The Professional Business Development Consultancy Limited is the controller and our Data Protection Officer (DPO) is Peter Kane. If you have any requests concerning your personal data or any queries with regard to how we handle your data you can contact the DPO by phone on 0117 908 4628, email email@example.com or write to us at DPO, The BD Consultancy, Park House, 10 Park Street, Bristol, BS1 5HX.
Purpose of processing your personal data
|Activity||Purpose of processing||Lawful basis|
|Completing a form on the website||Provide you with information about our products and services||Consent|
|Registering for an event||Dealing with your request to attend an event||Consent|
|Making an enquiry||Providing you with information about our products and services||Consent|
The legal bases on which we rely are:
Consent – Gaining consent is part of our client onboarding process. Whenever we create a new contact in our Salesforce database, we ask for and then record their consent and the date. We also record each time somebody signs up for our newsletter via our website and remind customers of their right to withdraw consent at any time.
Contract – processing is necessary for us to administer the pre-contract and contractual relationship between ourselves and our suppliers/clients/potential employees in connection with the performance of a contract.
Legitimate interests – We only contact business people who operate within the sector that we are servicing via corporate email addresses. This will be with the interest of generating new business on their behalf to expand the business and make it more successful. Every email we send has a message regarding opt out/unsubscribe options.
We will never pass your personal data on to any third parties for marketing purposes, unless you instruct us to do so.
We occasionally clarify existing contact details either via telephone or company websites, but we always provide the opportunity to opt out at any time. We also do not pass on information to third parties.
We would like to use your personal data to send you details of products or services that we offer that we have identified as likely to be of interest to you. We will only send you information in line with the preferences you indicated when you provided your personal data. We use the marketing channels post, email, SMS, phone and social media to send this information.
If at any point you would like to opt-out of receiving communications from us, or would like to change the channels (such as email or post) that we use to contact you, please contact our DPO Peter Kane at firstname.lastname@example.org, or write to us at DPO, The BD Consultancy, Park House, 10 Park Street, Bristol, BS1 5HX.
2. Recipients/categories of recipients
In carrying out our business, including our obligations to you, we may use sub-contractors. These will be partner marketing providers, email broadcasters e.g. Campaign Monitor/database providers e.g. Salesforce. We will ensure that they respect your privacy and abide by all data protection laws.
3. Transfers to third countries
The personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
- the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal; or
- there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
4. Retention periods
We will keep your personal data in connection with the services/products we have provided for 7 years after the last purchase. We need to retain this data for our own accounting purposes and for legal and tax purposes.
In terms of personal data we use for marketing, we will keep this data for as long as you give us your consent. If you withdraw your consent or opt-out of marketing communications, we will archive your contact details only to ensure that we do not contact you again for marketing purposes.
5. Data subject’s rights
You have rights in respect of your personal data. We will need to confirm your identity before we can consider your request so, if you wish to exercise any of these rights, we will need to see proof of identity to ensure you are the data subject. These can be in the form of a passport, driving licence or utility bill.
Right of access – you have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/
Right to erasure – this right, often referred to as ‘the right to be forgotten’ allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/
Right to data portability – you have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/
Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.
- Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.
- Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.
- Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.
If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/
Rights relating to automated decision making including profiling – you have the right in respect of automated decision making, including profiling. Where we carry out solely automated decision making, including profiling, which has legal or similarly significant effects on you, we can only do this if it is in connection with a contract with you, we have a right under law or if you have provided your explicit consent. We will tell you if this happens and tell you how you can request human intervention or challenge the decision. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/rights-related-to-automated-decision-making-including-profiling/
6. Processing based on consent
Where we process your personal data based on your consent you have the right to withdraw that consent at any time without reason. You can opt-out by using the unsubscribe/opt-out in any marketing we send you and you can contact the DPO at the contact details above.
7. The right to lodge a complaint to the supervisory authority
If you are unhappy with any aspect of our handling of your data you can make a complaint to the ICO – https://ico.org.uk/concerns/
8. Contractual requirement to provide personal data
The personal data that you provide to us is necessary for us to carry out the contract you have entered into with usto fulfil our contractual obligations. The personal information we receive when we send out a letter of engagement includes names, email addresses and company billing details. Without this information, we cannot engage in a contract.
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on http://www.allaboutcookies.org/
Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instruction on http://www.allaboutcookies.org/. Please note however that turning off cookies will restrict your use of our website.
Cookies we use
|Cookie||What it does||How to disable and consequences|
|__atuvc||AddThis social sharing widget – 3rd party cookie – Functionality||Block in browser – Loss of functionality|
|__atuvs||AddThis social sharing widget – Functionality||Block in browser – Loss of functionality|
|__hssc||HubSpot platform for website analytics||Block in browser – Loss of functionality|
|__hssrc||HubSpot platform for website analytics||Block in browser – Loss of functionality|
|__hstc||HubSpot platform for website analytics||Block in browser – Loss of functionality|
|_gat||Google Universal Analytics – performance||Block in browser – Loss of functionality|
|_ga||Google Universal Analytics – this cookie is used to distinguish unique users||Block in browser – Loss of functionality|
|_gid||Google Universal Analytics – performance||Block in browser|
|cookieconsent_dismissed||Cookie Consent plugin – hides cookie bar||Block in browser – cookie bar shows|
|hubspotutk||HubSpot platform for user authentication||Block in browser – Loss of functionality.|
|SESS…….||Tell the website when the user came on the site||Disable in browser – Functionality and performance|
10. Third party websites