What this policy covers
Under data protection law, we have certain legal responsibilities about how we collect, use and share your personal information.
From time to time, as part of running our business, we collect and use certain personal information about individuals with whom we have contact, and in particular our associates, clients, suppliers, other third parties with whom we do business and even certain information about members of the general public (we refer to such individuals in this notice as “you” or “your” or “contacts“).
This policy explains our privacy practices and covers the following:
- The type of individuals whose personal information we collect
- What personal information about you we collect and use
- Sources of personal information
- How we use your personal information
- Who we share your personal information with
- How long we retain your personal information for
- Any transfers involving your personal information
- How we legally justify using your personal information
- Your legal rights in relation to your personal information
- Other relevant information, including how to contact us
1. Whose personal information do we collect
We collect and use personal information relating to the following types of individuals:
Contacts that are our existing associates and clients – we collect and use contact details of people who we liaise with at organisations who are our existing clients i.e. organisations who appoint us to deliver services.
Contacts that are our potential associates and clients – you may express an interest in our services, for example by phoning us or registering an interest via an email or on our website, or we may contact you where we consider that you may be interested in our services.
Visitors to our offices – We also collect certain information about people who visit (or who come in close proximity to) our offices or sites or places where we are working.
Contacts at our advisors and other third-party suppliers – we collect and use certain personal information about contacts who work at organisations who provide goods and services to us, i.e. our suppliers and organisations with whom we partner to provide our services, as well as advisors who provide legal, financial services and other advice to our business.
2. What personal information about you we collect and use
Depending on whose personal data we collect and use (as indicated above) the information will generally consist of:
- Members, Clients and potential members and clients ►
name, job title, email address and work address.
(b) Visitors to our sites and other people who come into our offices and sites and places where we work►
(i) CCTV recordings from static cameras placed around the buildings – these face exits and entrances;
(ii) details of your name, place of work, your contact details – which guests provide when they visit our sites/offices for appointments or meetings,
(iii) video images of people who are in the immediate vicinity when we record video images – for example, this may unintentionally involve us recording people in the vicinity at that time.
(c) Advisors / thirty party suppliers ► name, job title, email address, phone number and work address.
Sources of personal information
(a) Information you provide ► the information you provide where you or your organisation provides to us or receives a services from us; or when you get in touch with us, for instance registering an interest by emailing us, have a telephone conversation with our call centre, or if we meet at a networking event and you provide your business card; or when you get in touch directly in the event of a complaint or claim.
(b) Information from your employer ► your employer may pass us your contact details, for instance if you are to act as someone who we will be liaising with regarding a project.
(c) Information from a solicitor or insurer ►if you are a member of the general public and you make a claim against us, your solicitor or insurer may pass us your contact details.
(d) Information from publicly available sources ►we may occasionally obtain limited personal information from the internet or from sources such as LinkedIn.
(e) Information collected by CCTV or other video cameras ►if you are a member of the public or other individual who visits or comes into close proximity with our sites, we may collect personal information about you via CCTV. We also record images – for example at events we host – this may unintentionally involve us recording people in the vicinity at that time.
How we use your personal information
(a) Day to day communications with customer, suppliers and other third parties who we work with – we need to communicate effectively and efficiently with our members, clients, advisors, journalists and third party suppliers, in order to facilitate our provision of high quality and timely communications and services, including service delivery, newsletters, insights, press releases, invitations to attend or speak at events or to senior individuals and compliance with all operational, technical, health, safety, environmental & governance standards. Similarly, where your organisation provides services to us, we will need to know which individuals at your organisation we need to communicate with and keep details of your personal information on our systems, including for selection, health & safety and compliance requirements. Therefore, we use personal information for day to day communications with such parties. Our communication methods include written correspondence, email, telephone, online video conferencing and face to face meetings.
and Security of our offices and sites –
we collect personal information about you via CCTV at our offices and certain
sites where we operate. We record images in this manner for security reasons,
to protect our assets and staff, but also to ensure compliance with operational
health and safety standards and general governance standards. Where we
unintentionally record images of passers-by we do not actually use the personal
information contained in such recordings.
(c) Business development – as a business, we do not conduct major marketing campaigns using personal information. We do however from time to time use limited personal information (business contact details) to get in touch with existing and potential clients, in order to promote our services and build relationships and to develop and manage existing relationships. For instance, we use LinkedIn, phone calls and emails to invite clients to events.
(d) Managing accounts and other internal administrative purposes – we process personal information for other internal administrative purposes, including in relation to setting up and managing accounts with our clients and suppliers, paying and raising invoices etc..
Parties who we share your personal information with
We share your personal information with the following parties:
a) From time to time we may share personal information internally, with other entities in our group. These entities may include:
• Other BAR associates
• BAR service partners
a) [Nominated Legal Firm] – as required in relation to the provisions of legal services;
b) My Business Centre – as required for the audit of financial statements, tax compliance and advice;
c) Client(s), associates and service partners – to ensure the employee of a subcontractor meets the technical, behavioural, health and safety requirements of the client to the client’s or member’s satisfaction, where relevant;
d) IT service providers – suppliers who provide hosting of our IT services or who provide support and maintenance services for our IT systems may occasionally have supervised access to parts of our IT systems which contain personal information for maintenance and support purposes;
e) Providers of CCTV – we use third party providers to operate CCTV for us;
f) The Police – we may be contacted by the police asking for CCTV footage, for instance relating to incidents;
Where we share personal information with third parties, where possible, we generally have contracts in place with such third parties, which ensures that they will protect your personal information and not use it for any purposes beyond delivering their services to us.
How long we retain your personal information for
The length of time that we may retain your personal information for varies, according to the type of individual whose personal information we have collected, and what this is being used for:
|Type of individual||Applicable retention period|
|Existing clients and members||For the duration of the contract between us plus 6 years.|
|Claimants||Until the claim is resolved|
|Personal information in CCTV recordings and telephone call recordings||28 days unless we have reasonable grounds to consider that we may need to retain the information for longer, for instance if it contains evidence relating to a potential legal claim or criminal act.|
|Our advisors and other third-party suppliers||Our advisors and other third-party suppliers for the duration of the contract between us and such third parties plus 6 years.|
Transfers of your personal information
Unless you request us to do so, we will not actively transfer your personal information outside the European Economic Area (EEA), it will be stored on servers based in the United Kingdom or EEA. If you use an email service provider whose servers are based outside of the EEA then please note that any related transfer of your personal information is outside of our control.
Legal grounds for processing your personal information
Every use that we make of your information must meet a legal ground in the list set out by data protection law. The legal grounds which we rely on are as follows:
- enabling us to provide effective communications with our clients, associates, advisors, suppliers and where applicable members of the general public;
- managing accounts and relationships with clients and third-party suppliers;
- to operate our services efficiently and effectively.
b) CCTV – the legal grounds which we rely on are as follows:
a. Where the images are just of people’s faces, bodies’, cars, clothing etc., then the legal ground we rely on is that such use is necessary to achieve our legitimate business interests, in a situation where your rights are not jeopardised to as to override our interests. The specific legitimate interests are for security reasons, to protect our staff, offices, assets and sites from vandalism and theft and other criminal acts.
b. Where the images are of a more sensitive nature – our justification for recording such images are where relevant:
i. that the personal information is manifestly made public by the individual; or
ii. that we will need to collect, use and retain such information for the establishment, exercise or defence of a legal claim.
c) Marketing – where we do send marketing communications to clients and /or potential clients, we will only do so if we have first obtained their prior consent to receiving such marketing communications.
- enabling us to provide effective communications with our clients, advisors, suppliers and where applicable members of the general public;
- managing accounts and relationships with clients and third-party suppliers;
- to operate our services efficiently and effectively; and
- to protect our assets and our staff.
Your rights in relation to your personal information
If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 9 below. Under certain conditions, you may have the right to:
(a) require us to provide you with further details on the use we make of your personal information;
(b) require us to provide you with an electronic copy of personal information that you have provided to us;
(c) require us to update any inaccuracies in the personal information we hold;
(d) require us to transfer a copy of your personal information to another data controller, in a structured, machine readable and commonly used format;
(e) require us to delete any personal information that we no longer have a lawful ground to use;
(f) require us to restrict our use of your personal information;
(g) where the processing of your personal information is based on us receiving your consent, the right to withdraw your consent at any time;
(h) if we indicate that we use your personal information for direct marketing purposes a right to object to receiving any further direct marketing from us at any time;
(i) complain to the Information Commissioner at any time;
(j) object to our uses of your personal information which are based on the ‘legitimate interests’ legal ground, as indicated above. If any of our uses of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.
Your exercise of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes or protecting legal privilege. If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 9 below.
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to your personal information, by contacting us as set out below.
We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure. However, no transmission of personal information can ever be guaranteed as secure. Consequently, please note that we cannot guarantee the security of any personal information which you transfer to us or which we transfer to you.
firstname.lastname@example.org or +44 (0)7505 992183.