Protecting your personal data is important to us.
In this Privacy Policy (“Policy” or “Notice”) we explain how we use your personal data, your rights, and the choices you can make about the way your information is used.
This Privacy Policy is provided by the British Association of Brain Injury & Complex Case Management (“BABICM”, “we” or “us”).
We are a ‘controller’ for the purposes of the Data Protection Laws that apply to you. This Privacy Policy applies to individuals who use (or are prospective users of) any of our services (including membership, events, updates on news in the brain injury world, and bespoke training programmes for case managers), individuals participating in or otherwise related to any events including speakers, website users and any other individuals whose personal data has been provided to us in connection with any BABICM product or services, and any third parties related to the services mentioned in this Policy.
BABICM is based in the United Kingdom. Our address is:
Suite 8F, Phoenix House, 100 Brierley Street, Bury. BL9 9HN
For data protection matters you can contact us at secretary@babicm.org .
We are registered with the ICO as a fee payer, registration number ZA195878.
BABICM will make this Notice available in another format (for example: audio, large print, braille), upon request.
We recommend you familiarise with the following words, which have particular meanings in the Data Protection Laws and are used throughout this Privacy Policy:
Term |
Definition |
controller | This means any person who determines the purposes for which, and the manner in which, any personal data is processed. |
criminal offence data | This means any information relating to criminal convictions and offences committed or allegedly committed. |
Data Protection Laws | This means the laws which govern the handling of personal data. This includes the UK General Data Protection Regulation, the Data Protection Act 2018 and any other national laws related to data protection. |
data subject | The person to whom the personal data relates. |
ICO | This means the UK Information Commissioner’s Office which is our supervisory authority responsible for implementing, overseeing and enforcing the Data Protection Laws. |
personal data | This means any information from which a living individual can be identified.
This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone, but which would identify them if put together with other information which we have or are likely to have in the future. |
processing | This covers virtually anything anyone can do with personal data, including:
obtaining, recording, retrieving, consulting or holding it; |
processor | This means any person who processes the personal data on behalf of the controller. |
special categories of data, or “sensitive” data | This means any information relating to:
racial or ethnic origin; |
WHAT PERSONAL DATA DO WE COLLECT?
Information provided by you
We collect the following information from you:
Personal information provided by third parties
We collect other information from the cookies and tracking tools we use, such as the type of browser you are using, the type of operating system you are using, and the domain name of your internet service provider.
Please see our Cookies Policy on our website for more information.
WHY DO WE PROCESS YOUR PERSONAL DATA?
We use your personal data:
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?
We are allowed to process your personal data based on:
Legitimate Interests
We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of BABICM. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table below explains the personal data processed on this basis.
Personal data | Legitimate Interests |
Personal data related to members, prospective members, subscribers, and individuals attending events that are used for any marketing or promotion purposes; | It is on our legitimate interest to carry out marketing and promotion campaigns of BABICM services. |
Personal data related to members, to be shared with other members | Access to contact information of other BABICM members and event attendees when this is a key benefit of BABICM membership. As a benefit to members, personal data related to members and event attendees may be shared with other members and event attendees. |
Special category of personal data voluntarily made manifestly public by you (see “Data manifestly made public” in the “special categories of data” paragraph below). |
|
You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.
Contract
BABICM may process your data to the extent it is necessary for our performance of the contract you have agreed to enter with us.
Legal obligation
We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.
Consent
Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
Special categories of data
We are allowed to process your special categories of personal data on the following legal basis:
Data manifestly made public
Although this sounds like your data is on “the public domain and shared with the public as a whole, it does not mean such thing. When you voluntarily provide BABICM with data related to you for us to deal with any special requirements you may have, for example when attending our annual conference, you are providing this information to our organisation as a whole, and your sensitive data will be used by those staff members, volunteers, or members who needs to deal with your request or preference Since we are an organisation (as opposed to a private, household environment), when you give us your information it is considered that you are making this data sufficiently public in a way that you allow us to use if for the purposes you request or expect us to do. Of course, we will keep this data secure, and it will only be processed by those who need to know.
Legal claims
We need to process your personal data if necessary to defend or establish a legal claim.
Consent
We may use your sensitive data if you give us your consent. If so, you we will gather this consent separately and you will always have the right to withdraw the consent at any time.
WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?
We use third party providers in connection with the provision of our services (e.g., IT and cloud service providers). If you would like to know the names of our service providers, please contact us using the details at the start of this Privacy Policy.
We also share your personal data with BABICM members if you raise a complaint against a BABICAM advanced member, to seek their views and handle the complaint.
We will also share your personal data with legal advisers, the police, other law enforcements or regulators where we are required or allowed by law to do so.
We do not sell your information to third parties
We do not share your information with third parties for marketing purposes.
Transfers of your personal data outside the United Kingdom
Because of the services providers we use, your personal data is processed from locations that are out of the UK INCLUDING THE United States or other territories that are not considered as offering an adequate level of protection to the personal data. E take steps for these processing activities to be carried out in compliance with the Data Protection Laws. For example, we consider what safeguards need to be agreed with each provider, and we negotiate the implementation of suitable mechanisms like the implementation of International Data Transfers Agreements that are approved by the ICO.
How we keep your personal data secure
We strive to implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
Employees, volunteers and contractors of BABICM who have access to personal data are required to protect this information in a manner that is consistent with this Notice by, for example, not using the information for any purpose other than to carry out the services they are performing for BABICM.
Although we take appropriate security measures, we cannot fully assure you that personal data will never be subject to a data breach. In the unfortunate case that this happens, we will activate our incident response action plan set out in BABICM policies, and, if appropriate, will inform you accordingly.
Our Web Site may contain links to other sites whose information practices may be different from ours. Website users should consult the other sites’ privacy policies as BABICM has no control over information that is submitted to, or collected by, these third parties.
WHEN WILL WE DELETE YOUR DATA?
BABICM will not keep your data for longer than we need to to meet all the purposes we included in the section “Why do we process your personal data?”.
For example, if you are a member, we will keep your data for the duration of your membership and then, we will keep that data if we need it to comply with a legal obligation (including BABICM’s document retention policy). For most of the purposes and legal obligations we have stated a retention period of 6 years, but we also apply shorter periods. For example, we keep data in relation to new enquiries for a 6 months period, after which we delete it.
YOUR RIGHTS
As a data subject, you have the following rights under the Data Protection Laws:
These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us”).
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that these rights are not absolute. Sometimes, they are subject to exemptions that we may apply in accordance with the Data Protection Laws. If so, we will inform you accordingly.
Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.
If you object to us processing your personal data, we must demonstrate compelling grounds for continuing to use your data.
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
When exercising this right, make sure that we can identify you, and, to help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
Right to be forgotten
You can ask us to delete your personal data where:
What will happen if your rights are breached?
If you are concerned that we have breached a privacy law or code binding on us, please send an email marked “Urgent” to Chair@babicm.ogr or send to our office via secretary@babicm.org . We aim to respond in a reasonable time (normally 24 hours). We will manage your complaint and will give you additional information about how it will be handled.
Complaints to the regulator
You have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website ico.org.uk.