Data Privacy Notice
Glossary of Terms
What is personal data?
Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):
- Names and contact information such as e-mail(s), company address and telephone numbers.
What is a Data Controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
The data controller is Brovanture Ltd, registered office: The White House, 2 Meadrow, Godalming, Surrey, GU7 3HW.
The data protection officer is Daryl Spires who can be contacted at the above address or on email@example.com or by calling 01483 685450.
What is a Data Processor?
A “data processor” is a person or organisation which processes personal data for the controller.
What is Data Processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What do we mean by Business to Business?
PLC, LTD, LLP incorporated partnerships, trusts and foundations, local authorities and government institutions.
What information do we collect about you and how?
Brovanture Ltd, as a Data Controller, is bound by the requirements of the General Data Protection Regulations (GDPR).
We collect information about you when you fill in any of the forms on our website i.e. sending an enquiry, signing up for an event, filling in a survey, giving feedback etc. This includes personal data such as name, e-mail and telephone number and any other personal data that you might provide us while corresponding with us.
We may also ask you for further information when you contact us directly via telephone, e-mail or in person. If you contact Brovanture directly, we may keep a record of that correspondence.
When submitting forms on our website we use a third-party software provider for automated data collection and processing purposes, they will not use your data for any purposes and will only hold the data in line with our policy on data retention.
Brovanture also collects personal data from the following external sources:
- LinkedIn, where you have made your information public or have shared your details with a Brovanture employee.
- Bought-in marketing lists from third parties.
Website usage information is collected using cookies. Cookies are text files put on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. For more information visit www.aboutcookies.org or www.allaboutcookies.org.
Analytics – e.g. how visitors use our website.
We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience.
An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. Brovanture do not have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.
Internet Based Advertising
We may use third party social media services such as LinkedIn advertising services and as such there are tracking codes installed on our website so that we can manage the effectiveness of these campaigns. We do not store any personal data within this type of tracking.
How will we use the information about you and why?
Lawful basis for processing
We rely on “performance of a contract” where we collect, use and share (in accordance with this policy only) your personal data in order to provide our services or to receive your services pursuant to an agreement with you.
We rely on “legitimate interest” where:
- We collect, use and share (in accordance with this policy only) your personal data in order to provide our services pursuant to an agreement with an organisation that has engaged you.
- You have previously contacted us via the Website or by calling or e-mailing us, to correspond with you in order to create business relations.
- You are a current customer, to send you newsletters, promotional materials and notification of any updates to our services which we feel may be of interest to you.
We rely on your consent as the lawful basis where you have agreed to participate in a survey, and for the processing of such personal information as has been collected through that survey.
At Brovanture we take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed in your Letter of Engagement and supporting Schedules and/or Contracts and as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality.
We collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.
We obtain, use and process the information you provide to us to enable us to discharge the Services (as defined in our Letter of Engagement and supporting Schedules and/or Contracts) and for other related purposes including;
- Updating and enhancing client records.
- Analysis for management purposes.
- Legal and regulatory compliance.
- Enforcing our rights under the Letter of Engagement or any other agreement with you.
We will not share your information for marketing purposes with companies so that they may offer you their products and services.
Disclosure of your information
Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).
We may also disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets; or
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by Brovanture about our customers will be one of the transferred assets; or
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or
- To protect our rights, property, or safety or that of our affiliated entities and our users and any third party We interact with to provide the website, our software and services.
Other than as set out above and save insofar as is necessary in order for Us to carry out our obligations arising from any contracts entered into between you and Us, we will not share your data with third parties unless We have procured your express consent to do so.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Economic Area (“EEA”). For example, some of our third-party providers may be located outside of the EEA. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy, including reviewing, approving and/or negotiating an agreement with these third parties. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If you use our services while you are outside the EEA, your information may be transferred outside the EEA to give you those services.
Where our third-party supplies are in the US we have ensured that their services fall under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EEA to the US.
Security precautions in place about data collected
When you give us personal information, we take steps to make sure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Brovanture is ISO:27001 certified and in accordance with GDPR, Brovanture Ltd is registered with the Information Commissioners Office under reference ZA261743.
Your personal data are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively.
We would like to send you information about our services which may be of interest to you and may use your information to do so. If you do not want us to use your data in this way please either (i) do not tick the relevant box situated on the form on which we collect your data (for example, the registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform Us at any time by contacting us at firstname.lastname@example.org.
How long will we hold your data for?
We will hold the data set out above for a reasonable time having regard to the nature of the personal data and the purpose for which it was collected. In particular:
- Marketing / Prospective Customers: We will hold your data for a period of 1 year with a review every 1 year. You will have the opportunity to opt out or update or delete data at any point should you need to do so, and details are set out in this policy as to how to do that.
- Current Customers: We will hold your data for the duration of the contracted services plus 1 year, unless we are required retain your information for a longer period by any applicable law.
If you have any questions with regards to our data retention periods, please contact us.
Your rights under GDPR
Under the General Data Protection Regulation you have several important rights free of charge. In summary, those include rights to:
- Access to your personal data and to certain other supplementary information that this Policy is already designed to address.
- Require Us to correct any mistakes in your information which We hold.
- Require the erasure of personal data concerning you in certain situations.
- Receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
- Object at any time to processing of personal data concerning you for direct marketing.
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Object in certain other situations to our continued processing of your personal data.
- Otherwise restrict our processing of your personal data in certain circumstances.
- Claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Email: email@example.com or write to us: Daryl Spires (DPO), The White House, 2 Meadrow, Godalming, Surrey, GU7 3HW.
- Let us have enough information to identify you.
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- Let us know the information to which your request relates.
If you feel that your personal data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint and further details on how to contact the supervisory authority in the event of a complaint may be found here: Information Commissioner’s Office.
How to contact us
- By email: firstname.lastname@example.org.
- Or write to us at: Daryl Spires (DPO), The White House, 2 Meadrow, Godalming, Surrey, GU7 3HW.