GDPR STATEMENT: KEEPING DATA SAFE – MAKING WORK POSSIBLE
Dear BSA Hi Viz Reader,
You will have heard that with the new European Directive of the General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018 effective on 25th May, that there are new consent requirements. Our Privacy Notice sets out what data we hold, the legal basis on which we hold it and how we use it. The following is an extract:
Our reason for holding data
We are primarily a business to business organisation that uses personal data to identify people who represent clients (companies or organisations or in some cases, private individuals) and suppliers. In addition, we hold data essential to the employment of staff.
We use this data for the purposes of the work that we carry out so that projects may be recorded or situations communicated.
We also use the personal data to keep clients, prospective and past clients, project associates (professionals that are working alongside our clients) and staff informed about updates in legislation, good practice, billing, seminars, news and marketing communications.
Legal basis for holding data
BSA holds data primarily on the basis of Contract and Legitimate Interest but also where required, by Legal Obligation and in the case of contacts known to be individuals or partnerships for the purposes of email communications not required for specific ongoing projects, by Consent.
Data Protection Policy
BSA aims to only hold data required for the running and development of the BSA business, to protect any such data to a degree proportionate to the sensitivity of the data and to securely delete data or copies of data when no longer required.
Sharing of Personal Data and Retention
We will share personal data for the purposes of projects especially as required under the CDM Regulations 2015 and subsequent or similar legislation, with other companies or organisations that are working on the same project or as required by bodies such as the Health & Safety Executive (HSE) or the courts.
We will retain project related data for as long as required by the client or connected party or as legally required.
Personal data for individuals representing companies will be retained for general communication purposes unless the contact ‘Unsubscribes’ to receiving the general communications.
We may mention other companies or services but we will not share contact details with third parties for marketing purposes.
We may update our Privacy Policy from time to time but we hope to spend most of our time ‘Keeping People Safe and Making Work Possible’!