BD Matters: Privacy Policy

1.       Introduction

We take your privacy very seriously and are committed to protecting your personal data.  This Privacy Policy details how we, BD Matters (a division of Gray Matters Business Limited of 35 Ballards Ln, London N3 1XW we, us) collect, use and process personal data.  If you have any questions on this Privacy Policy or otherwise relating to how we process your personal data, you can contact us at [email].

This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide personal data to us. 

We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.

We are the controller of the personal data provided to us for the purposes of applicable data protection legislation.

 

2.         Whose personal data do we collect?

By personal data we mean identifiable information about you. Generally, this is likely to include information such as your name, email address, geographical postcode, mobile and home telephone number and your IP address if you access any of our websites. 

We may collect, use, store and transfer different kinds of personal data about you:

  • Contact Data includes data such as your email address, telephone number and correspondence address

  • Identity Data includes data such as first name, last name, username or similar identifier, date of birth, gender, job title and other profile data such as your experience and qualifications if you are a consultant on [BD Matters]

  • Technical Data includes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access  our website and any communications we may send to you.

  • Usage Data includes information about how you use our website such as  information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

  • Marketing Data includes your preferences in receiving marketing from us and your communication preferences.

  • Financial Data includes any payment data we receive from you or from any third party payment provider that we use.

 

We do not knowingly collect data relating to children.  Our websites and business are intended for users aged at least 18.

We also do not actively collect special categories of personal data such as information relating to your race or ethnic origin, political opinions, religious beliefs of other beliefs of a similar nature, physical or mental health or condition, sex life and sexual orientation.  Please do not include such information within your interactions or your profile on our website.

 

Personal data you provide to us

From time to time you may provide to us personal data. This may be because:

  • You access and interact with one of our websites, such as www.gray-matters.co or www.bdmatters.co;

  • You are register on one of our websites and/or upload data within your profile on [BD Matters];

  • You are an employee of or otherwise represent one of our clients;

  • You post any other content on one of our websites, including through any communications you make with other users;

  • You or your employer provide services to us;

  • You apply to work with us;

  • You provide feedback or reviews to us, respond to a survey or questionnaire;

  • You fill in a form or sign up to receive marketing communications or newsletters from us;

  • You otherwise contact us including with queries, comments or complaints. 

 

We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request and we shall make this clear to you at the point of collection of the personal data.

All personal data that you provide to us must be true, complete and accurate.  If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this, and we may also report this to the appropriate authorities.   

When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.

Personal data we automatically collect about you

If you use one of our websites, we may automatically collect and store information about your Technical Data and Usage Data.

Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy available on the relevant website.

 

Personal data we receive from others

If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties, such as Companies House, credit reference agencies and the electoral register, confirming or otherwise, your identity.

We may also receive personal data about you from our third-party service providers, including our third-party platform hosts, our payment service providers, and our analytic providers, Google.

Given the nature of communications on our BD Matters website, we may also receive information about you from other users. For example, a client may contact us about worker, and a worker may contact us about an employee or other representative of a client.

 

3.          Legal basis for processing your personal data

We will only use your personal data where we have a lawful basis to do so.  The lawful purposes that we rely on under this Privacy Policy are: 

  • consent (where you choose to provide it);

  • performance of our contract with you;

  • compliance with legal requirements; and

  • legitimate interests.    When we refer to legitimate interests, we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.

 

If you enter into a contract with us then we shall use your personal data, in particular you your Contact Data and Identity Data to perform our obligations and exercise our rights under such contract and to manage our contractual relationship with you.

We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety.  

We may also use your personal data for our legitimate interests to ensure the proper and continued function of our business including:

  • to improve our website and services;

  • in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;

  • to deal with any questions or comments you raise;

  • for audit purposes; and

  • to contact you about changes to this Privacy Policy and/or our Terms of Use.

 

4.          Who do we share your data with?

Within our BD Matters Website, and for our legitimate business interests to ensure we can conduct our business, we may share your personal data with our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.  We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems. 

If we may need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.

If we choose to merge, sell assets, consolidate or restructure, finance, or sell all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do as set out in this Privacy Policy.

 

5.          Where we hold and process your personal data?

Some or all of your personal data may be stored or transferred outside of the United Kingdom and/or European Economic Area (the EEA) for any reason, including for example, if our email server is located in a country outside the United Kingdom  or the EEA or if any of our service providers are based outside of the United Kingdom or the EEA.

Where your personal data is transferred outside the United Kingdom and/or the EEA, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.

6.          Security

We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.  In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.  

However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure.   If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.

 

7.          Marketing

You may consent to receive marketing email messages from us about our website, services and business generally.  You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email.  Please note that it may take us a few days to update our records to reflect your request. 

If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information.  If you still have an account with us, we shall continue to email you in relation to your account only.

 

8.          Your rights

You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here

  • Right of access:  You have the right to obtain from us a copy of the personal data that we hold for you.

  • Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.

  • Right to portability: You can request that we transfer your personal data to another service provider if you initially provided consent for us to use the personal data or where we used the personal data to perform a contract with you.

  • Right to restrict or object to processing:  In certain circumstances, you have the right to require that we restrict the processing of your personal information. If you believe our processing impacts on your fundamental rights and freedoms.  However, we may demonstrate that we have legitimate grounds to process your personal data not withstanding your rights and freedoms.

  • Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it.  However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and when we respond to your request, we shall notify you of any specific legal reasons that we have to retain your personal data.

  • Right to stop receiving marketing information: You can ask us to stop sending you information about our services, but please note we shall continue to contact you in relation to any matters relating to your account, if you have one.

 

We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.

If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time.  You do also have the right to contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority.

  

9.          Retention of personal data

Subject to the provisions of this Privacy Policy, we will retain personal data in accordance with applicable laws.

In particular, we shall retain your personal data for as long as you access or use our website. However, we may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents.

Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

 

10.       General

Our websites may contain links to third party websites, plug-ins and applications.  We are not responsible for the content of such third-party content, or their privacy statement and if you provide any information to the third-party, then you should check the third-party website to find the applicable privacy policy.

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect. 

This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.

This Privacy Policy was last updated on 14 September 2020.  You may contact us if you wish to review any previous version.