The UK’s book industry supply chain organisation

Document last updated 07/11/2022 Version 1.5.

About Book Industry Communication Ltd (BIC)

BIC is an independent, not for profit members’ organisation working at the heart of the UK book industry. Established in 1991, it was founded  by The Booksellers Association, The British Library, The Chartered Institute of Library and Information Professionals and The Publishers Association to promote supply chain efficiency in all sectors of the book world through e-commerce, best practice, training, events, and the application of standard processes and procedures. BIC is governed by a Board of Directors comprised of representatives from member organisations across the entire book industry. 

BIC’s vision is to make the UK book supply chain more efficient and sustainable by developing standards and encouraging their adoption. We define best practice and connect experts and stakeholders to enable measurable innovation.

Visit BIC at www.bic.org.uk  and follow us on Twitter at @BIC1UK

How do we use your information?

BIC recognises that your privacy is important to you and is committed to protecting your privacy online. This privacy notice sets out what information we collect and why and how we use that information.

It applies to personal information we collect about:

Visitors to our website (members and non-members)

We use a third-party service, Kinsta to host the main BIC website. Kinsta’s privacy notice is available to view here: https://kinsta.com/legal/

When someone visits www.bic.org.uk, a third-party service, Google Analytics, is also used to collect internet log information and to follow visitor patterns. By knowing the number of visitors to the various pages, we can improve the website and identify areas of interest. The information is processed in a way which does not identify individuals. If we are collecting personally identifiable information through our website, we will do so using forms that clearly explain what we intend to do with it.

The website uses WordPress as its content management system.

Protection against cyber attack

We use Wordfence as our method of protecting against cyber attacks and permitted under        Art. 6(1)(f) GDPR. Their GDPR statement is here:   https://www.wordfence.com/help/general-data-protection-regulation/

Browser and Device-based Consent

This website uses the Privacy Suite for WordPress by Complianz to collect and record Browser and Device-based Consent. For this functionality, your IP address is anonymized and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, see the Complianz Privacy Statement: https://complianz.io/legal/privacy-statement/.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ . After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

Kinsta’s privacy notice is available to view here: https://kinsta.com/legal/

Filling in forms: Most forms on www.bic.org.uk (for example, application to join a committee), are Word or PDF documents and are for the following purposes: 

Applying to Join a Committee / Board

Information held on this form will be emailed to current members of the committee/board to which you are applying in order that a decision can be made as to your suitability to join. If your application is accepted, your form will remain on BIC’s records electronically and in for the duration of the term that you remain on the committee/board. Upon leaving the committee/board, BIC will delete/destroy your forms from its records within 2 years. If your application is not approved your completed form will be destroyed within one month. The lawful basis under which BIC processes your information in this way is legitimate business interest: we need to ensure that BIC staff and existing committee members can easily view your application, find out more about your professional history and make an informed decision regarding your suitability for sitting on the committee. 

Applying to a BIC Accreditation Scheme

Information held on this form will be emailed to BIC staff and members of the appropriate Accreditation Panel in order in order that a decision can be made with regards accrediting your organisation. BIC will make every effort to ensure that your application information is not shared with organisations on the Accreditation Panel that may be like yours that may be competitors. However, BIC strongly recommends you only detail information on accreditation forms that is already in the public domain. If your organisation is accredited your application form will remain on BIC’s records both electronically and in printed form for two years after which time it will be deleted/destroyed. If your organisation is not successfully accredited your application form will remain on BIC’s records for three years after which time it will be destroyed. We do this in case a representative of your organisation requests to see a copy of the form should they wish to re-apply in the future. They may, for example, want to study the information that was given on prior applications to inform a new application. We will keep a summary record in house of all results of accreditation applications for 10 years to monitor progress both in terms of organisations and also in terms of the efficacy and on-going development of BIC’s accreditation schemes. The lawful basis under which BIC processes your information in this way is legitimate business interest; we need to ensure that BIC staff and accreditation panel members can easily view your application for accreditation, know who to contact in your organisation if more information is required, and make an informed decision regarding your organisation’s suitability for accreditation. We also need to monitor progress both in terms of organisations and in terms of the efficacy and on-going development of BIC’s accreditation schemes

Member’s Checklist Form

This is not on the BIC website, but you will be sent a “Member’s Checklist” form (Word document) when your BIC membership subscription is up for renewal, or when your organisation joins BIC. The lawful basis under which BIC processes your information in this way is legitimate business interest; so that we can keep our basic contact information up to date for your organisation. We will keep a record of your Checklist form for the duration of your organisation’s membership. We will destroy each Member’s Checklist form after two years from the date your organisation may decide to leave BIC membership. 

New Member Application Form

When you/your organisation applies to join BIC, we ask you for your personal details including name and contact details. You may be asked to provide this information to us using our New Member Application Form (a Word document on our website). The lawful basis under which BIC processes your information in this way is legitimate business interest; before accepting your application to join BIC, we need to find out more about you and your organisation, why your organisation wants to join BIC, and the BIC Committees your organisation might be interested in joining. Only BIC staff will have access to this information. Once your application has been processed, BIC staff will notify the Board of Directors that your organisation has joined BIC. The application form will not be shared with these groups. All formats of this completed form will be destroyed 2 years after your organisation leaves membership. 

Other forms on our website include those hosted by MailChimp to sign you up to mailing lists on topics that may be of interest to you. You can view MailChimp’s Privacy Policy here: https://www.intuit.com/privacy/statement/

Social media buttons

Visitors may use these to click through to our pages / accounts on Twitter, Facebook, and/or LinkedIn. These buttons work using scripts from domains outside of BIC and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information and to find out how to opt out, or delete, such information. 

Social Media Contact with BIC

BIC uses Twitter, Facebook and LinkedIn. If you intend to post a comment on our Twitter feed or on our Facebook or LinkedIn pages, Twitter, Facebook and LinkedIn will require you to set up your own account(s). Please review the following privacy notices to see how these 3 social media platforms use your information and to find out how to opt out, or delete, such information:

Direct messages sent to BIC via Twitter, Facebook and/or LinkedIn will be deleted after 2 years.

Please note that BIC’s privacy statement no longer applies once you are on these platforms and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting them. Such platforms are not governed by this privacy statement. Again, please check the respective policies of any such platforms that you choose to visit.

Minutes/meeting notes

BIC runs 5 committees, 1 board, 2 clinics, 3 accreditation panels, and a number of national groups and projects. So, in addition to the Best Practice Guidelines and Standards documents that we host, we will also share minutes/meeting notes from various BIC meetings with attendees of those meetings. We may also share these minutes/meeting notes with other BIC Members upon request should they wish to see them. These are not available to non-members. All BIC board minutes will be shared with BIC’s 3rd party accountant. All minutes/meeting notes will contain a list of who was in attendance, apologies received, and comments made/discussions had by attendees during the meeting, where and when the meeting was held. The lawful basis under which BIC processes your information in this way is legitimate business interest; to help maintain transparency of our work, sharing of our work, to encourage industry collaboration, and governance. All minutes/meeting notes are held centrally in our Drop Box account. You can view Drop Box’s Privacy Notice here: https://www.dropbox.com/privacy .

Links to other websites: Our website may also contain links to other websites that may be of interest to our visitors. However, once you have used these links to leave our site, this privacy statement no longer applies, and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting those sites – such sites are not governed by this privacy statement. Again, please check the respective policies of any such sites that you chose to visit.

Members

BIC collects data about individuals that are employed by member organisations and is the data controller for the information you provide during the membership period unless otherwise stated. The lawful basis under which BIC processes your information in this way is legitimate business interest.
If you have any queries about membership or how we handle your information, please contact us via info@bic.org.uk. To help us identify your query quickly please put “GDPR Data Request” in the subject field of your email. You can also phone us on 020 4551 1570.

What will we do with the information you provide to us?

Data we hold will be used confidentially, and to help us run our services and keep you informed – for example, to collect subscriptions, mail out publications and let you know about conferences, training, projects, deadlines and events; or to fulfil legal or regulatory requirements if necessary. 

We will use the other information you provide to represent the sector, e.g., to compile sector demographics – you would never be identifiable individually, but such information enables us to more effectively advocate for the book industry. We may also use relevant information (e.g., sector or level of membership) to advise you of products and services that may be of interest. 

BIC will not sell, trade, or rent your personal information with other people, companies or organisations without gaining your prior consent to do so. The information you provide will be held securely by us, whether the information is in electronic or physical format. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The lawful basis under which BIC processes your information in this way is legitimate business interest; to deliver our obligations to you/your organisation as you would expect as BIC member.

Joining as a member

When your organisation applies to join BIC, we ask you for your personal details including name and contact details. You may be asked to provide this information to us using our New Member Application Form (a Word document on our website). We will also ask you about your professional details and questions about why you want to join BIC and BIC Committees you might be interested in joining. Only BIC staff or certain consultants contracted by BIC will have access to this information. Once your application has been processed, BIC staff will notify the BIC Board that your organisation has joined BIC. The application form will not be shared with the BIC Board. All formats of this completed form will be destroyed 2 years after your organisation leaves membership. The lawful basis under which BIC processes your information in this way is legitimate business interest; before accepting your application to join BIC, we need to find out more about you and your organisation, why your organisation wants to join BIC, and the BIC Committees your organisation might be interested in joining.

Renewing membership

Depending on your organisation’s sector, BIC membership is valid for one year either from 1st April or 1st September. When it is time for membership renewal BIC will contact you and ask you to complete a Members Checklist form (Word document that is emailed to you) on behalf of your organisation as part of the renewal process. Only BIC staff and certain consultants contracted by BIC, will have access to the details contained within this form and the document will be securely stored electronically. The lawful basis under which BIC processes your information in this way is legitimate business interest; we need to ensure that we have correct key contact information for your organisation i.e., contacts for financial queries, main point of contact for membership communications.

Membership database

Your organisation’s membership information is held by BIC centrally using third party software: Drop Box. Here is a link to their Privacy Notice: https://www.dropbox.com/privacy.

BIC Board, Committees, Task and Finish Working Groups (T&FWG), Clinics, Accreditation Panels, Workshops, National Groups

If you are an individual belonging to a BIC member organisation and you have joined any of the above groups, your contact data (email), may be shared with members of the same group, so that they can remain in touch and share information about their activities. BIC consultants working on behalf of BIC may also be part of that group. Your contact details will not be shared with other BIC members or BIC consultants outside the same group without your prior consent. BIC will hold centrally via Drop Box a database of the above groups showing which individuals sit on which group and to which membership organisation they belong. Information held here will be your full name, email address, organisation name, phone number (if you have provided one), your organisation’s address (if you have provided this). From 25th May 2018 we will also include “date joined” and “date left” for each group. The lawful basis under which BIC processes your information in this way is legitimate business interest; ease of communications within BIC groups. 

Online clinics are hosted on Slack. Here is a link to Slack’s Privacy Notice:  https://slack.com/intl/en-gb/trust/privacy/privacy-policy..

Applying to sit on the BIC Board, a Committee, a Clinic, an Accreditation Panel, a National Group

Except for workshops and projects, when BIC members want to join a BIC group we will ask them to complete an application form (Word document). This form will ask you about your professional details, questions about why you want to join the BIC group and what skillset and experience you can bring to the group. It will also require you to tell us who at your organisation has authorised your application. BIC staff and certain consultants contracted by BIC will have access to all this information. BIC staff will forward your completed form via email onto the relevant group for their consideration. We do this to allow the group in question to make an informed decision with regards approving or rejecting your application. BIC will keep an electronic copy of your application form for the duration of your time on the group. 2 years after you leave the group, your application form will be destroyed by BIC. If your application is not approved your completed form will be destroyed by BIC within one month. The lawful basis under which BIC processes your information in this way is legitimate business interest; to facilitate ease of communications within BIC groups, and the scheduling meetings/conference calls.

Scheduling meetings

BIC needs to be able to efficiently schedule meetings with its many members (and occasionally guests). To help us do this, we use a 3rd party: Doodle.  You can view Doodle’s Privacy policy here: https://doodle.com/privacy-policy.
We delete all Doodle Polls after one year of them being sent.
Please note that BIC’s privacy statement no longer applies once you are on Doodle’s website and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting external sites – such sites are not governed by this privacy statement.

Attending conference calls

BIC uses 3rd party GoToMeetings and Microsoft Teams to facilitate its conference calls and share screens within those calls. You do not need to sign up for a GoToMeetings account to participate. We will never record our conference calls without prior consent from all conference call attendees. 

You can view GoToMeetings’ and GoToWebinar Privacy Policy here: https://www.goto.com/company/legal/privacy/international

You can view Microsoft Teams’ Privacy Policy here: 

https://learn.microsoft.com/en-us/microsoftteams/teams-privacy

Attending webinars

BIC uses 3rd party GoToWebinar to facilitate its webinars.

You can view GoToWebinar’s Privacy Policy here: https://www.goto.com/company/legal/privacy/international

Paying for your membership

We do not accept payment of BIC membership subscription fees by debit/credit card or direct debit, and we do not take payment via our website in any way. All subscription fee payments must be made electronically via bank transfer or by cheque. We keep a record of all our invoices sent and payments received via QuickBooks Online (QBO). Depending on how you have asked us to communicate with your organisation regarding invoice submission and chasing for payment, we may include your personal email address in your organisation’s area on QBO, if you have stated that you are the financial contact for your organisation. The lawful basis under which BIC processes your information in this way is legitimate business interest; to ensure that our financial system reflects current and accurate contact information for your organisation.
You can view QBO’s Privacy Policy here: https://quickbooks.intuit.com/uk/privacy-policy/

Registrations for events or training (members and/or non-members)

If registering for a BIC event or BIC training, additional information such as dietary or access requirements may be collected but will only be used for that particular event. The lawful basis under which BIC processes your dietary and access requirements information in this way is legitimate business interest; we want to understand both requirements for the event you are attending to help ensure we give you the best possible experience. 

You may also be asked at the time of registering for the event to consent to photographs and/or recordings of the event being taken and if you consent to an attendees list detailing your full name and job title to be given to the event Sponsor(s), trainer, and/or other attendees. The lawful basis under which BIC processes your information in this way is consent; we want to ensure we have your permission ahead of any event for recordings and photographs and that you are happy for us to list your full details on attendees lists for that event or training course for the purposes stated above.

We use a third party, Eventbrite to publish and host event details and collect payment for tickets for us.  

Eventbrite’s Privacy Notice can be viewed here: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB 

Please note that BIC’s privacy statement no longer applies once you are on Eventbrite’s website, and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting Eventbrite to register for events. Eventbrite’s site is not governed by this privacy statement. Again, please check the respective policies of any external sites that you choose to visit.

Attendees’ lists: BIC will give attendee/delegate lists to its trainers, other attendees and event sponsor(s). These lists will detail your full name, job title and organisation. When you register for an event or a training course you will be asked to tick a box confirming your consent for us to include your full name on the attendees/delegates list. The lawful basis under which BIC processes your information in this way is consent; we want to ensure we have your permission ahead of any event to list your full details on attendees lists for that event or training course for the purposes stated above.

Attendee/delegate lists that we create in-house at BIC will be destroyed after 5 years. The lawful basis under which BIC processes and stores your information in this way is legitimate business interest; we keep your information for this period of time to monitor attendance rates and types of attendees (which sector, organisation etc) at events and training courses, and to also improve our services to you. 

Training: BIC uses third parties to deliver training courses for BIC members and non-members.  Those trainers may be given the names, email addresses, job titles and organisations of the individuals attending the course they are delivering. The lawful basis under which BIC processes your information in this way is legitimate business interest; so that our trainers can create attendance registers for their own use, to facilitate learning and to ensure each training course runs as smoothly as possible.  The personal details given to our trainers by us, will only ever be used for the course being delivered and any required follow up by the trainer (e.g., assessment results) and once the course has fully ended, trainers are instructed not to retain or use those details for any other purpose.

Trainers: We will ask our trainers to provide us with their own professional information and their head shot image/photo for the purposes of marketing BIC’s training courses. The lawful basis under which BIC processes trainers’ information in this way is legitimate business interest; to help promote and sell our training courses this information will appear in our marketing mailings, on our website, and we may use social media to point to this information too. This information will be stored securely by BIC and will be destroyed 2 years after the trainer has ceased working for us.

Invoices received from our trainers will be held securely (electronically and physically (where appropriate)) for 7 years after which time they will be destroyed. The lawful basis under which BIC processes this information is contract; BIC needs to be able to pay its trainers in accordance with the terms agreed. Copies may also be given to our accountants for the purposes of year-end financial reporting to HMRC and Companies House. Our accountant is Cheesman’s and their Privacy Policy can be viewed here: https://cheesman.co.uk/privacy-notice/

Photos: We may from time to time wish to take photos at our events either ourselves, or by using a 3rd party photographer. All events at which we will do this, will have a consent box for you to tick when you are registering for the event. When we take photos at our events we do so for the purposes of promoting our events both on our website and via social media. We may from time to time include them in BIC marketing materials such (but not limited to) as our general brochure (electronic and printed formats), any re-branding of our website that we may undertake. The lawful basis under which BIC processes your information in this way is consent; we want to ensure we have your permission ahead of any event for any photographs that we may take for the purposes already listed in this paragraph. These photos will be stored securely by BIC and will never be sold, traded, or rented without gaining your prior consent to do so. We cannot however be held responsible for any 3rd parties lifting photos from our website, brochures and/or social media. Any 3rd party photographer we use will need to demonstrate that they are GDPR compliant and will be instructed not to retain these photos for any purpose without our prior written consent. 

Recording (audio and/or video): We may from time to time wish to record our events. All events at which we will do this, will have a consent box for you to tick when you are registering for the event. The lawful basis under which BIC processes your information in this way is consent; we want to ensure we have your permission ahead of any event for recordings.

Some events may be recorded and transmitted live via Twitter (for example BIC Breakfasts) using the Twitter’s Media Studio. You can view Twitter’s Privacy policy here: https://twitter.com/en/privacy.

We will edit and upload our recordings to our YouTube channel here: https://www.youtube.com/channel/UCEbQhwp9eweNkfBY1Ln0rTQ .

YouTube is a Google subsidiary and you can view Google’s Privacy Policy here: https://policies.google.com/privacy?hl=en-GB&gl=uk.

We cannot prevent YouTube, or other external domains, from collecting information on your usage of this content. If you are not logged in to these external services then they will not know who you are, but are likely to gather anonymous usage information e.g., number of views, plays, loads etc.

Attendee lists for 3rd party venues: When not held in-house, we may from time to time need to provide a list of all attendees for a BIC event, meeting or training course to comply with a 3rd party venue’s security policy. The lawful basis under which BIC processes your information in this way is consent; we want to ensure we have your permission ahead of any event for passing this information on. We will not pass on your contact information without your prior written consent. We will destroy the attendees list from our in-house records within two years of the event and instruct the 3rd party venue to delete immediately after the event has ended.  

Speakers at BIC events: We will ask speakers at our events to provide professional information about themselves and a headshot image that we can use in our speaker information sheets and our programme, or agenda for the event. The lawful basis under which BIC processes speaker information in this way is legitimate business interest; we want to ensure we have sufficient marketing material to promote the event to the book industry effectively. We will use this information and the head shot image/photo for the purposes of marketing the event concerned. This information and content will appear in our marketing mailings (using MailChimp), on our website, on Eventbrite, and we may use social media to point to this information too. This information will be made publicly available and will stay on our website for a maximum of 10 years as visitors to our website may find a library of our past events and speakers of interest, particularly when deciding whether to attend a future event or not. BIC will destroy any files it has pertaining to this information 20 years after the event. The lawful basis under which BIC stores this information for 20 years is legitimate business interest; we keep this information on our files to monitor the development of our events programme and to keep a record of past speakers in the event that we may want to contact them to speak at a future event. We cannot however be held responsible for any 3rd parties lifting photos or information from our website, Eventbrite or social media.

You can view the Privacy Policies of MailChimp, Eventbrite and the social media platforms that we use here: 

Please note that BIC’s privacy statement no longer applies once you are on any of the above websites or platforms and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting those sites or platforms. Such sites and platforms are not governed by this privacy statement. Again, please check the respective policies of any such sites and platforms that you choose to visit.

Event and training feedback forms: For most of its events and all its training courses BIC will distribute electronic feedback forms which we would like as many attendees as possible to complete. These can be completed and submitted on the day or after the event. Unless you have indicated otherwise in the feedback form we will not share your personal details or contact information with the event speakers or the trainers. However, we will pass on anonymised forms and feedback so that they can develop their training and presentations. We will securely store your completed forms for 20 years to help us improve our services to you and the book industry over time. We may use aggregated statistics gained from these feedback forms in our marketing materials, on our website, on social media and in our mailings to help promote future events and training courses. We will create and keep such summary information for 20 years, the legal basis for which is legitimate business interest; for the purpose of promoting, monitoring, analysing and improving our events. 

Training assessments: Some of our training courses require the attendees to be assessed by our trainers. You will be given an assessment form either in printed or electronic format to complete and submit to your trainer on the day of your training course. You will need to complete and submit the form before you leave the course, or very shortly afterwards. 

The trainer will assess your suitability for a Certificate of Achievement and report to BIC on who is and isn’t eligible. The trainer will give your completed assessment form to BIC and we will store it securely for 5 years after which time it will be destroyed. We will keep a central summary record of who has gained certification for which course for a period of 5 years. This summary information will only be shared with your employer upon their request and with BIC staff. The lawful basis under which BIC processes your information in this way is legitimate business interest; on some of our training courses we promise employees to assess trainees, and so we need to ensure we can refer back to results when/if asked. 

People who complete polls and surveys (BIC members and/or non-members)

We will periodically carry out book industry relevant surveys using 3rd parties: SurveyMonkey or Formstack. Being external sites to BIC, it is likely that Survey Monkey and Formstack sites will collect their own information e.g., anonymous usage information about what you are doing. 

Survey Monkey’s privacy notice can be viewed here: https://www.surveymonkey.co.uk/mp/legal/privacy/

Formstack’s privacy notice can be viewed here: 

https://www.formstack.com/legal/website-privacy-policy

When collating and reporting on the results of surveys BIC will ensure the identities of respondents are treated as confidential and will only be used for research or report generating purposes.  

The exception to this may be some training courses where we are collecting information from you ahead of the course date with regards what you hope to get from the course. We will pass this information on to the course trainer but will reveal your name only with your prior consent. The lawful basis under which BIC processes your information in this way is legitimate business interest; so that our trainers can ensure the course addresses your needs/expectations, to facilitate learning. We will not share your contact details with any trainers without your prior consent. 

We may occasionally carry out market research with our members and non-members regarding the member services and benefits we currently offer or may wish to offer in future. The lawful basis under which BIC processes your information in this way is legitimate business interest; so that we can ensure we are providing a good membership service. 

For each survey the purpose(s) will be stated on the questionnaire and participation is always voluntary. The information you provide will always be processed by BIC in accordance with the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

Emails that we send (to members and non-members)

BIC uses a 3rd party provider, MailChimp to deliver most of our email marketing campaigns, although some notifications will also come from regular BIC staff emails.  On the “Join our Mailings Lists” page of our website you will see options to join various mailing lists depending on whether you are a BIC member or not and depending on what you think would be most appropriate and useful for your interests/purposes. This list is not exhaustive, but such mailing lists may include information about membership benefits, monthly newsletters, communications from member groups/committees/projects that you have joined (or are simply interested in), events and training. Once you have subscribed you will be able to unsubscribe yourself at any time.

You can view MailChimp’s Privacy Policy here: https://mailchimp.com/legal/privacy/

Emails that you receive from us via MailChimp are tracked so that we can tell if the recipient has opened and clicked on the email. This is to help us understand open and click rates to try and improve our emails to you. Sometimes we do use the personal information e.g., to re-email people who haven’t opened emails. If you want to be sure that none of your email activity is tracked, then you should unsubscribe from all BIC email correspondence.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They allow the website to remember who you are. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. 

You have the ability to accept or decline cookies by modifying the settings in your browser. You can also manually remove cookies from your system. You can view our Cookie Policy here:  https://bic.org.uk/cookie-policy-uk

  

Controlling your personal information

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

You have rights as an individual which you can exercise in relation to the information BIC holds about you – read more https://ico.org.uk/your-data-matters/.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of BIC’s collection and use of personal information. However, we are happy to provide any additional information or explanation if needed. Any requests for this should be sent to the address below or by emailing info@bic.org.uk To help us identify your query quickly please put “GDPR Data Request” in the subject field of your email. You can also phone us on +44 (0) 204 551 1570.

If any of your personal details are incorrect, please write to us using the email and instructions above or call us so that we can make any corrections promptly. You can also write to us at the address below. Individuals from BC member organisations are asked to review their data at least once a year on renewal. 

If you want to make a complaint about the way BIC has processed your personal information, you can contact the ICO in the UK as the statutory body which oversees data protection law – https://ico.org.uk/make-a-complaint/.

Access to personal information: Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018 (DPA 2018). If we do hold information about you, we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form. 

To make a request to BIC for any personal information we may hold you need to put the request in writing addressing it to Subject Access Requests, at BIC, 4 Aztec Row, Berners Rd London. N1 0PW. 

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. However, you may want us to provide the information to you in writing which we will be happy to do. 

Identity and contact details of controller and processor: BIC is the controller and processor of data for the purposes of the DPA 2018 and GDPR. BIC may change this policy from time to time by updating this document. You should check this document from time to time to ensure that you are happy with any changes. This policy was last updated 7th November 2022.