BCR Ltd Data Privacy Notice

Updated: April 2022

Introduction

The GDPR (General Data Protection Regulation) and the Data Protection Act 2018 obliges any organisation that stores personal data about natural living persons to ensure that those people understand: what data is being stored about them; why it is being stored and what is done with it.

This privacy notice explains what BCR’s data processing activities are. It explains what information is processed about you and for what that data is used for.

Our policy

BCR Publishing Ltd only collects and stores data for which we have a legitimate and proportional use. We undertake to process personal data securely in accordance with UK Law and EU data security principles.

Roles

Data controller and data processors

BCR Publishing Ltd is the Data Controller of data pertaining to: customers, suppliers, subscribers to our newsletters and staff (hereafter “you”, “your”). BCR (hereafter “we”, “our”) may make use of third-party service providers (processors) such as online databases, online forums, email management services, event management companies, course and content delivery services, financial systems, print and mailing houses and online backup/storage facilities.

Using these processors may require the transfer your personal information outside of the UK or EU. We are required to ensure that when we need to do this we comply fully with all aspects of the GDPR to ensure your data is suitably protected.

Information Commissioners Office

We recognise the Information Commissioner’s Office (ICO) in the UK as our lead supervisory
authority. We are registered with the ICO as a data controller reg No: ZA487925

Our legal basis for processing your data

1) Fulfilment of contract. By purchasing a subscription for any of our publications or services you have entered into a contract with us. We may store relevant data prior to this in the process of negotiating a contract.
2) Legal Obligation. As a UK Limited company and VAT registered entity, we are bound by law to hold suitable records of transactions, and make these available to relevant authorities on request.
3) Consent. You will be asked to consent to us storing your data. You will be informed of the data we store and the purpose for which it is used at the time. You may withdraw this consent at any time. If we wish to use this data for another reason, we will contact you to explain this change and ask you to renew this consent.
4) Legitimate interest. We offer specialised services to a limited professional market and as such we carefully collate data from a number of publicly available sources such as the press, industry announcements, trade directories, LinkedIn, attendance at related events, and referrals, however you are in control of your data and may ask us to cease emailing you or delete your details from our marketing database or delete your details entirely (please see your rights below). We do not source data from other forms of social media such as Facebook or Twitter.

We may share your details with 3rd parties should we need to recover monies or goods etc., or to defend any legal action.

Your rights

You have the following rights:

  • The right to be informed (this is the purpose of this document along with any consent you give);
  • The right of access (you may request a copy of your data. We will deliver this within 30 days unless your request is very complex. We will inform you if this is the case);
  • The right to rectification (you may ask us to correct your data at any time);
  • The right to erasure (where consent is the legal basis of processing);
  • The right to restrict processing (you may ask us not to process your data but not erase it);
  • The right to data portability (you may ask us for a copy of the data in an appropriate format);
  • The right to object (where data is not being processed for legal obligation or certain legitimate interests);
  • Rights in relation to automated decision making and profiling. (We do not engage in this).

We will erase your data in a timely fashion, subject to UK legislation and guidance from UK government agencies in respect of company record retention.

What we process

We process contact data such as name, business address, geographical location, employer’s name, job title, email and telephone numbers and details of your areas of interest and speciality. We may also collect and store your responses to our marketing communications (automated and personal). We do not process or seek to process special (sensitive) data or data about people under the age of 18.

If you attend one of our events you may feature in publicity material, including photo and video material.

Our website uses cookies, and these are explained in our cookie policy and preferences you can set.

Why we need your data

We use data collected to: deliver subscribed material (both bought and free), marketing, event management, place orders; collect monies due; and maintain contact electronically, marketing and via printed publications.

We may, on occasion, process and produce anonymised data for the purposes of statistical analysis for our own uses or to make public. We do not sell personal data to third parties.

Sources of data

Most of the data we collect will be given by you, but we may also record data such as event attendances and other sources – see legitimate interests above.

Who we share data with

Event organisers: If you book, speak at, sponsor, exhibit or attend an event we may share your name and other details with the organiser so that they can arrange personalised material.
Bishops printer, Eazyprint, Leaflet Frog, Zenith Media: Your details may be printed in our publications either as part of editorial content, attendance registers or advertising. Your contact details may be shared with our printer for addressing purposes.
Hubspot – Email marketing platform: We use this platform to manage our marketing emails to you. We receive performance information based on you opening or forwarding any emails sent via this method.
Hubspot – CRM database: This is our marketing database in which we store contact details.

Microsoft Inc: We use MS Office 365, including SharePoint and OneDrive for data storage.
YouTube: We use this to deliver video articles and content on our website and via other marketing platforms. YouTube is part of Google and has its own privacy policy.
Stripe: We offer the opportunity to pay for goods and services by Stripe. We do not store any data in relation to this except information related to the payment status of your account; this information includes your payment card type and last four digits, postal code, country of origin, payment expiration date, and any email address associated with the payment type. For additional information, we recommend that you review Stripe’s Privacy Policy.
Xero accounting software: We use a hosted accounting package to process records of sales ledger and bought ledger as well as related financial transactions.
Legal representatives and collections agencies: We may on occasion share specific and proportional data in order to pursue our legitimate interests.

Your right to complain

If we fail to comply with any of your requests within the prescribed time limits you may complain to the ICO.

Contacting us

We have appointed a data protection officer (DPO) who will be the point of contact for data privacy related enquiries. Our DPO can be reached at dataprivacy@bcrpub.com or by writing to us at: BCR Publishing Ltd, Data Privacy Officer, 3 Cobden Court, Wimpole Close. Bromley, Kent, BR2 9JF. We may take steps to ensure your identity before responding to you. Normal updates and requests may still be directed to the relevant contacts at BCR.

 

 

To top