Privacy Policy

This is the Privacy Notice of the British Franchise Association (company limited by guarantee, registered number 01341267) whose registered office is at Victoria House, 26 Queen Victoria Street, Reading, Berkshire, England, RG1 1TG (“BFA”, “we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.

This Privacy Notice relates to personal information that identifies “you” meaning:

  • individuals who are engaged by or otherwise involved with our franchisor members, franchisee members or affiliate members;
  • individuals who are engaged by or otherwise involved with exhibitors at our exhibitions or franchisees of franchisor members;
  • individuals involved with our Qualified Franchise Professional (“QFP”) scheme;
  • individuals involved with our online courses including our Prospect Franchisee Certificate or Prospect Franchisor Certificate;
  • individuals who browse our website;
  • individuals involved with our suppliers or professional advisers;
  • any other individuals outside our organisation with whom we interact.

If you are an employee, contractor or otherwise engaged in work for us, a separate privacy notice applies to you instead.

We refer to personal information identifying you as “personal data” throughout this Privacy Notice and paragraph 3 sets out further detail of what this includes.

Please read this Privacy Notice to understand how we may use your personal data.

This Privacy Notice is not intended for children and we do not knowingly collect personal data relating to children.

This Privacy Notice may vary from time to time so please check it regularly. This version of this Privacy Notice was first published on 25th May 2018 and was updated on 4th March 2023.

Controller

This Privacy Policy applies where we are a controller in respect of your personal data – this is where we decided how and why your personal data is processed.

If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences, please contact: communications@thebfa.org.

If you need to contact us in connection with our use or processing of your personal data, or gain access to it then please contact us by:

  • sending an email to privacy@bfa.org
  • writing to us by post to: Compliance Department, British Franchise, Victoria House, 26 Queen Victoria Street, Reading, Berkshire, England RG1 1TG
  • calling us on: 01235 820470

The categories of personal data about you that we may collect, use, store, share and transfer are:

  • Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, prefix, username or similar identifier, job title, signature, date of birth and gender and your contact details such as your billing address, delivery address, email address and telephone numbers;
  • Account and Profile Data. This includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
  • Advertising Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and your communication preferences;
  • Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
  • Economic and Financial Data. This includes personal data which relates to your finances, such as your accounts where you are a sole trader or your bank account and payment card details where you are an individual purchasing a course or membership from us and information which we collect from you for the purposes of the prevention of fraud;
  • Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of membership subscriptions or purchases from our shop;
  • Audio and Visual Data. This includes personal data which is gathered using our CCTV or other recording systems in the form of images, video footage and sound recordings that is taken at any of our locations or otherwise by us for promotional purposes;
  • Health Data. This includes personal data which is gathered for health and safety purposes including any accident report or claim log or any information you provide about allergies or other medical conditions;
  • Market Research Data. This includes personal data which is gathered for the purposes of market research, such as the BFA/NatWest survey and our members’ survey.

 

We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.

We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

In addition, we may obtain certain special categories of your data (“Special Categories of Data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We also collect information about criminal convictions and offences as part of our accreditation process.

We obtain your personal data from the following sources:

Directly from you, including via our website, by email, by post, by telephone or in person at one of our events or otherwise. This could include personal data which you provide when you:

  • submit an application to become a member of the BFA;
  • send a dispute form or response to us or other information as part of our informal conciliation, mediation or arbitration processes;
  • send information in relation to your or someone else’s QFP qualification;
  • submit an entry for a BFA award;
  • submit a franchise case study for our website;
  • send an exhibition application form and supporting information;
  • create an account on our website;
  • subscribe to our newsletter;
  • place an order for a product in our online shop;
  • request information on our products or services or for other marketing to be sent to you;
  • enter into a competition or promotion;
  • complete a survey from us or give us feedback; and
  • email us, give us an engagement letter or otherwise provide us with your details in the course of business including as an employee of one of our suppliers or professional advisers.

 

From someone else who provides us with information containing your personal information such as when they: 

  • submit an application to become a member of the BFA;
  • submit an application for an upgrade of membership with the BFA;
  • submit an application for a re-accreditation of membership with the BFA;
  • send a dispute form or response to us or other information as part of our conciliation, mediation or arbitration processes;
  • send an application to become a QFP;
  • send information in relation to your or someone else’s QFP qualification;
  • pass us your details where you are nominated as a referee of a prospective BFA affiliate or sponsor of a prospective BFA franchisor member or franchisee member;
  • complain to us about the actions of a BFA member;
  • submit an entry for a BFA award;
  • submit an entry for a BFA award; and
  • complete a survey from us or give us feedback.

 

Via automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookie policy www.thebfa.org/cookies-policy for further details.

From businesses whose services we use such as:

  • providers of social media platforms (such as Facebook, Twitter and Instagram) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter;
  • analytics providers and providers of member and non-member feedback (such as Survey Monkey);
  • our PR agency;
  • Venture Marketing Group who provide exhibition services to us;
  • search information providers (such as Google); and
  • providers of technical, payment and delivery services (such as Bottom Line, and Stripe and courier services for delivery); and
  • providers of credit checks such as Credit Safe;

 

Publicly available sources, such as:

  • Companies House;
  • HM Land Registry;
  • Industry magazines.

Where we may rely on consent

For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in
relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

In the event that we rely on your consent, you may at any time withdraw the specific consent you give  to our processing your personal data. Please contact us using the contact details set out in paragraph 2 to do so, or click on the unsubscribe link on our marking email. If you are a member, you can also log onto your online account with us and manage your preferences there.

Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on
other lawful bases to process your personal data for other purposes.

Examples of when we may rely on your consent to your personal data include:

  • where we would like to use photos or images taken of you in promotional materials on our social media, website or other materials:
  • where you provide personal information that you agree may be published in the public domain including in a magazine, press release or on our website (in a franchise case study or otherwise); 
  • where, in the provision of our services to you, we need to use the Special Categories of Data that you provide to us; 
  • to send an exhibition application form to you; 
  • in relation to the use of our dispute resolution process, where the complainant has given their consent (see table above); and 
  • where you are not a member and specifically ask us to send you marketing on our membership, upcoming events, courses or other services we think you may like to hear about.

 

Where we are relying on a basis other than consent

We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data:

Purpose for which we process your personal data

Categories of personal data processed

Legal basis upon which we process your data

 

To assess applications for new franchisor members, exhibition applicants, franchisee
members or affiliates of the BFA or individuals working towards obtaining the QFP or an online course certificate like our Prospect Franchisee Certificate or Prospect Franchisor Certificate and where applicable, to register that person for membership or to receive our services.

 

  •   Individual Data:
  •   Economic and Financial Data;
  •         Account and Profile Data.

 

  • To perform a contract with you;
    and
  • our legitimate interest
    in the provision of our services.

 

 

To perform our contractual obligations to you (whether you are a BFA member, BFA affiliate, professional working towards QFP status, customer of our online shop or engaged by one of our suppliers). This would include:

 

  • processing and performing any bookings on our events placed by you;
  • providing our services to you;
  • assessing information with respect to the grant of awards or qualifications;
  • processing in relation to orders placed by us where you are a supplier; handling complaints about BFA members or affiliates;
  • making or receiving payments, fees and charges and reclaiming VAT where applicable;
  • audit purposes; and
  • collecting and recovering money owed.

 

  •     Individual Data;
  •     Economic and Financial Data; and
  •        Sales Data.

      

  • To perform any contract entered into with you; 
  • our legitimate interest in recovering debts

         owed to us and in the provision of our                      services and operation of our business;                   and

  • in order to manage our relationship with you including:

            – to send you important notices such as                              communications about changes to our                              terms and conditions and policies (including                    this Privacy Notice);

               to provide you with important real-time                            information about our events, services or                          products (e.g. a change of time or location                        due to unforeseen circumstances); and 

              – to send you information you have                                        requested; 

              – to deal with your enquiries; and to ask you                        to leave a review or feedback on us.

 

In order to manage our relationship with you including:

 

  • to send you important notices
    such as communications about changes to our terms and conditions and policies
    (including this Privacy Notice); 
  • to provide you with important real- time information about our events, services or products (e.g. a change of time or location due to unforeseen circumstances); 
  • to send you information you have requested;
  • to deal with your enquiries; and to ask you to leave a review or feedback on us.

 

  •      Individual Data; 
  •         Account and Profile Data; 
  •         Sales Data; and Advertising                         and Marketing Data.

       

  • to perform any contract entered into with you; 
  • to comply with the law; and 
  • for our legitimate interests in the management and operation of our business, to keep our records updated and to study how guests use our products/services.

 

To carry out surveys of our franchisor members’ franchisees as part of the franchisor’s membership application.

 

  •      Individual Data
 
  • The processing is necessary for our legitimate interests in the management and operation of our business.

 

For our dispute resolution service: 

 

  • where a franchisee makes a complaint about a BFA member franchisor,
  • we will process the information provided including any personal data and we will notify the franchisor of the complaint including details of the complainant; where a BFA member makes a complaint about another BFA member we will process the information provided including any personal data and we will notify the BFA member of the complaint including details of the complainant.
  •      Individual Data

  • to perform any contract entered
    into with you; 
    into with you; 
  • for our legitimate interests in the management and operation of our business, and 
  • the complainant has given their consent to the processing.

 

In order to comply with our own legal obligations, e.g. health and safety legislation,

or to assist in an investigation (e.g. from the police).

 

 

The processing is necessary for us to comply with the law.

 

In order to use your personal data in life or death situations and there is no time to

gain your consent (e.g. in the event of an accident at one of our locations or events and we have to give your personal details to medical personnel).

  •         Individual Data; and 
  •         Health Data

 

The processing is necessary in order to protect the vital interests of an individual.

 

In order to administer and protect our organisation, deal with any misuse of our

website and to comply with our security policies at our locations.

  •         Individual Data; 
  •         Account and Profile Data; 
  •         Audio and Visual Data; and 
  •         Information Technology Data.
  •  for our legitimate interest in provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group  restructuring exercise; and provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and 
  • necessary to comply with the law.

 

In order to make suggestions and recommendations to you about goods or

services that may be of interest to you, deliver relevant website content and

advertisements to you and to measure or understand the effectiveness of our advertising.

  •        Individual Data; 
  •          Sales Data; 
  •          Information Technology Data; and 
  •            Advertising and Marketing Data.
  • The processing is necessary for our legitimate interests to study how guests use our products/services, to develop our products and services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy. 
  • (We will only rely on legitimate interests to market to you where we are sending marketing to your corporate email address or work number or you gave your details when you purchased membership, products or services from us. Otherwise, we will rely on consent.)

 

To communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions.

  •         Individual Data; 
  •           Account and Profile Data; 
  •           Sales Data; 
  •           Information Technology Data; and 
  •          Advertising and Marketing Data.
  • For performance of a contract with you; and
  • for our legitimate interests to promote our business

 

In order to enforce or apply our terms of use, terms and conditions of supply and other

agreements with third parties.

  •        Individual Data; 
  •        Account and Profile Data; 
  •        Sales Data; and 
  •         Economic and Financial Data

 

The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us.

 

Extra conditions for special category personal data

Where we are
processing your sensitive/special category personal data one of the following conditions will also apply:

     a)    you have given your explicit consent to the processing;

     b)    the processing relates to personal data which are manifestly made public by you;

     c)     the processing is necessary for the establishment, exercise or defence of legal claims;

     d)    the processing is necessary for archiving purposes in the public interest; scientific or historical research
     purposes or statistical purposes;

     e)    the processing is necessary to protect an individual’s vital interests where the individual cannot give
     consent;

     f)     the processing is necessary for reasons of substantial public interest;

     g)    processing is necessary in relation to your or our rights in the field of employment and social security
     and social protection law;

     h)    processing by a not-for-profit body in certain circumstances;

     i)      processing is necessary for the purposes of preventative or occupational medicine; and

     j)      processing is necessary for reasons of public interest in the area of public health.

Where we may rely on consent

For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in
relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

In the event that we rely on your consent, you may at any time withdraw the specific consent you give  to our processing your personal data. Please contact us using the contact details set out in paragraph 2 to do so, or click on the unsubscribe link on our marking email. If you are a member, you can also log onto your online account with us and manage your preferences there.

Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on
other lawful bases to process your personal data for other purposes.

Examples of when we may rely on your consent to your personal data include:

  • where we would like to use photos or images taken of you in promotional materials on our social media, website or other materials:
  • where you provide personal information that you agree may be published in the public domain including in a magazine, press release or on our website (in a franchise case study or otherwise); 
  • where, in the provision of our services to you, we need to use the Special Categories of Data that you provide to us; 
  • to send an exhibition application form to you; 
  • in relation to the use of our dispute resolution process, where the complainant has given their consent (see table above); and 
  • where you are not a member and specifically ask us to send you marketing on our membership, upcoming events, courses or other services we think you may like to hear about.

 

Where we are relying on a basis other than consent

We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data:

Purpose for which we process your personal data

 

To assess applications for new franchisor members, exhibition applicants, franchisee
members or affiliates of the BFA or individuals working towards obtaining the QFP or an online course certificate like our Prospect Franchisee Certificate or Prospect Franchisor Certificate and where applicable, to register that person for membership or to receive our services.

 

 

To perform our contractual obligations to you (whether you are a BFA member, BFA affiliate, professional working towards QFP status, customer of our online shop or engaged by one of our suppliers). This would include:

 

  • processing and performing any bookings on our events placed by you;
  • providing our services to you;
  • assessing information with respect to the grant of awards or qualifications;
  • processing in relation to orders placed by us where you are a supplier; handling complaints about BFA members or affiliates;
  • making or receiving payments, fees and charges and reclaiming VAT where applicable;
  • audit purposes; and
  • collecting and recovering money owed.

 

In order to manage our relationship with you including:

 

  • to send you important notices
    such as communications about changes to our terms and conditions and policies
    (including this Privacy Notice); 
  • to provide you with important real- time information about our events, services or products (e.g. a change of time or location due to unforeseen circumstances); 
  • to send you information you have requested;
  • to deal with your enquiries; and to ask you to leave a review or feedback on us.

 

To carry out surveys of our franchisor members’ franchisees as part of the franchisor’s membership application.

 

 

For our dispute resolution service: 

 

  • where a franchisee makes a complaint about a BFA member franchisor,
  • we will process the information provided including any personal data and we will notify the franchisor of the complaint including details of the complainant; where a BFA member makes a complaint about another BFA member we will process the information provided including any personal data and we will notify the BFA member of the complaint including details of the complainant.

 

In order to comply with our own legal obligations, e.g. health and safety legislation,

or to assist in an investigation (e.g. from the police).

 

 

In order to use your personal data in life or death situations and there is no time to

gain your consent (e.g. in the event of an accident at one of our locations or events and we have to give your personal details to medical personnel).

 

In order to administer and protect our organisation, deal with any misuse of our

website and to comply with our security policies at our locations.

 

In order to make suggestions and recommendations to you about goods or

services that may be of interest to you, deliver relevant website content and

advertisements to you and to measure or understand the effectiveness of our advertising.

 

To communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions.

 

In order to enforce or apply our terms of use, terms and conditions of supply and other

agreements with third parties.

Categories of personal data processed

  •   Individual Data:
  •   Economic and Financial Data;
  •         Account and Profile Data.

 

 

  •     Individual Data;
  •     Economic and Financial Data; and
  •        Sales Data.

 

  •      Individual Data; 
  •         Account and Profile Data; 
  •         Sales Data; and Advertising                         and Marketing Data.
  •      Individual Data

 

  •      Individual Data
  •         Individual Data; 
  •           Audio and Visual Data; and 
  •          Health Data
  •         Individual Data; and 
  •         Health Data
  •         Individual Data; 
  •         Account and Profile Data; 
  •         Audio and Visual Data; and 
  •         Information Technology Data.
  •        Individual Data; 
  •          Sales Data; 
  •          Information Technology Data; and 
  •            Advertising and Marketing Data.
  •         Individual Data; 
  •           Account and Profile Data; 
  •           Sales Data; 
  •           Information Technology Data; and 
  •          Advertising and Marketing Data.
  •        Individual Data; 
  •        Account and Profile Data; 
  •        Sales Data; and 
  •         Economic and Financial Data

Legal basis upon which we process your data

  • To perform a contract with you;
    and
  • our legitimate interest
    in the provision of our services.

 

      

  • To perform any contract entered into with you; 
  • our legitimate interest in recovering debts

         owed to us and in the provision of our                      services and operation of our business;                   and

  • in order to manage our relationship with you including:

            – to send you important notices such as                              communications about changes to our                              terms and conditions and policies (including                    this Privacy Notice);

             –  to provide you with important real-time                            information about our events, services or                          products (e.g. a change of time or location                        due to unforeseen circumstances); and 

              – to send you information you have                                        requested; 

              – to deal with your enquiries; and to ask you                        to leave a review or feedback on us.

       

  • to perform any contract entered into with you; 
  • to comply with the law; and 
  • for our legitimate interests in the management and operation of our business, to keep our records updated and to study how guests use our products/services.
  • The processing is necessary for our legitimate interests in the management and operation of our business.
  • to perform any contract entered
    into with you; into with you; 
  • for our legitimate interests in the management and operation of our business, and 
  • the complainant has given their consent to the processing.

 

The processing is necessary for us to comply with the law.

 

The processing is necessary in order to protect the vital interests of an individual.

  •  for our legitimate interest in provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group  restructuring exercise; and provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and 
  • necessary to comply with the law.
  • The processing is necessary for our legitimate interests to study how guests use our products/services, to develop our products and services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy. 
  • (We will only rely on legitimate interests to market to you where we are sending marketing to your corporate email address or work number or you gave your details when you purchased membership, products or services from us. Otherwise, we will rely on consent.)
  • For performance of a contract with you; and
  • for our legitimate interests to promote our business

 

The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us.

Extra conditions for special category personal data

Where we are
processing your sensitive/special category personal data one of the following conditions will also apply:

     a)    you have given your explicit consent to the processing;

     b)    the processing relates to personal data which are manifestly made public by you;

     c)     the processing is necessary for the establishment, exercise or defence of legal claims;

     d)    the processing is necessary for archiving purposes in the public interest; scientific or historical research
     purposes or statistical purposes;

     e)    the processing is necessary to protect an individual’s vital interests where the individual cannot give
     consent;

     f)     the processing is necessary for reasons of substantial public interest;

     g)    processing is necessary in relation to your or our rights in the field of employment and social security
     and social protection law;

     h)    processing by a not-for-profit body in certain circumstances;

     i)      processing is necessary for the purposes of preventative or occupational medicine; and

     j)      processing is necessary for reasons of public interest in the area of public health.

We may disclose your personal data to:

  • our third-party data processers who may process data on our behalf to enable us to carry out our usual business practices including WorkBuzz Analytics Ltd for the purpose of membership accreditation, upgrade, and re-accreditation surveys, business that provide our accountancy software, relationship management software, external archiving services, direct debit software, website, banking facilities etc. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice; 
  • hotels or venues that provide accommodation to you when you book an event with us that includes accommodation; 
  • third parties operating plugins or content (such as Twitter, Facebook, Instagram) on our website which you choose to interact with; 
  • our email platform provider Mailchimp, to send you email marketing communications; 
  • fellow attendees at our events that you book onto; 
  • HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation; 
  • external professional advisers such as accountants, bankers, insurers, auditors and lawyers; 
  • law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights; 
  • third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; 
  • third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation); 
  • our PR agency and customer feedback; 
  • our external judges who adjudicate our awards programmes and the QFP; and 
  • our Board and Committee members.

If you provide personal data to us about someone else (such as one of your directors or employees, or any of your franchisees (where you a franchisor), or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.

You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.

It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area.

In connection with such transfers we will ensure that:

  • the relevant safeguard in place is approved model contractual clauses between us and the recipient, including where
    required, the ICO’s International Data Transfer addendum
    . A copy can be obtained by contacting us using the contact details set out in paragraph 2; or 
  • the transfer is to a country that provides an adequate level of protection; or 
  • one of the derogations for specific situations applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.

 

Our website server is hosted in United States of America and transfers are made pursuant to the EU Standard Contractual Clauses and the UK SCC Addendum.

We will store your personal data for the time period which is appropriate in accordance with our data retention policy, a copy can be obtained by contacting us using the contact details set out in paragraph 2.

In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.

It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to do so may mean that we are unable to provide services to you. For example, if you do not provide your bank account details when applying for an event, membership or purchase that required payment then we will not be able to provide that service.

Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph 5), you may have a number of rights in connection with the processing of your personal data, including:

  • the right to request access to your personal data that we process or control;
  • the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
  • the right to request, on legitimate grounds as specified in law:
    • erasure of your personal data that we process or control; or
    • restriction of processing of your personal data that we process or control;
  • the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
  • the right to receive your personal data in a structured, commonly used and machine- readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
  • the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office. Please see https://ico.org.uk/concerns/ for how to do this.

If you would like to exercise any of the rights set out above, please contact us using the contact details set out in paragraph 2.

We take the security your personal data seriously and have technical and organisational measures to ensure a level of security appropriate to the risk.

We use a mixture of measures including utilising technology to combat cybersecurity, data management techniques, user access and management procedures, physical security and guidelines for personnel.

Our measures are aimed at having the ability to:

  • Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; and
  • restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

This Privacy Notice only applies to us. If you link to another website from our website, you should remember to read and understand that website’s privacy notice as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third-party websites.

Are you a BFA Member? Don't forget to log in to the BFA Hub to access unique products and discounts.

We use cookies to track site usage and improve user experience.