BBRS

Website Privacy Policy

Dated 3rd February 2020

Contents

  1. Introduction
  2. Lawful basis for processing
  3. What data we may collect from you
  4. How we collect information from you
  5. How we use your personal data
  6. Retention of your personal data
  7. Accuracy of your personal data
  8. Security of your personal data
  9. Transfer of your personal data to third parties
  10. Your rights
  11. Cookies
  12. Amendments to this Privacy Policy
  13. Questions in relation to this Privacy Policy

 

1 Introduction

1.1 Who we are

The BBRS website is brought to you by Business Banking Resolution Service, a company limited by guarantee and incorporated in England and Wales with registered number 12096333 and having its registered office at c/o Legalinx Limited, Tallis House, 2 Tallis Street, Temple, London, EC4Y 0AB.

1.2 Purpose of this Privacy Policy

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where information relating to identity has been removed (anonymous data).

We take your privacy very seriously, respect your privacy and are committed to protecting your personal data. As such, we ask that you read this Privacy Policy carefully as it contains important information about:

  1. what personal data we may collect from you through your use of this website, including any data you may provide through this website when you register your interest or submit a claim;
  2. how we will use, store and protect your personal data;
  3. with whom we may share personal data; and
  4. your rights under relevant data protection laws and how the law protects you.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

BBRS is the data controller for any personal data that we process. You can contact BBRS via the contact details below if you have any questions with regards to this Privacy Policy or privacy practices.

This website is not permitted for use by individuals below eighteen years of age and we do not knowingly collect data relating to such individuals.

1.3 Third party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. If you follow a link to any of these third-party websites, please note that we do not accept any responsibility or liability for their privacy statements or for any personal data that may be collected through these websites. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2 Lawful basis for processing

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:

3 What data we may collect from you

We may collect and process different kinds of personal data about you which we have grouped together as follows:

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but it will not constitute personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be processed in accordance with this Privacy Policy.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and information about your health, genetic and biometric data). Nor do we collect any information about criminal convictions or offences.

4 How we collect information from you

We collect your personal data in a number of ways:

5 How we use your personal data

We may use your personal data for the following purposes:

6 Retention of your personal data

We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.

When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 10 below for more information)), we ensure that this data is securely deleted or destroyed.

However, please note that in some circumstances we may decide to retain your personal data for research or statistical purposes and, in such circumstances, we will anonymise your data before retaining it.

For more details about our retention periods, please contact us using the contact details set out below.

7 Accuracy of your personal data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

8 Security of your personal data

In order to protect your personal data, BBRS has appropriate organisational and technical security measures. These measures include restricting access to your personal data to certain employees, ensuring the secure transmission of data from the point where it is captured to the point where it is stored, ensuring suitable encryption is employed where data is stored, ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

9 Transfer of your personal data to third parties

There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.

The third parties to which we may transfer your personal data include:

The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:

As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:

For more information on the safeguards used by BBRS when it transfers personal data to third parties, please contact us using the contact details below.

10 Your rights

You have certain rights in relation to the personal data we process and hold about you. These include:

If you would like to exercise any of the above rights, please:

We will respond to requests made by you within one month. We will not charge a fee for you to exercise any of the rights listed above.

11 Cookies

For more information about the cookies we use, please see our Cookies Policy.

12 Amendments to this Privacy Policy

No changes to this Privacy Policy are valid or have any effect unless agreed by us in writing. We reserve the right to vary this Privacy Policy from time to time. Our updated terms will be displayed on the BBRS website. It is your responsibility to check this Privacy Policy from time to time to verify such variations.

13 Questions in relation to this Privacy Policy

You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO).

We have appointed a data privacy lead (DPL) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Privacy Policy and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPL using the details set out below.

Our full details are:

Full name of legal entity: Business Banking Resolution Service

Email address: DPL@thebbrs.org