Privacy Notice for Building Analysis & Testing Ltd issued in accordance with General Data Protection Regulation (GDPR)
Introduction This Privacy Notice is to let you know how we handle your personal data. This includes what you tell us about yourself. This Privacy Notice explains our approach, your privacy rights and how the law protects you. Your personal data is any information relating to you from which you can be identified. You can choose not to give personal data. Wherever we refer to “processing” of personal data in this Privacy Notice this includes any combination of the following activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. This Privacy Notice only applies to personal data collected by or on behalf of Building Analysis & Testing Ltd via the company’s website or by any other means.
Our Commitment We commit to:
• Keeping your personal data safe and only processing it on a valid legal basis;
• Keeping our records up-to-date and deleting or correcting inaccurate personal data;
• Deleting your personal data after it is no longer needed for the purpose we collected it for;
• Not selling your personal data;
Legal Basis for Processing Your Personal Data We need to have a proper reason under the GDPR whenever we process your personal data ourselves or share it with others outside of BAT Ltd. These reasons are:
• To fulfil a contract we have with you or to take steps at your request prior to entering into a contract with you;
• When it is our legal duty;
• When it is in our legitimate interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights or freedoms; or
• When you consent to it.
A legitimate interest is when we have a business or commercial reason to process your personal data, but this must not unfairly go against your rights. If we rely on our legitimate interest, we will tell you what that is. We will not process any information on you that is considered to be ‘special category data’, for example; health records or information about your race, religion or sexual orientation.
Information We Collect and How We Collect It We may collect personal data from you in the following ways:
• When you make an enquiry,
• When you contact us in person, over the telephone, by email, by post or social media;
• When you apply for our products and services;
• When you use our services; or
• Payment and transaction data
We may collect your personal data from third parties we work with including:
• Companies that introduce you to us;
• Suppliers of materials and equipment;
• Trade contractors;
The type of information we may ask you to provide about yourself and therefore collect includes, but is not limited to:
• Contact details such as your name, address, contact telephone number (mobile and landline) and email address;
• The nature of your enquiry;
• Contractual details about the products or services we provide to you;
• Bank Details
• Locational data we get about where you are, such as data that may come from your mobile phone or the address where you connect a computer to the internet;
• Technical details on the devices and technology you use;
• Communications: what we learn about you from letters, emails and conversations between us;
• Open data and public records details about you that are in public records, such as the electoral register, and information about you that is openly available on the internet;
• Documentary data details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.
Please note that we may require this information to be able to respond to your enquiry or to provide our services or marketing information to you. You can however at any time tell us to change or remove any personal data or to stop or restrict the processing of your personal data.
How We Use Your Personal Data We may use the personal data collected/provided by you to:
• Ensure that content from our website is displayed in the most effective way for you and for your computer/device;
• Respond to your enquiry;
• Send you information about similar services;
• Notify you about changes to our service;
• Monitor customer service including processing customer satisfaction surveys;
• Keep our records up to date;
• Make and manage customer payments;
• Collect and recover money that is owed to us;
• Comply with laws and regulations that apply to us;
• Detect, investigate, report, and seek to prevent financial crime and fraud;
• Manage risk for us and our customers;
• Respond to complaints and seek to resolve them;
• Run our business in an efficient and proper way.
This includes managing our financial position, business capability, planning, communications, corporate governance, and audit. Under the General Data Protection Regulation (GDPR) the lawful basis BAT rely on for processing the above information is either to comply with our Legal Duty or it is in our Legitimate Interest or the Legitimate Interest of a third party, except where such interests are overridden by your interests or your fundamental rights or freedoms.
Sharing Your Personal Data We may disclose your personal data to third parties in certain circumstances but we will not sell, rent or trade your personal data. Where relevant, we may give third party providers who supply services to us, or who process personal data on our behalf, access to your personal data in order to help us to process it for the purposes set out above. When doing so, we will ask them to confirm that their security measures are adequate to protect your personal data. Within the purposes set out above we may share your personal data with the following third parties:
• With your consent, we will pass your personal data on to third parties, e.g. if you ask us to put you in contact with professional advisors.
• We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contracts with you, or to protect our rights, property, or our safety and/or the safety of our customers, or others.
• We may need to confirm your identity before we provide products or services to you or your business. We may also share your personal information as needed to help detect fraud and money-laundering risks. We may use solicitors and other advisers for these purposes. We may allow law enforcement agencies to access your personal data. This is to support their duty to detect, investigate, prevent and prosecute crime.
There is no automated decision making or profiling that is made using personal data.
Protecting Your Information
We will seek to keep your personal data secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage. Only authorised personnel and third parties will have access to your personal data. We will retain your personal data for no longer than the period of time needed for the purposes that we collected the data and for as long as we have legal grounds to retain it. There is no fixed period after which all record of your personal data will be deleted as this will depend on the circumstances and the purposes of the processing but we will take steps and maintain policies to keep retention under proper review. We will not seek your consent before deleting any personal data.
Your Data Protection Rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
Your right to complain to the regulator – If you are unhappy with how we have processed your personal data you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) which is the UK supervisory authority for the processing of personal data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
However we would appreciate you letting us know directly if you are unhappy with how we have processed your personal data via the contact details below:
Address: Lower Ground Floor, School House, Bristol Road, Wraxall, Bristol, BS48 1LE
Phone Number: 01275 866300
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
You can find further information about the new law and how it applies to you from the Information Commissioner’s Office at ico.org.uk.