We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
We have appointed a Data Protection Officer (DPO), and the email address for the DPO’s office is [email protected].
The DPO’s office can be contacted by post (marked for their attention) at BCA, Headway House, Crosby Way, Farnham, Surrey, United Kingdom, GU9 7XG, telephone: +44 (0)1252 721200.
When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:
We may collect, use, store and transfer different kinds of personal information about you, including:
Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data is known as ‘special category’ data.
We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.
We may also collect personal information about you from third parties or publicly-available sources, such as:
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Particular purposes for which we will use your personal information, and the legal basis for that use, are as follows:
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the4original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Without your personal information, we cannot register you or your organisation (as the case may be) as a new customer. That means that we will be unable to provide you or your organisation with any products or services.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
All information you provide to us is stored on our secure servers in the European Economic Area.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
If you wish to exercise any of your legal rights, please contact our DPO’s office by writing to the address at the top of this policy, or by emailing us at [email protected].
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
A cookie is a small text file that stores Internet settings. The cookie is downloaded by your Internet browser the first time you visit a website.
Some cookies are extremely useful because they can improve your user experience when you return to a website you have already visited. This assumes that you are using the same device and the same browser as before; if so, cookies will remember your preferences, will know how you use the website, and will adapt the content you are shown so that it is more relevant to your personal interests and needs.
There are four categories of cookie: strictly necessary cookies, performance cookies, functional cookies and marketing cookies.
While you can completely disable some cookies in your browser at any time, it is important to note that if you change your settings and block certain cookies, you will not be able to take full advantage of some features of our site.
Cookies that are essential, also known as ‘strictly necessary’ cookies, enable features without which you would not be able to use the website as intended. These Cookies are only saved on your computer while you are actually browsing the website and for the duration of the session. Strictly necessary cookies cannot be disabled.
You can ask us to stop sending you communications at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you.
We do not use automated decision-making processes.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Any changes we make to our policy in the future will be posted on our website.
1
INTRODUCTION
We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During
the course of our activities we will collect, store and process personal information about our
customers, suppliers and other third parties, and we recognise that the correct and lawful
treatment of this data will maintain confidence in the organisation and will provide for successful
business operations.
This policy sets out the basis on which any personal information we collect from you, or that you
provide to us, will be processed by us. Please read the following carefully to understand our
views and practices regarding your personal information and how we will treat it.
We are a member of the BCA group of companies (the BCA Group), and our ultimate parent company is
BCA Marketplace Limited (registered in England and Wales under company number: 09019615). For more
details about BCA Marketplace Limited and the BCA Group,
please visit www.bcamarketplace.com. This privacy notice is issued on behalf of the
BCA Group so when we mention "we", "us" or "our" in this privacy notice, we are referring to
the relevant company in the BCA Group responsible for processing your data. BCA Italia srl is the
controller and responsible for this website.
We have appointed a Data Protection Officer (DPO), and the email address for the DPO’s office is
DPO-
The DPO’s office can be contacted by post (marked for their attention) at BCA, Headway House,
Crosby Way, Farnham, Surrey, United Kingdom, GU9 7XG, telephone: +44 (0)1252 721200.
DATA PROTECTION PRINCIPLES
When processing your information, we must comply with the six enforceable principles of good
practice. These provide that your personal information must be:
• processed lawfully, fairly and in a transparent manner,
• processed for specified, explicit and legitimate purposes,
• adequate, relevant and limited to what is necessary,
• accurate and kept up-to-date,
• kept for no longer than is necessary, and
• processed in a manner that ensures appropriate security.
INFORMATION YOU GIVE TO US
We may collect, use, store and transfer different kinds of personal information about you,
including:
• Identity Data, such as your name, marital status, title, date of birth, gender,
• Contact Data, such as your home address, email address and telephone numbers,
• Financial Data, such as bank account details,
• Document Data, such as your vehicle registration document, and copies of
your driving licence, passport, utility bill and other documents that verify your identity,
• Transaction Data, including details about payments to and from you, and
other details of products and services you purchase from us,
• Company Data, including the name of the organisation you represent, and that
organisation’s Contact Data, Financial Data and Transaction Data,
• Technical Data, including IP addresses, your log-in data, browser type and version,
time-zone setting and location, browser plug-in types and versions, operating system and platform
and other technology on the devices you use to access our website,
• Profile Data, such as your username, password, purchases or orders made
by you, your interests, preferences, feedback and survey responses,
• Usage Data, including information about how you use our website, products and
services, and
• Marketing Data, such as your preferences in receiving marketing from us and our
third parties, and your communication preferences.
‘SPECIAL CATEGORY’ DATA
Information relating to your racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual
orientation, or certain types of genetic or biometric data is known as ‘special category’ data.
During the course of dealing with you, we do not expect to collect any ‘special category’ data
about you.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We may obtain personal information by directly interacting with you, such as:
• creating an account on our website,
• entering into an agreement with us for products or services,
• subscribing to our services or publications, or otherwise requesting marketing
material to be sent to you, or
• corresponding with us by phone, email, letters or otherwise.
We may obtain personal information via automated technology when you interact with our website by
using cookies, server logs and other similar technologies.
We may also collect personal information about you from third parties or publicly-available
sources, such as:
2
• public bodies and regulatory authorities,
• analytics providers (such as Google),
• advertising networks,
• search information providers, and
• providers of technical, payment and delivery services.
THE LEGAL BASIS FOR OUR USE OF YOUR PERSONAL INFORMATION
We will only use your personal information when the law allows us to. Most commonly, we will use
your personal information in the following circumstances:
• you have given us consent,
• we need to perform a contract we are about to enter into, or have entered into, with
you,
• where it is necessary for our or a third party’s legitimate interests, and your
interests and rights do not override those interests, or
• where we need to comply with a legal or regulatory obligation.
Particular purposes for which we will use your personal information, and the legal basis for that
use, are as follows:
Purposes for which we will use the information you give to us
Legal basis
Where you are acting as a representative of an organisation, then to register that organisation as
a new customer
It will be necessary for our legitimate business interests, namely with a view to providing
products and services to your organisation
Where you are acting as a representative of an organisation, to process your instructions and, if
accepted, to provide products and services to your organisation (including managing payments, fees
and charges)
It will be necessary for our legitimate business interests, namely with a view to providing
products and services to your organisation
To obtain further information about you and/or your organisation
It will be necessary for our legitimate business interests, namely to ensure we are fully aware of
all issues relating to the products and services we are providing
We will only use your personal information for the purpose(s) for which we collected
it, unless we reasonably consider that we need to use it for another reason and that reason is
compatible with the
3
original purpose. If we need to use your personal information for an unrelated purpose, we will
notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in
compliance with the above rules, where this is required or permitted by law.
IF YOU CANNOT OR WILL NOT PROVIDE US WITH YOUR PERSONAL INFORMATION
Without your personal information, we cannot register you or your organisation (as the case may be)
as a new customer. That means that we will be unable to provide you or your organisation with any
products or services.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with the parties set out below:
• public bodies and regulatory authorities,
• other companies within the BCA Group,
• other personnel within your organisation, or any other organisation that is party to
or otherwise has a legitimate interest in the agreement between us and your organisation,
• providers of IT and system administration services to our business,
• our professional advisers,
• analytics and search engine providers that assist us in the improvement and
optimisation of our website, and
• third parties to whom we may choose to sell, transfer, or merge parts of our
business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.
If a change happens to our business, then the new owners may use your personal information in the
same way as set out in this policy.
We require all third parties to respect the security of your personal information and
to treat it in accordance with the law. We do not allow our third-party service
providers to use your personal information for their own purposes and only permit them
to process your personal information for specified purposes and in accordance with our
instructions.
KEEPING YOUR PERSONAL INFORMATION SECURE
While we operate within the UK and EU, your personal data may be transferred to (or stored by)
carefully selected third party service providers that we work with, located in countries outside of
the UK or EU. Where this is the case, we ensure that appropriate safeguards are in place for that
transfer and storage as required by applicable data protection law. If you would like more
information about the storage of your data, or the safeguards that are in place to protect your
data, please contact our DPO office using the details in the section of this notice headed
“Introduction”.
4
We have put in place appropriate security measures to prevent your personal data from
being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In
addition, we limit access to your personal data to those employees, agents, contractors and other
third parties who have a business need to know. They will only process your personal data on our
instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you
and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WE WILL STORE YOUR PERSONAL INFORMATION
The length of time that we will store your data will depend on the ‘legal basis’ for why we are
using that data, as follows:
Legal basis Length of time
Where we use/store your data because it is necessary for the performance of the contract between
you and us
We will use/store your data for as long as it is necessary for the performance of the contract
between you and us
Where we use/store your data because it is necessary for us to comply with a legal obligation to
which we are subject
We will use/store your data for as long as it is necessary for us to comply with our legal
obligations
Where we use/store your data because it is necessary for our legitimate business interests
We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why
we are using/storing your data overrides your interests, rights and freedoms, then we will continue
to use and store your data for as long as it is necessary for the performance of the contract
between you and us (or, if earlier, we no longer have a legitimate interest in using/storing your
data)
Where we use/store your data because you have given us your specific, informed and unambiguous
consent
We will use/store your data until you ask us to stop
To determine the appropriate retention period for personal information, we consider the amount,
nature and sensitive of the personal information, the potential risk of harm from unauthorised use
or disclosure of your personal information, the purposes for which we process your personal
information and whether we can achieve those purposes through other means, and the applicable legal
requirements.
YOUR RIGHTS
You have various legal rights in relation to the information you give us, or which we collect about
you, as follows:
5
• You have a right to access the information we hold about you, together
with various information about why and how we are using your information, to whom we may have
disclosed that information, from where we originally obtained the information and for how long we
will use your information.
• You have the right to ask us to rectify any information we hold about you that is
inaccurate or incomplete.
• You have the right to ask us to erase the information we hold about you (the ‘right
to be forgotten’). Please note that this right can only be exercised in certain circumstances and,
if you ask us to erase your information and we are unable to do so, we will explain why not.
• You have the right to ask us to stop using your information where: (i) the
information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii)
we no longer need to use the information; or (iv) we do not have a legitimate reason to use the
information. Please note that we may continue to store your information, or use your information
for the purpose of legal proceedings or for protecting the rights of any other person.
• You have the right to ask us to transmit the information we hold about you to
another person or company in a structured, commonly-used and machine-readable format. Please note
that this right can only be exercised in certain circumstances and, if you ask us to transmit your
information and we are unable to do so, we will explain why not.
• Where we use/store your information because it is necessary for our
legitimate business interests, you have the right to object to us using/storing your information.
We will stop using/storing your information unless we can demonstrate why we believe we have a
legitimate business interest which overrides your interests, rights and freedoms.
• Where we use/store your data because you have given us your specific,
informed and unambiguous consent, you have the right to withdraw your consent at any time.
• You have the right to object to us using/storing your information for direct
marketing purposes.
If you wish to exercise any of your legal rights, please contact our DPO’s office by writing to the
You will not have to pay a fee to access your personal data (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive
or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure
your right to access your personal data (or to exercise any of your other rights). This is a
security measure to ensure that personal data is not disclosed to any person who has no right to
receive it. We may also contact you to ask you for further information in relation to your request
to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer
than a month if your request is particularly complex or you have made a number of requests. In this
case, we will notify you and keep you updated.
6
COOKIES AND HOW WE USE THEM
What is a Cookie?
A cookie is a small text file that stores Internet settings. The cookie is downloaded by your
Internet browser the first time you visit a website.
Some cookies are extremely useful because they can improve your user experience when you return to
a website you have already visited. This assumes that you are using the same device and the same
browser as before; if so, cookies will remember your preferences, will know how you use the
website, and will adapt the content you are shown so that it is more relevant to your personal
interests and needs.
Types of Cookies
There are four categories of cookie: strictly necessary cookies, performance cookies, functional
cookies and marketing cookies.
• Strictly necessary cookies are essential in order to enable you to move around the
website and use its features. Without these cookies, some services cannot be provided – for
example, remembering previous actions when navigating back to a page in the same session.
• Performance cookies gather information about how a website is used – for example,
which pages a visitor frequently visits. These cookies do not save personal information or
information that would allow the user to be identified. These cookies are used exclusively to
improve the performance of the website, and with it the user experience.
• Functional cookies enable a website to save information which has already been
entered (such as user names, language choices, and your location), so that it can offer you
improved and more personalised functions. These cookies collect anonymous information and cannot
track your movements on other websites.
• Marketing cookies are used to deliver adverts and other communications more relevant
to you and your interests. They are also used to limit the number of times you see an advertisement
and to help measure the effectiveness of advertising campaigns.
Managing the use of Cookie settings on this website
While you can completely disable some cookies in your browser at any time, it is important to note
that if you change your settings and block certain cookies, you will not be able to take full
advantage of some features of our site.
Cookies that are essential, also known as ‘strictly necessary’ cookies, enable features without
which you would not be able to use the website as intended. These Cookies are only saved on your
computer while you are actually browsing the website and for the duration of the session.
Strictly necessary cookies cannot be disabled.
7
8
OPTING OUT OF RECEIVING COMMUNICATIONS
You can ask us to stop sending you communications at any time by logging into the
website and checking or unchecking relevant boxes to adjust your marketing preferences or by
following the opt-out links on any marketing message sent to you.
AUTOMATED DECISION-MAKING
We do not use automated decision-making processes.
LINKS TO OTHER WEBSITES
Our website may include links to third-party websites, plug-ins and applications. Clicking on those
links or enabling those connections may allow third parties to collect or share data about you. We
do not control these third-party websites and are not responsible for their privacy statements.
When you leave our website, we encourage you to read the privacy notice of every website you visit.
CHANGES TO OUR POLICY
Any changes we make to our policy in the future will be posted on our website.