This Privacy Notice explains how BHR (UK) LTD (as the ‘Data Controller’) collects, uses and protects personal data generally.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Some of your personal data is classed as “special categories of personal data” because it is the information that is considered to be more sensitive and therefore requires more protection. This includes information that identifies your racial/ethnic origin, political opinions, religious/philosophical beliefs, sexual orientation and information regarding your physical and mental health.
The processing of personal data is governed by the Data Protection Act (DPA) 2018. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Who we are
BHR (UK) LTD (company number: 8386046) is the Data Controller (contact details below) and it decides how your personal data is processed and for what purposes.
Our website address is: https://www.bhruk.com.
What personal data we collect and why we collect it
When you leave a comment on the site we collect the data shown in the comments form, and also your IP address and browser user agent string, to help spam detection.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
Contact form, newsletter and HR Health Audit
We will initially store your email address and any additional information you provide about yourself on the HR Health Audit.
We will also store the date you signed up to the newsletters so that we can prove (if necessary) that you opted-in to receive them.
We will communicate with you by email only unless you provide us with additional contact details (such as telephone number, address or via social media), in which case we may also communicate with you by those other means.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
What are our grounds for processing your data?
We rely on consent and legitimate interests as our grounds for processing your data. By signing up to receive BHR (UK) LTD newsletters after 15 May 2018 you agreed to the following statement:
If we communicate with you by means other than email (such as post or via Facebook Messenger), we will only do so where we have a legitimate interest in so doing.
Who we share your data with
Your data will be kept secure and never shared with any third parties, except for the following organisations (and any similar organisations we may subcontract services to in the future, at which point we will update this policy):-
- Rocket Science Group LLP (more commonly known as ‘MailChimp’), which is the US-based company we use to send emails. We have entered into an agreement with them whereby they agree to store and process your data in accordance with the EU Privacy Shield.
- Dropbox, Inc., which is the US-based company we use to store all our documents. These documents may include backups of our subscriber list. Dropbox has ISO 27018 (the internationally recognised standard for leading practices in cloud privacy and data protection), is certified for compliance with the EU Privacy Shield and has undertaken it will comply with the provisions of the GDPR.
- Subcontractors to whom we delegate website or database programming and maintenance, or necessary administrative functions.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. However, where possible we will anonymise this data so that you cannot be identified. Where we do not need to continue to process your personal data, it will be securely destroyed.
In the case of newsletters we will keep your information until you withdraw your consent, either by telling us directly or by clicking an ‘unsubscribe’ link which will be at the bottom of every email we send. As set out above, you can also opt-out of any advertisement campaigns at any time.
What rights you have over your data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- to request a copy of your personal data which we hold about you;
- to request that we correct any personal data if it is found to be inaccurate or out of date;
- to request that your personal data be erased where it is no longer necessary for us to retain such data;
- to withdraw your consent to the processing at any time;
- to request that we provide you with your personal data and where possible, to transmit that data directly to another Data Controller (where applicable) – please note this only applies where the processing is based on consent or is necessary for the performance of a contract with you, and in either case where we process the data by automated means;
- to request that a restriction be placed on further processing where there is a dispute in relation to the accuracy or processing of your personal data;
- to object to the processing of personal data (where applicable) – please note this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics;
- to be informed of the processing of your personal information by:
- automated means which results in a decision being made (without human intervention) and
- profiling which is used for the purpose of evaluating certain characteristics about you without human intervention (for example, to predict your behaviour or interests) that have legal or similarly significant effects on you as an individual. Where these methods of processing are used, you have the right to be informed as to how you can request human interaction and how to challenge a decision.
9. to lodge a complaint with the Information Commissioners Office.
You can access the personal information that we hold about you by submitting a Subject Access Request (SAR) to BHR. This request must be in writing and clearly specify the information you require.
If you would like to make a request in regard to the processing of your personal data, please contact the Data Protection Officer on the details provided below. However, it is not always possible for requests to delete information to be fulfilled and the Data Protection Officer will provide you with more information if that is the case.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Do we use tracking or automatic processing?
In our emails, we can track whether you have opened the email or clicked on any link within it. We use this information solely to understand the performance of the newsletter, to draw out general trends, and to monitor the size of our active readership.
We do not use any information at a personal level, except that if you have told us your occupation and/or your closest city, we may use that information to automatically filter you out from receiving irrelevant direct marketing where we do not think we have sufficient legitimate interest in sending it to you. For example, if we are sending direct marketing emails about a seminar in Manchester, and you have told us you live in London, we are likely to exclude you from that direct marketing campaign.
From time to time we might email you and ask you to provide a bit more information about yourself – for example, your occupation, or your closest city. You do not have to reply to those emails and are free to ignore them. The only thing we do with the information you give us, is use it for the automatic processing described above, to reduce the amount of any direct marketing we send you if we think you won’t be interested.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns, questions or comments please email the Data Protection Officer at [email protected]
If having exhausted the complaint process you are not content that your request or review has been dealt with correctly, you can appeal to the Information Commissioner’s Office to investigate the matter further by writing to:
Information Commissioner’s Office
Is this policy subject to change?
We will look at the policy from to time and may make changes. Any changes which do not substantially change the existing policy or significantly affect your privacy will not be directly notified to you but will be updated on our website. Any substantial changes or any changes which significantly affect your privacy will be sent to you by email