What is GDPR?
GDPR stands for the General Data Protection Regulation which came into effect in the EU on May 25th 2018. This new legislation is all about giving you greater security, transparency, and control over your personal data.
These changes apply to:
• Companies located in the EU;
• Companies not located in the EU if they offer free or paid goods or services to EU residents or monitor the behaviour of EU residents, or if your website has visitors from the EU.
The BTA Team
BTA are committed to protecting your privacy. We comply with the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulations (PECR) and other relevant legislation in maintaining high standards in our use and storage of your personal data.
“Personal information” is information that allows a person to directly identify an individual, such as name or email address, and information that we combine directly with such identifying information.
• Collection and use of data
• Your rights
• Length of time any data we collect is kept
Collection and use of data
We collect personal data from you when you enquire about one of the positions we are recruiting or request a product or service directly from us. For example you will provide personal data to us when you register on one of our websites, enquire about or apply for a job, register to attend an event or conference, send us your CV, request a newsletter/bulletin or enter a competition.
The information we collect may include all or some of your contact details (e.g. name, email address, phone number and postal address).
We may also research publicly available sources (e.g. websites and LinkedIn) and use external suppliers to identify business contacts who are likely to be interested in the products and services we have to offer. We will only collect the minimal amount of information required for this purpose (e.g. name, job title, company and contact details) and when we contact you we will always provide you with an easy way to object to us continuing to retain your personal data.
Legal grounds for processing personal information
We rely on one or more of the following processing conditions:
• Our legitimate interests in the effective delivery of information and services to you.
• In many circumstances we will have a contract in place; where this is the case, this will be the basis of processing your information. This enables us to respond to you when you express an interest in our products and services and to fulfil any requests.
• Explicit consent that you have given. In some circumstances we rely on your specific consent, whereby you actively agree and “opt-in”. We will always make it clear how you can withdraw you consent or opt out of any of our marketing messages at any time (this is normally shown at the bottom of our emails).
• Legal obligations. There will be circumstances under which we are legally obliged to hold your personal data or required to disclose it to a third party by law.
We specifically rely on legitimate interest to:
• Send you marketing communications and personalise marketing content we provide to you about our jobs and or products and services • Undertake business sales and advertising activities • Research publicly available business contact details
How we use your personal data
We will use your personal data for purposes which include:
• Responding to an enquiry you make about our products and services.
• Delivering our products and services.
• Sharing your details with an organisation we are acting on behalf of to recruit a position.
• Registering you to attend an event.
• Administering your account.
Sending you specific communications about a product or service. We will only send you direct marketing communications when you have either provided your consent (e.g. ticked a box or clicked a “button” to submit a form) or where we believe we can demonstrate a legitimate business interest and have balanced this with your interests and privacy. There will always be an unsubscribe link on any marketing email you receive from us.
• Fulfilling draws and competitions.
• Delivering customer services.
• Shared content. We sometimes provide shared content such as webinars, blogs, expert reports, whitepapers, surveys or events in relation to the third sector or recruitment. We will publish such information on our website and to interested people in the interest of sharing third sector knowledge and understanding.
• We do not allow employers to search for a CV which is uploaded to our database. We do not send CVs to employers who use our executive search service without the express permission of the candidate. Any personal details are removed.
Under data protection law you have a number of rights. These are aimed at giving you control about how your personal data is used by us.
You can request a copy of the personal data we hold relating to you, and the purposes for which we are using it. This is known as a Subject Access Request. You can also request your personal data to be deleted. In responding to such a request we may ask for proof of your identity, to ensure we do not inadvertently send your personal data to another person. We will respond to any such requests as soon as possible, but at least within one calendar month.
Ensuring your personal data is kept and transferred securely is of the highest importance to us. We hold your personal data on our secure systems, mainly based within the UK and the European Economic Area (EEA). Where we employ service providers, we have appropriate agreements in place to ensure your personal data is protected.
Your personal data may be transferred to a country outside the European Economic Area (EEA). This may be required for the purposes of our staff based outside the EEA or where a supplier of a service is based outside the EEA. We will take all reasonable steps necessary to ensure your personal data is treated securely. This includes the use of Binding Corporate Rules and Model Contractual Arrangements as approved by the European Commission, and the EU-US Privacy Shield.
We are committed to protecting the security of the personal data we hold. We take appropriate measures to ensure your personal data is kept securely and to prevent any unauthorised access.
How long do we keep your personal data?
The length of time we keep your information for varies depending on the products and services we are providing to you. We will only keep your personal data for a reasonable period of time and we base this on the purpose for which we are using it.
There will be circumstances in which we keep a strictly minimal amount of information about you, for example, to ensure we can honour an objection to receiving direct marketing. We will also, in some circumstances, be required to retain personal data for a longer period of time for contractual or legal reasons. We use a number of web services to promote our services, e.g. YouTube. These could set cookies or track your activity– for full information you should read the privacy policies of these sites. Google AdWords – We use Google AdWords to promote our products and services through Google’s advertising opportunities.
Google Analytics – We use Google Analytics to provide insight into how visitors find and use our web pages so that we can evaluate and develop them.
• Call us on 01786 542224 (and ask for the Data Protection Officer for BTA)
• Email us: [email protected]
• Write to us: BTA Jubilee House, Forthside Way, Stirling FK8 1QZ
If you are not satisfied with our response to your query, you may wish to raise this with the Information Commissioner’s Officer (ICO) on their website (https://ico.org.uk/make-a-complaint/your-personal-information-concerns/) or by writing to them at: Customer Contact Information Commissioner’s Office Wycliffe House Water Lane Wilmslow SK9 5AF