We have updated our Privacy Notice to comply with the General Data Protection Regulations that come into force in May 2018.
You can download our new notice in full here:
BNL Privacy Notice
BNL (UK) Limited Privacy Notice
Effective from May 25th 2018
At BNL (UK) Limited we are committed to protecting the privacy and security of your personal information. This privacy notice aims to inform you on how BNL (UK) Limited collects and processes your personal data through your use of our website and during and after the supply of products or use of any of the services provided by us and our group companies.
This notice applies to companies & individuals who use our website or who buy or use any of our products and / or services.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
BNL (UK) Limited is the data controller in respect of data submitted through this website and given to us by yourself in the course of enquiring into and purchasing goods and services. We are required under data protection legislation to notify you of the information contained in this privacy notice.
BNL (UK) Limited (Company Number: 2668025) are part of the Synnovia plc group of companies, whose Registered Office is at Room 1.1 London Heliport Bridges Court Road London SW11 3BE. Our postal address is Manse Lane, Knaresborough, HG5 8LF.
What Information Do We Collect and When?
Personal data, or personal information, means any information about an individual that can identify that person, for example, your name and email address, or other contact details. The personal information we collect about you will depend on how you enquire about our products and services and if you decide to purchase goods or services from us.
We collect personal information about you through:
- Direct interactions. You may give us your Identity and Contact information when you use our website, make contact with us at an event, when you purchase our products and services and during the sales process.
- Third-party data. We sometimes receive contact data from our partners, entities within our group or others sources.
We may collect additional personal information in the course of performing our contract with you and in providing our products and services to you.
You do not have to give us any personal information in order to use most of this website. However, if you wish to request further information, make an enquiry, download documentation or register for a newsletter we will collect the following personal information from you:
- Identity Data including name, company name, phone number, website and email address
If you email or telephone us, we may also collect the following personal information from you.
- Identity Data including name, job title, company name, address, phone number, website and email address
In the course of a business transaction, we will collect, store, and use the following categories of personal information about you, where applicable, as follows:
- Identity Data: including your name, job title, company name, address, phone number, website and email address and in some cases Skype or other online communication application contact data
- Contact Data: including addresses, telephone numbers, and personal email addresses `
- Financial Data: should you order and goods and services from us. This includes you or your company’s bank account details, debit or credit card information, where necessary a business credit rating information and other banking information
- Transaction Data: including you or your company’s billing history, email exchanges, products and services you use and anything else relating your account
- Profile Data: specifically related to the industry or industries you or your company are engaged in and the products or services you enquire about or purchase from us
- Marketing and Communications Data: including your preferences in receiving marketing from us and your communication preferences
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Why do we process your personal information?
We only process your personal information when the law allows us to. This will usually be for one or more of the following lawful basis’:
- Performance of Contract – processing is necessary for the performance of a contract to which to which you are a party or in order to take steps necessary steps prior to entering into a contract
- Where we have a Legitimate Interest – in the interest of conducting and managing our business and providing you with information and products to enable the best service provision to you as possible. We ensure we only process information in appropriate instances in ways you would reasonably expect, which have a minimal privacy impact and where there is justification to do so. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- To comply with a legal or regulatory obligation – processing is necessary for compliance with a legal obligation to which we are subject, for example, financial regulations on retaining transaction records for a period of time.
- Where we have your consent – where you have freely given a specific, informed and clear indication by a statement or by clear affirmative action, that allows us to the process of your personal data.
- Where we need to protect vital interests – where it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person
- Where it serves a public interest – processing is necessary for the performance of a task carried out in the public interest.
You can learn more about the lawful basis for processing data on the ICO website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
How we use your personal information
There may be some overlap or several grounds which justify the use of your data. Please see examples below:
We may use your Identity, Contact, Technical and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us if you have requested information or downloaded documentation from us, made enquiries into our products and services or purchased products or services from us and if you have not opted out of receiving marketing information from us.
You can ask us to stop sending you marketing messages at any time by using the opt-out or preferences links on marketing messages we send you or by contacting us at any time. Contact details are below.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Do we share your data?
We use third party service providers of CRM (Customer Relationship Management) software and ERP (Enterprise Resource Planning) software. We require our third-party service providers to be committed to the security of your data and take appropriate security measures to ensure it is protected. We do not allow our third-party service providers to use your personal data for their own purposes.
We will only share your personal information with third parties when we are required to do so by law or for the purposes of fulfilling our contract with you.
We will share your personal information with other entities in our group if required as part of a business reorganisation or group restructuring exercise, part of the sales process or project process or for the purposes of fulfilling our contract with you.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
We will not transfer your personal information outside the EU.
How we secure your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long we keep your information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for and for the purposes of satisfying any legal, accounting, or reporting requirements. As we have a long project and sales process due to the nature of our business and products and services provided, we will retain all personal data related to a business enquiry, project, or sale of goods or services, for up to seven years.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
Under certain circumstances, by law you have the right to:
- Request access to your personal data using a ‘data subject access request’: receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request rectification of the personal data that we hold about you: have any incomplete or inaccurate detail we hold about you corrected.
- Request erasure of your personal information: ask us to delete personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information: You have the right to object to us processing your personal information for a particular purpose under legitimate interest. You also have the right to object where we are processing your personal information for direct marketing purposes. You can ask us to delete your information within your objection.
- Request the restriction of processing of your personal information: ask us to stop processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information: request that we transfer a copy of your personal information to yourself or another party. This will be provided in an easily accessible, readable format.
Contact us to action any of the above requests at:
T: 01423 799200
BNL (UK) Limited
You will not have to pay a fee to access your personal information or exercise your rights as above.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Your Right to Withdraw Consent
If you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at firstname.lastname@example.org.
Once we have received your request to withdraw your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If You Do Not Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract and/or service you have requested form us, such as supplying you with our products. If this happens, we will notify you that we cannot fulfil your request and why.
Our site may contain links to other websites over which we have no control. We are not responsible for privacy policies or practices of other websites if you choose to link to them from this site. Please review the privacy policies of these other websites to understand how they collect, use and share personal information.
If you have any questions about this privacy notice or how we handle your personal information, please contact us at email@example.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).