This Privacy Notice explains what information BOKS International gather about you, what we use that information for and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.
It is our policy to collect only the minimum information we require from you. If you believe we hold more information about you than is required, or if you have any queries about how we handle your personal data, please contact us using the details below.
Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.
If you have any questions about this Privacy Notice or the way your personal information is processed by us, or would like to exercise one of your rights explained within, please contact us using one of the following means:
Email: [email protected]
Post: Data Protection Officer, BOKS International, 3 Acorn Business Centre, Northarbour Road, Cosham, Portsmouth PO6 3TH.
Types of Personal Data Processed
The personal data processed as part of our marketing strategy is limited to ‘personal data’ as defined in Article 4(1) of the EU General Data Protection Regulation (‘GDPR’). We take every effort to minimise the personal data we collect and its processing to what are essential for the purposes of marketing to you. The personal data we store is limited to First Name, Last Name, Job Title, Age, Company shareholding, and email address. These are publicly available details that are used to identify an individual and their relationship to a company.
Categories of Data Subjects
Personal data we process for our own purposes and on your behalf may include, but may not be limited to, member data, prospect data, staff data, contractor data and supplier data.
Legal Basis for Data Processing
Where we collect and store your personal data for our own purposes, the lawful bases for doing so, are as follows:
To provide our services to you in performing our contractual obligations to you in accordance with our admission agreements. In order to work with you as a member, we require some personal data from you. The continued processing of relevant personal data will be necessary to enable us to deliver services to you.
We will have a legitimate interest in processing your data for the purposes of Direct Marketing in such a circumstance that your data profile, as available in the public domain, matches what we would expect based on an analysis of our typical member. Our services involve sharing your details with other member firms for the purposes of networking and the possibility of referring business. You will be in a Senior role within an organisation that provides professional services in line with those advertised on our website.
We will have a legitimate interest in processing your data for the purposes of ongoing
communication with you as a member. An integral part of your membership requires that you receive ongoing updates regarding the alliance as a whole and the updates provided by other members. It is reasonable that as a member you will expect these communications and it is in our legitimate interest to keep you informed.
For any other purposes for which you provided the information to us and where there is no other condition for processing available, if you have agreed to us processing your personal information.
Duration of Processing
We will process personal data on your behalf for so long as you remain. At the cessation of our processing activities on your behalf it is your choice as to what happens to the personal data you have provided to us.
Legitimate Interest Assessment
We have carried out a Legitimate Interest Assessment (LIA) as recommended by the ICO. The data we collect is not of a sensitive nature and is limited only to that which is essential for our purposes in conducting direct marketing activities. The data we procure is available in the public domain, through social media and it is therefore reasonable to assume that you, the subject, would expect some degree of marketing communications from relevant potential suppliers. The impact of any communications we send to you, the subject, is in our opinion minimal, and you have every right and opportunity to restrict this.
At BOKS International, we source marketing and prospect data from a range of direct and indirect sources. The direct sources are communications with you, either over the phone, by email, or through form submissions on our website. The indirect sources are all in the public domain and identified using web searches for details of appropriate contacts within organisations and referrals from your colleagues or acquaintances. In all cases we will do so based on the understanding that international referrals are a core requirement of professional service organisations and a subject with a senior role in such an organisation will have a pronounced interest in such.
Use of sub-processors
As part of our service delivery it is necessary for us to use sub-processors.
Our IT is largely provided by parties external to BOKS International. Some solutions we utilise are cloud based and our need to rely upon those systems varies depending upon the services we deliver to you.
All sub-processors are bound by contracts with BOKS International to provide at least the same level of protection for your data as we do.
Most sub-processors do not engage directly with your data and simply provide secure storage solutions for the data we process. Unless we have otherwise expressly agreed conditions with them, sub-processors are prohibited from using your personal data for their own purposes.
BOKS International utilise a number of suppliers to provide us with IT and other associated services for the delivery of our business and services to you. In many cases, the suppliers we use will be granted access to the data we are processing in order to provide us with technical assistance. Such processing activities are not directly related to our principal services to you and are considered ancillary to our own internal activities.
As an international alliance, our staff need to be able to work from anywhere in the world using our IT services. Although your data will be securely stored within our IT environment and the aforementioned cloud solutions at all times, it will from time to time be necessary for our staff to access these systems, both inside and outside of the EEA.
To assist in providing some services to you, BOKS International may utilise external subcontractors to process your personal data. The processing activities which may be undertaken by subcontractors includes, but is not limited to, data entry processing on engaged services, client management and billing. These subcontractors may operate outside the European Economic Area (‘EEA’) and from countries that do not have laws that provide specific protection for personal information. To minimise the transferring of personal data, these subcontractors are provided direct access to the IT environment and software platform, in which to perform the processing activities. Appropriate IT security controls are in place at all times and all subcontractors are bound by contracts (e.g. the standard (model) contractual clauses issued by the EU for the transfer of personal data to data processors or data controllers outside the EEA) which require your personal data to be safeguarded and which provide at least the same level of protection for your data as we do.
If you are registered as the primary contact for you firm, as a member of the alliance, other members of BOKS International will have access to your personal data. This data will also be made publically available on our website to prospective clients and referrers. We transfer your personal data to other members of BOKS International where necessary unless you have specifically requested us not to. This is an integral part of the service we provide and should be expected by you when becoming a member.
Where your personal information is not publicly shared by us as part of your membership, BOKS International has put technological and organisational controls in place to protect your personally identifiable information. Only authorised persons are provided access to personally identifiable information we have collected, and all such individuals have received appropriate training and have agreed to maintain the confidentiality of this information.
Data Retention Policies
BOKS International carry out frequent updates to our prospecting data. Any information or company associations which are found to be out of date are deleted. If we deem you to have a legitimate interest, we will store your data for a period of no longer than 5 years before reviewing this.
We actively minimise the personal data we request or hold, which means unless you seek to engage us, we will store only that which is absolutely necessary for us to make and maintain contact with you.
Your Data Subject Rights
Where we act as a Data Controller for your data you may exercise a number of rights.
- Request access to the personal data we hold about you.
- Ask us to correct any data which is inaccurate.
- Request to have your personal data deleted.
- Put in place restrictions on our processing of your data.
- Ask us to transfer your data to another controller (data portability).
We will handle all exercise of your data subject rights in accordance with the requirements of GDPR and any national laws at the time of your request. Should you need to exercise any of your data subject rights please set out your request in writing to our Data Protection Officer.
It is important to note that there is a significant difference between a request to restrict the processing of your personal data and a request to delete it. If you request that we delete your personal data this will be adhered to, however this will mean that your information is also removed from our suppression records, which may mean that data is re-added to our database under the same legitimate business interest. If you wish to request that we stop contacting you, we recommend that you request restriction on processing rather than deletion.
If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.
Changes to this Statement
We recommend you check this statement on a regular basis to ensure you remain in agreement with the activities we carry out in respect of processing personal data.
By providing us with your personal data you give us your consent to use it to provide you with the requested service(s). Should you provide us with business contact details we may also use those contact details in pursuit of our legitimate interests in promoting and developing our business.
All personal data submitted through our website may be used by us in an anonymised form to assess and improve the services delivered herein and for our wider business development
BOKS International is the Data Controller for all personal data you provide us with via our website.
We do not share your personal data collected through our website with organisations outside of the BOKS International group. Please review the relevant privacy statement if you are an existing client of our services. We do not sell or rent your personal data for any purpose.
For any questions, queries or other data protection matters, please contact our Data Protection Officer.
A cookie is a tiny element of data that a website can send to a visitor’s computer’s browser so that this computer will be recognised by the website on their return. Cookies allow our web server to recognise a computer on connection to our website, which in turn allows the server to make downloading of pages faster than on first viewing. In addition, cookies may also be used by us to establish statistics about the use of our website by Internet users by gathering and analysing data such as: most visited pages, time spent by users on each page, website performance, etc. By collecting and using such data, we hope to improve the quality of our website.
The data collected by our servers and/or through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above.
Navigation data about website viewers is automatically collected by our servers. If you do not wish to have this navigation data collected, we recommend that you do not use our website. A visitor can also set their browser to block the recording of cookies on their hard drive to minimise the amount of data that may be collected about your navigating on our website. The browser on a computer can be set to notify the user when a cookie is being recorded on their computer’s hard drive. Most browsers can also be set to keep cookies from being recorded on their computer. However, for optimal use of our website, we recommend that visitors do not block the recording of cookies on their computer.
For more information about cookies, please see the Information Commissioner’s website home page or the Interactive Advertising Bureau.
Data Subject Rights
BOKS International acts as the Data Controller for all personal data submitted through our website. Accordingly you may exercise a number of rights over your data including:
- Accessing the personal data we hold about you.
- Asking us to correct any of your personal data we hold which are inaccurate.
- Request to have your personal data deleted.
- Put in place restrictions on our processing of your data.
- Asking us to transfer your data to another controller (data portability).
We will handle all exercise of your data subject rights in accordance with the requirements of the GDPR and any national laws. Should you need to exercise any of your data subject rights please set out your request in writing to our Data Protection Officer.
If you are dissatisfied with the way we have handled your personal data and we are unable to resolve the issue for you, you may take the matter to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.
Duration of Processing
We retain and manage all information submitted through this website in accordance with our Data Retention Policy and only hold it for as long is necessary.
Please note that communications over the internet cannot be guaranteed as secure. Whilst we take appropriate steps to protect your data we cannot guarantee that it will remain secure in transit. Once data reaches your network it is your responsibility to ensure it remains secure.
Children and our website
BOKS International understands the importance of protecting children’s privacy, especially in an online environment. Our sites are not intentionally designed for, or directed at, children 13 years of age or younger. It is our policy never to knowingly collect or maintain information about anyone under the age of 13 through our websites. If you are under 16 years of age you must obtain the consent of a parent or guardian to submit information via our site. Please ask them to review this information before you communicate with us.