information, on condition this does not override your rights and interests.
How we collect data
We may collect data in one of the following ways:
• Face to face meetings
• Telephone Calls
• Leaving your contact details on this website
• Via cookies on our website
• We do not collect personal data from any publicly available sources
Our services are directed at adults and we do not knowingly collect any data relating to children.
We do not undertake any aspect of profiling of personal data
The type of data we collect
In the course of our business we may have access to various parts of your employers’ network. We will advise your employer to restrict certain parts of your network that may contain more sensitive information, however typically we will process the following categories of data:
• Name & contact details including address telephone (mobile, landline, DDI) and email addresses
• IP address
• Place of work
• Employee ID number
• Financial information
• Job title
• Financial Information we will use to conduct business credit checks
• Analytics of how you use this website (via Google Analytics – see data sharing section below)
This Personal Data is required to provide data technology goods and services to you. If you do not provide Personal Data we ask for, it may delay or prevent us from providing these to you.
We have a strict retention schedule and internal processes to ensure these are adhered to. For example, we keep contact details of all former clients for a period of three years for marketing purposes, although we may process personal data for longer if required to by law.
If you visit our website, we use Google Analytics on our website to track user activity on our site, so we can improve our service. We may record your computer’s IP address so we can tell how each user and repeat visitor is using our site (your IP address is also considered personal data). We have a legitimate interest in tracking user journeys on the site so that we can improve our service and maintain security. We will hold IP information for a maximum of three years from the time of your last visit to our site or application.
If you’re not an existing customer and you have provided your contact details for our marketing list so we can send you emails and newsletters about our service, along with information we think you’ll find interesting and useful. We will only send you this information if we have your consent (which you gave to us by ticking a consent box when you signed up to our lists.) You may withdraw consent at any time – usually this is easiest by choosing the “unsubscribe” option at the bottom of information we send to you. You can also email us at email@example.com any time. Please note that if you do this, we will delete your records from our marketing list. Periodically we will also contact you to re-confirm your consent.
Who we share your personal data with
We use a number of different service providers (acting as “data processors”) who provide IT and system administration services to enable us to operate our business and the services we provide to our users and partners. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
Our service providers and sub-contractors, including but not limited to payment processors, suppliers of technical and support services and cloud service providers;
• Companies that assist us in our marketing, advertising and promotional activities;
• Website analytics service providers (see Google Analytics Privacy Notice)
• Website and data hosting service providers
• Document storage service providers
• Email, contacts and calendar service providers
• Backup Solution providers
• Accounting software service providers
We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers relating to ensure they can only use your Personal Data to provide services to us and to you
We will share Personal Data with law enforcement or other authorities (such as tax authorities) if required by applicable law.
We may share Personal Data with third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may only use your personal data in the same way as set out in this privacy notice.
Third Party Websites
To protect our customers, premises, assets and staff from crime, we operate CCTV systems at a number of our offices and car parks which record images for security. We do this on the basis of our legitimate business interests. These systems may record your image during your visit.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities. We have strict retention schedules for how long we keep CCTV data.
International transfers of personal data, and the measures in place to safeguard it
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. All the cloud-based systems we use reserve the right to hold copies of your Personal Data outside the EEA to hold back-up copies, so they can guarantee recovery.
In each case we and/or our processors use one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse.
Certain processors may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where personal data is transferred outside the EEA or countries the EC deems not to have adequate privacy protection, we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Providers storing data in the US may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
In light of recent developments in law, we operate a policy of analysing the risk associated with any such transfers and where possible add supplementary measures to further protect your data.
Your personal data rights
The personal data we hold about you is your data, you have certain rights over them. This section summarises your rights. You can exercise any or all these rights when you choose, and the easiest way is by emailing us at firstname.lastname@example.org;
• update any Personal Data which is out of date or incorrect;
• delete any Personal Data which we are holding about you;
• restrict the way that we process your Personal Information;
• to have your personal data transferred to another organisation, and we’re obliged to provide it to that 3rd party in a clear and reasonable format;
• where we are processing your data based on your consent (e.g. for marketing purposes) you can withdraw that consent and we must immediately stop processing your data.
• you have the right to request a copy of all personal data we hold relating to you and we must provide this within 1 month. You also have the right to require us to correct any records that are wrong. We retain the right to keep data that is needed to establish, exercise or defend a legal claim.
• where we process your data based on a “legitimate interest” (in the section on Purpose and Lawful Basis, above) you still have the right to object to our processing of that data. From that point, we must stop processing your data until we have determined whether your rights override our interests.
• Your rights to lodge a complaint with the Regulator (contact details below)
NB. Please note the above rights are not all absolute rights. For example, you cannot ask us to erase your personal data if we are legitimately processing your data on the legal basis of performance of a contract. Where we have an obligation to satisfy your rights we will do so without charge (unless we deem your requests manifestly unfounded or excessive) and within a reasonable time period (usually within 1 month).
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113.
Of course, we hope that we can resolve your issue quickly and fairly – you can contact us at email@example.com.
Please be aware that before we can satisfy any requests we may need to request proof of ID.
Security of your data
We operate an extremely secure network where your data is held. In order to secure your data this includes, but is not limited to following techniques
Automated processing of your personal data
The only automated processing we do of personal data within our systems is through the engagement of Marketing platforms to undertake some automated communications activities. You are able to manage the information you receive from us at any time by contacting firstname.lastname@example.org.
Changes to this privacy notice
How to contact us
If you have any questions, concerns or just want some more information in relation to our privacy management, you can contact us in the following ways:
Telephone: 0345 095 7000