PRIVACY
Privacy Statement
At BJM IG Privacy Ltd & Associates we take privacy and the protection of personal and sensitive information seriously. We are committed to protecting your data and complying with the data regulations to their full extent. Our Privacy Policy explains how we use and protect your personal information, to show that we are adhering to the UK GDPR.
Privacy Policy
This Privacy Policy applies to information we collect about individuals who interact with our organisation. It explains what personal information we collect and how we use it. The UK GDPR requires every organisation that processes personal information to be registered with the Information Commissioner's Office (ICO). Our registration number is ZA551179 and you can find us on the Information Commissioner's register and searching for us by using our registration number.
​
Our promise to you
-
We will keep your information secure and confidential.
-
You are in control of how we communicate with you – you can opt in or out or change your preferences at any time.
-
We will not sell your data to a third party.
-
We will not swap your data with a third party.
-
We will train our staff to ensure that they know how to manage your information appropriately and in line with regulations.
​
Personal data that we process
The following sections explain the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.
​
Most of the personal information we process is provided to us directly by you for one of the following reasons:
-
Service enquiry
-
Contracting our services
-
Training services
-
Associates
-
DPOaaS for GP’s
-
DPO Services
​
Service enquiry - If you enquire about our services we will collect your name, email address, telephone number, organisation you work for, your job title and your message.
This will be collected either via email or telephone depending on your preferred contact method. As it is necessary for us to collect that data to enable us to respond to your enquiry in the way you would expect we have a legitimate interest to process that data. You can request for your information to be deleted at any time, however we might not be able to provide you with our services or a reply if your request deletion.
​
Contracting our services - If you contract one of our services, we will be entering into a contractual relationship with you and our legal basis for processing will be contract. We will collect your organisations details, your contact details and any details of contacts you provide us with to enable us fulfilling our contractual obligations towards you. In addition, we will process commercial, confidential and sensitive information that you provide us with for the purposes specified in the contract and data processing agreement. We also will process financial details for the purpose of invoicing and financial transactions.
​
Training services - If you request us to provide training for your staff you would need to provide us with their names and email addresses as a minimum to enable us to invite them, issue them with attendance certificates and other administrative purposes as required depending on the service requested.
​
For face to face training events additional information might be required such as dietary requirements, additional needs, emergency contacts and others. This will be specified in the individual contract and data processing agreement.
The lawful basis we rely on for processing your staff personal data provided by you to us is contract and when we collect any information about dietary or access requirements we also need you staff consent as this type of information is classed as special category data.
​
Associates - Our purpose for processing information in relation to Associates is to assess your suitability to work with us. The lawful basis we rely on for processing your personal relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is to comply with our legal obligations under the UK GDPR.
​
DPOaaS for GP’s- For the purposes of delivering the DPO as a Service we would process the data associated with that under contract with the relevant CCG/Provider for GPs as applicable. As part of that we will be receiving special category data and the data processing activities exercised are based on the service contract. We will not be holding any personal or special category data of patients on our hosting environment. The data will be hold and processed through the nhs hosting environment issued as part of the service and we will not process patient data outside that environment.
​
DPO Services - For the purposes of delivering the DPO as a Service contracted directly with us will process the data associated with that under contract with your organistion. As part of that we will be receiving special category data and the data processing activities exercised are based on the service contract. Unless instructed otherwise we will be processing the data safe and secure. We have contracted Microsoft business cloud services with hosting centres in the UK. These are protected by strong controls and authentication.
​
How we use your information
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the tables above.
For example, we may use your personal information to:
-
Provide services as requested by you.
-
Process information in line with employment contracts of our staff.
-
Process data relating to the services provided by our Training Centre.
-
Reply to enquiries you send to us.
-
Where you have specifically agreed to this, send you marketing communications by email relating to our work which we think may be of interest to you.
​
Types of information
The types of information that we may collect or hold on you for marketing purposes include name, address, contact details including email and telephone, event participation, employment, communication preferences. We also hold a log of the communications that we have had or sent to you and your communication preferences.
​
Sources of information
Your information may be sourced directly from you or your representative when you come into to contact with the BJM IG Privacy Ltd & Associates. This information will be captured from enquiries and requests for details.
​
If you prefer that your information is not used in this way, please do let us know by calling 07983 111191 and we will exclude your details from this process.
​
Legal basis for communications
For email and SMS (text messaging), we will only contact you by these means if you have given us explicit permission to do so.
​
When we share your data
We will only pass your data to third parties in the following circumstances:
-
You have provided your explicit consent for us to pass data to a named third party.
-
We are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors
-
We are required by law to share your data.
-
In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.
​
How long we keep your data
We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required. Details on our records retention is outlined in our Records Management Policy.
Rights you have over your data
You have a range of rights over your data, which include the following:
​
-
Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this by emailing bjm@igprivacy.co.uk.
-
You have the right to ask for rectification and/or deletion of your information.
-
You have the right of access to your information.
-
You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.
​​
A full summary of your legal rights over your data can be found on the Information Commissioner’s website: https://ico.org.uk/.
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us by emailing bjm@igprivacy.co.uk.
​
Please note that relying on some of these rights, such as the right to delete your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
​
Cookies and usage tracking
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket and counting the number of people looking at a website. We use Google Analytics for this purpose.
Google Analytics generates statistical and other information about website usage by means of cookies, which are stored on users' computers. The information collected by Google Analytics about usage of our website is not personally identifiable. The data is collected anonymously, stored by Google and used by us to create reports about website usage. Google's privacy policy is available here.
​
Cookies we use -
Essential Cookies
These cookies enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled.
​
Marketing Cookies
These cookies are used to track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests.
​
Functional Cookies
These cookies collect data to remember choices users make to improve and give a more personalised experience.
​
Analytics Cookies
These cookies help us to understand how visitors interact with our website, discover errors and provide a better overall analytics.
For all other cookies your informed consent is required by choosing your preference in the cookie setting pop up banner. However, we also use some cookies that do not collect personal information but that do help us collect anonymous information about how people use our website.
​
Transferring data outside the European Economic Area (EEA)
BJM IG Privacy Ltd & Associates will only transfer personal data outside of the EEA in compliance with Chapter V of the General Data Protection Regulation. Transfers may be made where the Commission has decided that a third country (a country outside the EEA), a territory or one or more specific sectors in the third country, or an international organisation ensures and can demonstrate that individual’s rights are protected by adequate safeguards.
​
How does the BJM IG Privacy Ltd & Associates keep your personal data secure?
BJM IG Privacy Ltd & Associates secures the personal data you provide using cloud services and equipment that are controlled, in a secure environment and protected from unauthorised access, use or disclosure. 
​
Our Third Party suppliers are:
​
-
Microsoft 365 - Their GDPR compliance assurance and privacy policy can be found here.
-
NHS Net where applicable by the service contract- Their Acceptable Use Policy and Privacy Policy can be found here.
-
Quickbook online - Their security compliance assurance and privacy policy can be found here.