The GDPR gives data subjects a right to be informed, and this privacy notice will continue to be updated as required with the latest version always available to read here on the website. If there is a substantial change in the future, however, we will do our best to inform you of the details.
As always, the BBA remains committed to the protection of personal data and commercial information. If you have any queries about the data privacy notice, please email email@example.com.
The British Board of Agrément (BBA or We) is committed to protecting and respecting your privacy. The BBA is a company limited by guarantee, registered in England under company number 878293. The BBA’s registered office is Bucknalls Lane, Garston, Watford, Hertfordshire, WD25 9BA.
For the purpose of Data Protection legislation, the data controller is BBA.
To contact BBA on a data protection issue, please email firstname.lastname@example.org
We may collect and process the following data about you:
Most of the personal data we process are data that you already know, and provide to us. You may give us information about you by submitting information to the Website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use the Website, subscribe to any service or if you report a problem with the Website. The information you give us may include personal data such as:
Your email address
Your phone number
It is necessary for to provide the personal data we need to be able to respond to any enquiry you send to us, or to prepare or fulfil a contract with you. If the personal data are not provided, we may be unable to respond to you or provide the services you are requesting.
If you are applying for a job at BBA, the information you provide may include more extensive personal data. There is an appendix to this document describing the processing of personal data for job applicants here. The data privacy notice for employees is a separate document, and is available to all BBA staff.
With regard to each of your visits to the Website we may automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our client services number.
We may receive information about you if you use any of the other websites we operate or any other services we provide. We may also receive information about you if you are the customer of a BBA client (for example, a customer of one of our approved installers for whom we carry out site inspections as part of ongoing approval). We may also receive personal data as part of complaints or reports from third parties. We may receive contact information from third parties for marketing purposes; these data will only be used or processed if doing so is compliant with the Data Protection Legislation.
Information is processed according to data protection legislation.
We will use this information:
to respond to enquiries submitted on the Website1;
to carry out our obligations arising from any intended or active contracts entered into between you and us and to provide you with the information or services that you request from us2;
to carry out processing relating to complaints, appeals and whistleblowing1;
to carry out processing for recruitment1;
to provide you with information about other services we offer that are similar to those that you have already enquired about1;
to send you our newsletter (if you have subscribed to this) 3; to notify you about changes to our service1; to ensure that content from the Website is presented in the most effective manner for you and for your computer1.
The superscripted numbers above indicate the lawful basis of processing for each of the above uses:
1 – legitimate interests – to carry out the necessary processing to answer enquiries, to maintain the effectiveness of the website, and to carry out business, marketing and recruitment activities.
2 – contractual necessity – to carry out the necessary processing to prepare and perform contracts
3 – consent (which you may withdraw at any time, including by using the Unsubscribe link sent with each newsletter email)
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
If you are the customer of a BBA client, we may use the information to monitor client installations, and/or to carry out site inspections. If you are applying for a job at BBA, we may receive personal data about you from third parties such as educational establishments, previous employers or references. The lawful basis of this processing is legitimate interests.
We will use this information:
to administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; to improve the Website to ensure that content is presented in the most effective manner for you and for your computer; as part of our efforts to keep the Website safe and secure.
We may share your information with selected third parties including:
business partners (such as the owners of schemes we operate, e.g. Federation of Master Builders, TrustMark) other companies within the British Board of Agrément group (currently BBA Consultancy, Investigation and Training and BBA (EU) Certification Ltd) suppliers regulatory authorities who may require access to documents containing personal data as part of their supervisory activities (e.g. United Kingdom Accreditation Service, Information Commissioner’s Office) and other external auditors (e.g. Achilles, Hillier Hopkins) subcontractors and other third parties for the performance of any contract we enter into with you (this could include occasions where inspections are sub-contracted) analytics and search engine providers that assist us in the improvement and optimisation of the Website.
We may disclose your personal information to third parties to obtain legal advice or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
We will not disclose your personal information to third parties other than as set out in this clause without your prior written consent.
All information you provide to us is stored on our secure servers. Any online payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Contact details provided as part of the preparation or fulfilment of a contract (for example, for product approval, inspection or testing): documents containing personal data, such as correspondence, will be retained on the job files while the approval or equivalent remains valid, and for as long after that as information may need to be available for commercial or auditing reasons. This is required as audits often require the ability to go back through the history of an approval, inspection or test. Job files will not, however, be used as the primary source of contact details. Contact details are also retained for the length of an approval or certificate in order to provide contacts with correspondence relevant to our service with them, such as policy or service changes.
Contact details used for newsletter distribution, marketing or other updates: these are retained until a request is made for erasure or rectification, or until BBA is made aware that they are invalid.
Personal data from job applications: personal data from unsuccessful job applications (e.g. CVs, interview notes) will be retained for twelve months after they are received by BBA, unless otherwise agreed between BBA and the applicant. Personal data from successful job applications are transferred to Personnel Files.
For the avoidance of doubt, where there is a legal requirement to retain personal data, this will be complied with, taking precedence over any BBA retention policy.
The Data Protection legislation gives you a number of rights concerning the personal data we hold about you.
You have the right to access personal data held about you. To submit a request to access personal data, please click here. You can send the completed form to email@example.com. BBA will acknowledge your response shortly after it is received, and we will let you know whether there is any further information we need. We aim to respond to your request as soon as possible, and in any case within one month.
In some situations, you have the right to request that personal data we hold about you is rectified (corrected if it is inaccurate) or erased (deleted). You also have the right to request that your personal data is only used for some elements of processing, and you have the right to object to the processing of your personal data for one or more purposes. If you wish to make any of these requests, please complete the Data Subject Request Form or email firstname.lastname@example.org.
If BBA is processing personal data on the basis of consent, you have the right to withdraw consent at any time. This does not affect processing already carried out on the basis of previous consent. BBA will try to make this easy for you in cases where we rely on consent as the basis for processing, such as including an ‘unsubscribe’ link on emails. Alternatively, please email email@example.com with your request.
The UK Supervisory Authority for data protection is the Information Commissioner’s Office (ICO). If you believe that BBA is not complying with data protection legislation, we would encourage you to contact us first, but if you are not satisfied with our response, you have the right to report a concern to the ICO. Information is available from their website https://ico.org.uk/