BSL Link for Communications Ltd - PRIVACY NOTICE
This notice describes how BSL Link for Communication Training Ltd, processes your personal data, as a controller. Our registered address is Farren House, Farren Court, The Street, Cowfold, West Sussex, RH13 8BP. Our business address is PO Box 438 Burgess Hill, West Sussex. RH15 5ER. Please contact us at firstname.lastname@example.org for specific matters.
You have the right to object to some of the processing which BSL Link for Communication Ltd and BSL Link for Communiction Training Ltd carries out. More information about your rights and how to exercise these is set out in the section headed “What rights do I have” below.
This notice applies to:
- – Clients;
- – Bookers;
- – Trainers;
- – Learners;
- – LSPs;
- – Callers;
- – Enquirers; and
- – Other customers
This notice applies to:
- – Website;
- – Customer Service;
- – Finance team; or
- – Premises operated by BSL Link for Communication Ltd;
Summary of the purposes for processing your personal data and the legal basis for doing so:
We process personal data to facilitate, arrange, amend and administer bookings for the provision of a professional service from; Language Service Professionals (LSPs), including: British Sign Language Interpreters, Speech-to-Text Reporters (STTRs), Electronic Notetakers (ENTs), Lipspeakers, Deaf Relay Interpreters, Deafblind Interpreters and Communication Support Workers (CSWs); process and store payment details and provide other products and services, such as accredited training qualifications and Event coordination. We also deal with enquires, gather customer feedback and undertake direct marketing for training courses, in our legitimate interests to promote our business and improve our service and delivery.
- When booking with us, we don’t ask for accessibility, dietary, health or other sensitive personal data. If you (or someone on your behalf) does provide such information to us, we will ask for your consent. In some cases, it may be permissible for us to have such data as it is in your vital interests that we do so, e.g. any food allergies you may have that could cause a health risk, if not shared with appropriate parties.
- When you post on social media about our business, we may use your contact details to respond to any complaints or comments, on the legal basis of our legitimate interests.
- In our legitimate interests, we also seek to prevent and detect crime as well as protect our business and premises.
- In order to fulfil the above purposes:
- we disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers, to manage your bookings, arrange payments, and provide services.
We use a Remote Server managed by Proximitum for our IT platform. Proximitum is a software integrator and cloud enabler that provides cloud management and access tools to help organisations manage their adoption of cloud technologies. Proximitum provide Security Management, Threat management, anti-virus, patch and Full Disaster Recovery Options. If data is transferred outside the European Economic Area – the EU Member States plus Iceland, Lichtenstein and Norway – EEA, Proximitum make sure there are safeguards in place to protect your data, such as a Privacy Shield, binding corporate rules and contracts to ensure data is protected to the same standards as the EU and the EEA. For more information on Proximitum, please see – www.proximitum.com
- BSL Link for Communication Ltd keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital or public interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
- Any consent(s) you give us may be withdrawn at any time.
- You have an absolute right to object to direct marketing and any profiling for the purposes of direct marketing, at any time.
- You also have the qualified right to:
- request access, rectify, and erase your personal data;
- object to processing for any purpose where we rely on our legitimate interests as the legal basis;
- restrict processing; and
- supply or transfer your personal data in a portable format, Where you exercise any of your rights, we will process your personal data to comply with your request in accordance with our legal obligations.
- Where we use automated decision-making, you have the right to human intervention, to add a statement, and to have the decision reviewed.
You have the right to lodge a complaint with a data protection supervisory authority of the EU Member State in which you are resident, work or in which your complaint arises. In the UK, the supervisory authority is the Information Commissioner. Details of all EU supervisory authorities can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
We may provide additional information during the booking process and at other points at which we collect your personal data.
If you wish to exercise your rights, please email us at email@example.com
If you require further details of our Privacy Notice please continue reading.
Personal information we collect
We collect personal information when you book with us or request information about using our services. This includes telephone calls, texts, using our websites, or corresponding with us via email or letter. We may also receive personal data about you from another source. The type of Personal Data we will take from you is as follows:
- Personal Identifiers – Name, address, telephone number, email address, work address, assignment venue, job title, gender – if referring to a hospital appointment where a gender specific interpreter may be requested, health information, medical venue/department, names of others in the assignment domain, work team or those present in the assignment.
- Business-to-Business Information – for corporate customers and corporate business leads and contacts: job title, business address and business email address;
- Transaction Information – payment, sales enquiry and booking details
- Accreditation information – Accredited details for courses undertaken and completed;
- Customer special requests and feedback including complaints – via call centres, emails and online free text fields.
Third parties that we receive personal data from may include:
- Public Sector Organisations, such as the NHS, Social Services, Educational establishments, Charities,
- Corporate customers, blue-chip companies, Supermarkets, small businesses, independent businesses and public information sources such as Companies House;
- Social Networks
- Business Account Management operators
- Government agencies
- Other licensees in accordance with licensing requirements
How do we use your information, and what is the legal basis for this use?
- To fulfil a contract, or take steps linked to a contract. This is relevant when you want to make a booking enquiry
- making, amending or administering your booking;
- providing products and services requested by you;
- verifying your identity;
- processing payments;
- communicating with you;
- providing customer services, including managing complaints;
- alerting you by text, email or phone in the event of an unplanned incident, as a result of which we have to make alternative arrangements under our contract (or where we believe it is in your vital interests).
If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.
In our legitimate interests regarding the conduct of our business, in particular:
- Ensuring customer satisfaction, maintaining goodwill and dispute resolution
- we provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes. We reserve the right to request evidence to support any claims or complaints.
- To protect our business and prevent fraud
- monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business;
- For business performance and improvement
- analyse transactions to enable us to improve our services and products and plan for our business.
- Developing and Marketing Products and Services
- for raising brand awareness;
- to understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us;
- we may use your data to provide personalised promotional offers to you;
- we may also use your data to provide you with personalised promotional offers on selected partner websites, for example, you might see an advertisement for our products on a partner site such as Facebook
- we may use personal data of some individuals to invite them to provide feedback or take part in market research; and
- Legal and Regulatory purposes
- in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
- to comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents;
- to prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law; and to anonymise personal data when we no longer need to process it.
Where we have relied on legitimate interests as the lawful basis for processing, we have carried out a balancing test. For details of these email – firstname.lastname@example.org.
- Where you give us consent:
- we will send you emails in relation to products and services provided by us that we feel are relevant to you, if you have opted in to receiving this information.
- when you use our website, we place cookies and use similar technologies on your computer, mobile or other device. Please see our Cookie Banners and link.
- We will process health information, accessibility and health information you or a party on your behalf provides to us (we may also be able to do this where it is in your vital interests); and
- On other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
- On other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
You have the right to withdraw consent at any time.
- For purposes which are required by law:
- to record details of clients not resident in the UK
- in response to requests by government, law enforcement authorities, or intelligence services and court orders;
- if required to comply with health and safety legislation to which we are subject
- we may be required to share information with other licensees in accordance with local licensing requirements; and
- responding to a rights request under data protection legislation.
- To protect your vital interests or those of another person:
- disclosing your personal data to the emergency services where we believe it is necessary to protect your vital interests or the vital interest of another person; and
- where you (or a person acting on your behalf) provide us with dietary or other personal health data such as heart conditions.
Recipients that we disclose, transfer or share your personal data with:
For some activities BSL Link for Communications Ltd. uses third party service providers. Your personal data will be disclosed to such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests. For example, we use third parties to:
- administer and fulfil bookings;
- provide IT development, support, maintenance and hosting, including the provision of applications and website hosting;
Personal data may be shared with government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim.
Restructure and sale
In the event that the business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Sometimes we may need to send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (‘EEA’). For example, to follow your instructions, comply with a legal duty or to work with or receive services from our service providers who we use to help run your accounts and our services.
If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between EU countries and the US. It makes sure those standards are similar to what is used within the EEA.
- Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection.
For some of our service providers in the US, we rely on Privacy Shield. For example the party who helps us with our customer feedback surveys. For our service provider in India, who has restricted access to some data to provide us with IT support and maintenance services, we rely on contractual measures. For further details on the mechanisms used please contact – email@example.com
What rights do I have?
- Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent. We will continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies.
In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, and any profiling we carry out for direct marketing, at any time. You can do this by contacting us at firstname.lastname@example.org
Where you have a relationship with another organisation, such as a social media platform like Facebook and they may use this information to market to you. If you do not want to receive these messages, please contact the organisation directly if you want to withdraw your consent to such organisation marketing to you.
- Other qualified rights
- You have the right to know whether or not we process information about you and to access that information.
- You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete.
- You have the right to obtain the personal data you provide to us for a contract or with your consent in a commonly used, structured, and machine-readable format, and to ask us to share (port) this personal data to another controller.
- You have the right to ask that we erase or restrict (stop active) processing of your personal data.
- In addition, you can object to the processing where the lawful basis is our legitimate interests.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person or you ask us to erase information which we are required by law to keep. Where you object to us processing personal information we may have a compelling justification for processing it. Relevant exemptions are also included within the data protection laws that apply in the UK. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have concerns, you have the right to complain to the data protection supervisory authority of the EU Member State in which you are resident, work or in which your complaint arises. In the UK, the supervisory authority is the Information Commissioner. Details of all EU supervisory authorities can be found at:
How long will you retain my personal data?
We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or a complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period. For example we retain:
- General Enquiries and Non-accredited course applications until a period of 2 years has elapsed since your last interaction with us
- Personal data we process for marketing (including profiling) purposes, unless you ask us to stop sending electronic direct marketing, in which case we will act on your request, and then keep a record of your request indefinitely;
- Accident report forms for 3 years
- Financial information for a period of 7 years, for accounting, business reporting, analysis and audit purposes.
In any of the cases mentioned above, we may retain the personal data for longer, if it is required for the purposes of any internal or external investigation or litigation. In these cases, it may be retained until the matter is resolved. We may keep your data for longer in line with any limitation periods, or if we cannot delete it, e.g. for tax, legal or regulatory reasons.
You have the qualified right to request deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it.
How do I get in touch with you?
General data protection queries
If you have any queries about the way we process your personal data. You can get in touch at email@example.com
Exercise of rights
If you have any queries about or want to exercise any of your rights please contact us firstname.lastname@example.org
Booking and general enquiries
For any queries relating to your booking or other services please contact email@example.com
This Privacy Notice was last updated on 24th May, 2018.