Accessibility Options
Member Login Member Login

Privacy Policy

Protecting your personal data is important to us.

In this Privacy Policy (“Policy” or “Notice”) we explain how we use your personal data, your rights, and the choices you can make about the way your information is used.

This Privacy Policy is provided by the British Association of Brain Injury & Complex Case Management (“BABICM”, “we” or “us”).

We are a ‘controller’ for the purposes of the Data Protection Laws that apply to you. This Privacy Policy applies to individuals who use (or are prospective users of) any of our services (including membership, events, updates on news in the brain injury world, and bespoke training programmes for case managers), individuals participating in or otherwise related to any events including speakers, website users and any other individuals whose personal data has been provided to us in connection with any BABICM product or services, and any third parties related to the services mentioned in this Policy.

BABICM is based in the United Kingdom. Our address is:

Suite 8F, Phoenix House, 100 Brierley Street, Bury. BL9 9HN

For data protection matters you can contact us at secretary@babicm.org .

We are registered with the ICO as a fee payer, registration number ZA195878.

BABICM will make this Notice available in another format (for example: audio, large print, braille), upon request.

We recommend you familiarise with the following words, which have particular meanings in the Data Protection Laws and are used throughout this Privacy Policy:


Term		 Definition
controller This means any person who determines the purposes for which, and the manner in which, any personal data is processed.
criminal offence data This means any information relating to criminal convictions and offences committed or allegedly committed.
Data Protection Laws This means the laws which govern the handling of personal data. This includes the UK General Data Protection Regulation, the Data Protection Act 2018 and any other national laws related to data protection.
data subject     The person to whom the personal data relates.
ICO This means the UK Information Commissioner’s Office which is our supervisory authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
personal data This means any information from which a living individual can be identified.

This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings.  It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone, but which would identify them if put together with other information which we have or are likely to have in the future.
processing This covers virtually anything anyone can do with personal data, including:

obtaining, recording, retrieving, consulting or holding it;
organising, adapting or altering it;
disclosing, disseminating or otherwise making it available; and
aligning, blocking, erasing or destroying it.
processor This means any person who processes the personal data on behalf of the controller.
special categories of data, or “sensitive” data This means any information relating to:

racial or ethnic origin;
political opinions;
religious beliefs or beliefs of a similar nature;
trade union membership;
physical or mental health or condition;
sexual life; or
genetic data or biometric data for the purpose of uniquely identifying you.

WHAT PERSONAL DATA DO WE COLLECT?

Information provided by you

We collect the following information from you:

  • Contact details like: name, address, e-mail address and telephone number;
  • corporate affiliation;
  • bank details or other payment information;
  • information about membership status and advanced member assessments,
  • information about membership or other services provided to you as an individual or organisation,
  • information about special accommodations (dietary, religious, health/disability) and other personal information provided to us by you when registering for an event or to be considered by us when providing our services;
  • information about enquiries you raise.

Personal information provided by third parties

We collect other information from the cookies and tracking tools we use, such as the type of browser you are using, the type of operating system you are using, and the domain name of your internet service provider.

Please see our Cookies Policy on our website for more information.

WHY DO WE PROCESS YOUR PERSONAL DATA?

We use your personal data:

  • For internal record keeping purposes;
  • To process membership subscriptions and advanced membership assessments;
  • to maintain and update our membership database accurately;
  • to respond to your enquiries;
  • to send you communications that you have requested and that may be of interest to you either within a BABICM newsletter or ad hoc communication. These mainly include information about case management practice but may also include information about our aims, goals, services and values;
  • to contact you for market research purposes, unless you tell us otherwise;
  • to offer you training programs or other related services that we believe may be of interest to you;
  • to communicate with you for regular membership matters,
  • We also use the information we collect from cookies and tracking tools to improve the design and content of website and services.

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?

We are allowed to process your personal data based on:

Legitimate Interests

We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of BABICM. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table below explains the personal data processed on this basis.

Personal data Legitimate Interests
Personal data related to members, prospective members, subscribers, and individuals attending events that are used for any marketing or promotion purposes; It is on our legitimate interest to carry out marketing and promotion campaigns of BABICM services.
Personal data related to members, to be shared with other members Access to contact information of other BABICM members and event attendees when this is a key benefit of BABICM membership. As a benefit to members, personal data related to members and event attendees may be shared with other members and event attendees.
Special category of personal data voluntarily made manifestly public by you (see “Data manifestly made public” in the “special categories of data” paragraph below).
  • to accommodate a person’s special needs, for example when attending an event.
  • to assess and promote diversity within the industry and our volunteer leadership (for example, BABICM may keep a record of categories of diversity (ethnicity, gender, sexual orientation, age, disability, etc.) represented in its members or volunteers).

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.

Contract

BABICM may process your data to the extent it is necessary for our performance of the contract you have agreed to enter with us.

Legal obligation

We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.

Consent

Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

Special categories of data

We are allowed to process your special categories of personal data on the following legal basis:

Data manifestly made public

Although this sounds like your data is on “the public domain and shared with the public as a whole, it does not mean such thing. When you voluntarily provide BABICM with data related to you for us to deal with any special requirements you may have, for example when attending our annual conference, you are providing this information to our organisation as a whole, and your sensitive data will be used by those staff members, volunteers, or members who needs to deal with your request or preference Since we are an organisation (as opposed to a private, household environment), when you give us your information it is considered that you are making this data sufficiently public in a way that you allow us to use if for the purposes you request or expect us to do. Of course, we will keep this data secure, and it will only be processed by those who need to know.

Legal claims

We need to process your personal data if necessary to defend or establish a legal claim.

Consent

We may use your sensitive data if you give us your consent. If so, you we will gather this consent separately and you will always have the right to withdraw the consent at any time.

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

We use third party providers in connection with the provision of our services (e.g., IT and cloud service providers). If you would like to know the names of our service providers, please contact us using the details at the start of this Privacy Policy.

We also share your personal data with BABICM members if you raise a complaint against a BABICAM advanced member, to seek their views and handle the complaint.

We will also share your personal data with legal advisers, the police, other law enforcements or regulators where we are required or allowed by law to do so.

We do not sell your information to third parties

We do not share your information with third parties for marketing purposes.

Transfers of your personal data outside the United Kingdom

Because of the services providers we use, your personal data is processed from locations that are out of the UK INCLUDING THE United States or other territories that are not considered as offering an adequate level of protection to the personal data. E take steps for these processing activities to be carried out in compliance with the Data Protection Laws. For example, we consider what safeguards need to be agreed with each provider, and we negotiate the implementation of suitable mechanisms like the implementation of International Data Transfers Agreements that are approved by the ICO.

How we keep your personal data secure

We strive to implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.

Employees, volunteers and contractors of BABICM who have access to personal data are required to protect this information in a manner that is consistent with this Notice by, for example, not using the information for any purpose other than to carry out the services they are performing for BABICM.

Although we take appropriate security measures, we cannot fully assure you that personal data will never be subject to a data breach. In the unfortunate case that this happens, we will activate our incident response action plan set out in BABICM policies, and, if appropriate, will inform you accordingly.

Our Web Site may contain links to other sites whose information practices may be different from ours. Website users should consult the other sites’ privacy policies as BABICM has no control over information that is submitted to, or collected by, these third parties.

WHEN WILL WE DELETE YOUR DATA?

BABICM will not keep your data for longer than we need to to meet all the purposes we included in the section “Why do we process your personal data?”.

For example, if you are a member, we will keep your data for the duration of your membership and then, we will keep that data if we need it to comply with a legal obligation (including BABICM’s document retention policy). For most of the purposes and legal obligations we have stated a retention period of 6 years, but we also apply shorter periods. For example, we keep data in relation to new enquiries for a 6 months period, after which we delete it.

YOUR RIGHTS

As a data subject, you have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request);
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to prevent your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent; and
  • the right to request for your data to be deleted (“right to be forgotten”).

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us”).

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that these rights are not absolute. Sometimes, they are subject to exemptions that we may apply in accordance with the Data Protection Laws. If so, we will inform you accordingly.

Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data, we must demonstrate compelling grounds for continuing to use your data.

Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling (which we don’t).

When exercising this right, make sure that we can identify you, and,  to help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful, but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

Right to be forgotten

You can ask us to delete your personal data where:

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Policy;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your data has been processed unlawfully or have not been erased when it should have been.

What will happen if your rights are breached?

If you are concerned that we have breached a privacy law or code binding on us, please send an email marked “Urgent” to  Chair@babicm.ogr or send to our office via secretary@babicm.org . We aim to respond in a reasonable time (normally 24 hours). We will manage your complaint and will give you additional information about how it will be handled.

Complaints to the regulator

You have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website ico.org.uk.

2013-2023© Copyright BABICM

Company Number: 03176447