Privacy Statement

THE BRITISH OFFICE SUPPLIES AND SERVICES FEDERATION LTD

BRITISH PRINTING INDUSTRIES FEDERATION LTD

Privacy Policy - GDPR READY

21.05.2018

 

BACKGROUND:

British Supplies & Services Federation (BOSS) and British Printing Industries Federation (BPIF) understand that your privacy is important to you and that you care about how your personal data is used and shared online. BOSS Federation services are administered by BPIF employees and therefore BOSS Federation adopts the BPIF’s privacy policies.

We respect and value the privacy of everyone who visits 'Our Sites':

BOSS:

BPIF:

("Our Sites") will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Sites. If you do not accept and agree with this Privacy Policy, you must stop using Our Sites immediately.

Sections

 

1. Definitions and Interpretation

In this Policy, the following terms shall have the following meanings:

"Account" - means an account required to access and/or use certain areas and features of Our Sites;

"Data Controller" - A "Data Controller" determines the purposes and means of processing personal data while a "Data Processor" is responsible for processing personal data on behalf of a controller.

Both BOSS and BPIF are  the "Joint Data Controllers" for the data collected and described in this notice.

"Cookie" - means a small text file placed on your computer or device by Our Sites when you visit certain parts of Our Sites and/or when you use certain features of Our Sites. Details of the Cookies used by Our Sites are set out in section 11, below;

"Cookie Law"- means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;]

"Data protection legislation" - means Data Protection Act 1998 and the EU Regulation 2016/679 - the General Data Protection Regulation ("GDPR");

EEA - European Economic Area ("the EEA") (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).

PECR - means The Privacy and Electronic Communications (EC Directive) Regulations 2003 including amendments 2004, 2011, 2015 and 2016.

"Personal Data" - means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Sites. This definition shall, where applicable, incorporate the definitions provided in the Data Protection legislation.

"We/Us/Our" - means British Office Supplies and Services Federation Limited (a limited company registered under company number 04606197) and British Printing Industries Federation, an unincorporated Employers Association, BPIF Limited, a limited company registered in England under company number 04340242. Inclusive of the 'BPIF Group' consisting of 'BPIF Training Limited under company number: 06875770.

All whose registered address is Unit 2, Villiers Court, Meriden Business Park, Copse Drive, Coventry CV5 9RN.


2. What Does This Policy Cover? 

This Privacy Policy applies only to your use of Our Sites. Our Sites may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

 

3.Your Rights

a) The right to be informed about our collection and use of your personal data.

b) The right to access the personal data we hold about you.

c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.

d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have (there are certain exceptions to this right).

e) The right to restrict (i.e. prevent) the processing of your personal data.

f) The right to object to us using your personal data for a particular purpose or purposes.

g) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

h) We do not do any automated decision making and profiling.

i) The ability to opt-in and opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and if you are a member at the point of providing your details and by managing your Account on the BOSS website at: www.bossfederation.com/member-homepage.html or the BPIF website at www.britishprint.com/managemyaccount.

j) You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service ("the TPS"), the Corporate Telephone Preference Service ("the CTPS"), and the Mailing Preference Service ("the MPS"). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

For more information about our use of your personal data or exercising your rights as outlined above please see part 8, please contact us using the details provided in Part 12.

Further information about your rights can also be obtained from the Information Commissioner's Office or your local Citizens Advice.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office: https://ico.org.uk/

 

4. What Data Do We Collect? 

Personal data is any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

Depending upon your use of Our Sites, We may collect some or all of the following personal and non-personal data. Please also see section 11 on Our use of Cookies and similar technologies and Our Cookie Policy:

4.1 name;

4.2 date of birth;

4.3 gender;

4.4 business/company name;

4.5 job title;

4.6 profession;

4.7 contact information such as email addresses and telephone numbers;

4.8 demographic information such as post code, preferences, and interests;

4.9 financial information such as credit / debit card numbers;

4.10 computer accessing website such as IP address; web browser type and version, operating system;

4.11 a list of URLs starting with a referring site, your activity on Our Sites, and the site you exit to;

We collect the above information to be able to contact you to deliver services you have requested and to help ensure you get the right information. In addition to fulfil our contractual obligations and to comply with legal obligations to third parties e.g. regulators and funding bodies and to respond to claims and complaints.

 

5. How Do We Use Your Data? 

We must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:

5.1 Providing and managing your account.

5.2 Providing and managing your access to Our Sites to make sure your use of the site is as effective as possible.

5.3 Supplying our products and services to you. Your personal details are required in order for us to enter into a contract with you.

5.4 Personalising and tailoring our products and services for you.

5.5 Analysing your use of Our Sites and gathering feedback to enable Us to continually improve Our Sites and your user experience; Communicating with you for purposes including contract management, product and service provision and to support your business requirements. This may include responding to emails, text messages, post or calls from you.

5.6 Supplying you with information by email and post that you have opted-in to.

5.7 With your permission or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message, post with information, news, and offers on our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out (members may unsubscribe or opt-out at any time by visiting www.bossfederation.com/member-homepage.html

5.8 To claim funding from Government to contribute towards or cover the costs of your training.

5.9 To register you with relevant accreditation or awarding bodies.

5.10 To comply with appropriate Government rules.

5.11 We may use Third Parties cookies on our website, please see section 11 for more information.

All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. For more details on security see section 7, below.

 

6. How Long Do We Keep Your Data? 

We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.

Typically we will retain your data for 8 years after the end of contract unless there is a legal reason that we need to keep it for a different period. Any data submitted to the BOSS or BPIF recruitment area of the websites will be deleted a year after upload.

Where we have never had a contract with you we will typically keep your data for 5 years.

We may keep your data for longer where this is necessary for legal, statistical or historical research purposes. However, we will ensure all personably identifiable information is removed where technically feasible. We will maintain the security and protection of any information we hold.

 

7. How and Where Do We Store Your Data? 

We will only store or transfer your personal data within the European Economic Area. The security of your personal data is essential to us and to protect your data, we take a number of important measures, including the following:

7.1 All Data is sent securely via https on our website.

7.2 Based on risk assessments where required high risk data is encrypted.

7.3 Access to our systems requires a secure connection.

7.4 BOSS and BPIF annually assess our Cyber Security via IASME and currently hold Cyber Essentials as well as completing an annual penetration test on our systems and website annually.

7.5 We also annually assess our PCI BSS Compliance.

7.6 We take confidentiality seriously. We implement appropriate internal security procedures that restrict access to personal data. These procedures are reviewed from time to time and updated where appropriate.

7.7 Where data is shared with third parties they are bound by contract to do the same.

 

8. Do We Share Your Data?

8.1 We may share your data with other companies in Our group (see section 1)

8.2 We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under data protection legislation.

8.3 We may compile statistics about the use of Our Sites including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

8.4 We may sometimes use third party data processors that are located outside of the UK. Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under data protection legislation to industry best practise.

8.5 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.

8.6 We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

8.7 In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.

 

9. Your Right to Withhold Information

9.1 You may access certain areas of Our Sites without providing any data at all. However, to use all features and functions available on Our Sites you may be required to submit or allow for the collection of certain data.

9.2 You may restrict Our use of Cookies. For more information, see section 11 and Our Cookie Policy.

 

10. How Can I Exercise My Rights?

10.1 If you want to exercise your rights over your personal data you can ask Us at any time using the details in part 12. There is not normally any charge for such a request. If your request is 'manifestly unfounded or excessive' (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your request within one month.

Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

 

11. Our Use of Cookies

11.1 Our Sites may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Sites and to provide and improve Our products and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.

11.2 By using Our Sites you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. Third party Cookies are used on Our Sites to improve your experience. For more details, please refer to section 11 below. These Cookies are not integral to the functioning of Our Sites and your use and experience of Our Sites will not be impaired by refusing consent to them.

11.3 All Cookies used by and on Our Sites are used in accordance with current Cookie Law.

11.4 Before Cookies are placed on your computer or device, you will be shown a pop up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Sites may not function fully or as intended.

11.5 Certain features of Our Sites depend on Cookies to function. Cookie Law deems these Cookies to be "strictly necessary". These Cookies are shown below in section 11. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser's settings as detailed below in section 11, but please be aware that Our Sites may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

11.6 Our Sites uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Sites and the products and services offered through it. You do not have to allow Us to use these Cookies, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Sites, it does enable Us to continually improve Our Sites, making it a better and more useful experience for you.

 

The following Cookies may be placed on your computer or device

- Strictly necessary Cookies - these Cookies enable services you have specifically asked for.

2 - Performance Cookies - these Cookies collect anonymous information on the pages visited.

3 - Functionality Cookies - these Cookies remember choices you make to improve your experience.

4 - Targeting Cookies or advertising Cookies - these Cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.

To view a full table of all cookies with category, description, expiry and relevant website/s for BOSS click here and for BPIF click here

11.7 In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

11.8 You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Sites more quickly and efficiently including, but not limited to, login and personalisation settings.

11.9 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

 

12. Contacting Us

If you have any questions about Our Sites or this Privacy Policy, please contact Us by email at hello@bossfederation.co.uk by telephone on 01924 203338, or by post at Unit 2, Villiers Court, Meriden Business Park, Copse Drive Coventry CV5 9RN for the attention of Amy Hutchinson.

 

13. Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Sites and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Sites following the alterations. We recommend that you check this page regularly to keep up-to-date.

 

14. Information About Us

www.bossfederation.co.uk is  owned and operated by British Office Supplies and Services Federation Ltd, a limited company registered in England under company number 04606197. British Printing Industries Federation, a limited company registered in England under company number 04340242 whose registered address is Unit 2, Villiers Court, Meriden Business Park, Copse Drive, Coventry CV5 9RN owns and operates all other mentioned sites. Both BOSS and BPIF’s  main trading address is Unit 2, Villiers Court, Meriden Business Park, Copse Drive, Coventry CV5 9RN.

Our Person responsible for Data Protection for BOSS is Amy Hutchinson who can be contacted at hello@bossfederation.co.uk by telephone on 01924 203338, or by post at Unit 2, Villiers Court, Meriden Business Park, Copse Drive, Coventry CV5 9RN or for BPIF is Charles Jarrold who can be contacted by email at hello@bpif.org.uk, by telephone on 01676 526030, or by post at Unit 2, Villiers Court, Meriden Business Park, Copse Drive, Coventry CV5 9RN.