We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details, please read our Cookie Policy.
This is the Privacy Notice of the British Franchise Association (company limited by guarantee, registered number 01341267) whose registered office is at 85f Park Drive, Milton Park, Milton, Abingdon, Oxfordshire, OX14 4RY (“BFA”, “we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
This Privacy Notice relates to personal information that identifies “you” meaning:
If you are an employee, contractor or otherwise engaged in work for us, a separate privacy notice applies to you instead.
We refer to personal information identifying you as “personal data” throughout this Privacy Notice and paragraph 3 sets out further detail of what this includes.
Please read this Privacy Notice to understand how we may use your personal data.
This Privacy Notice is not intended for children and we do not knowingly collect personal data relating to children.
This Privacy Notice may vary from time to time so please check it regularly. This version of this Privacy Notice was first published on 25th May 2018 and has not been updated since.
For the purposes of relevant data protection legislation, we are a ‘controller’ of your personal data in some situations. This means we determine the means and purposes of processing your personal data. As a controller we use the personal data we hold about you in accordance with this Privacy Notice.
If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences please contact: communications@thebfa.org
If you have any questions about this privacy notice or how we process your personal data, or if you would like to exercise your rights in relation to your personal data, please contact us by:
The categories of personal data about you that we may collect, use, store, share and transfer are:
We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re- connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
In addition, we may obtain certain special categories of your data (“Special Categories of Data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We also collect information about criminal convictions and offences as part of our accreditation process.
We obtain your personal data from the following sources:
We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data:
To assess applications for new franchisor members, exhibition applicants, franchisee members or affiliates of the BFA or individuals working towards obtaining the QFP or an online course certificate like our Prospect Franchisee Certificate or Prospect Franchisor Certificate and where applicable, to register that person for membership or to receive our services.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary:
In order to perform our contractual obligations to you (whether you are a BFA member, BFA affiliate, professional working towards QFP status, customer of our online shop or engaged by one of our suppliers). This would include:
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary:
In order to manage our relationship with you including:
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary:
In order to carry out surveys of our franchisor members’ franchisees as part of the franchisor’s membership application.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary for our legitimate interests in the management and operation of our business.
For our dispute resolution service:
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary:
In order to comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the police).
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary for us to comply with the law.
In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident at one of our locations or events and we have to give your personal details to medical personnel).
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary in order to protect the vital interests of an individual.
In order to administer and protect our organisation, deal with any misuse of our website and to comply with our security policies at our locations.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary:
In order to make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary for our legitimate interests to study how guests use our products/services, to develop our products and services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy.
(We will only rely on legitimate interests to market to you where we are sending marketing to your corporate email address or work number or you gave your details when you purchased membership, products or services from us. Otherwise, we will rely on consent.)
For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary for our legitimate interests in defining types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
To communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary:
In order to enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties.
Categories of personal data processed:
The basis on which we can do this (this is what the law allows):
The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us.
In addition, we may lawfully process Special Categories of Data in certain ways. We set these out below along with the legal bases on which we process these Special Categories of Data:
Categories of personal data processed:
Health Data.
The basis on which we can do this (this is what the law allows):
The processing is necessary to comply with social protection law in the case of a health and safety incident recorded at any of our locations or in order to protect the vital interests of you or another individual where you or the individual is physically or legally incapable of giving consent.
We would like to use your personal data for a variety of different purposes. For certain of these purposes it is appropriate for us to obtain your prior consent. These are as follows:
The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
You may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 2 or click on the unsubscribe link on our marking email or (If you are a member) you can also log onto your online account with us and manage your preferences there.
Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.
We may disclose your personal data to:
If you provide personal data to us about someone else (such as one of your directors or employees, or any of your franchisees (where you a franchisor), or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.
You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area.
In connection with such transfers:
Our website server is hosted in United States of America and transfers are made on the basis of the Privacy Shield.
We will store your personal data for the time period which is appropriate in accordance with our data retention policy, a copy can be obtained by contacting us using the contact details set out in paragraph 2.
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to do so may mean that we are unable to provide services to you. For example if you do not provide your bank account details when applying for an event, membership or purchase that required payment then we will not be able to provide that service.
Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph
), you may have a number of rights in connection with the processing of your personal data, including:
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 2.
You may also have the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
We take the security your personal data seriously and have technical and organisational measures to ensure a level of security appropriate to the risk.
We use a mixture of measures including utilising technology to combat cybersecurity, data management techniques, user access and management procedures, physical security and guidelines for personnel.
Our measures are aimed at having the ability to:
This Privacy Notice only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy notice as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third party websites.
© 2020 The British Franchise Association
We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details, please read our Cookie Policy.