We are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us, in accordance with the General Data Protection Regulation Act (GDPR).
British Loose Leaf is a “data controller”. This means that we are responsible for deciding how we hold, use and store personal information about you. We are required under GDPR to notify you of the information contained in this privacy notice.
We may update this notice at any time.
Data Protection Principles
We will comply with all the relevant data protection law (including GDPR). This requires that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information we collect and may hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where the identity has been removed (anonymous data).
Personal data provided to us by you during the course of our business relationship we may collect, store, and use:
- Full Name
- Role/job title
- Contact details at the company which you work for such as address, website address, email address and phone (landline, mobile, switchboard) number
- Initial requirement
- Credit card information
- Details of your interactions with us through phone contact, email or online.
- Details of your visits to our websites, and which site you came from to ours.
- Information gathered using cookies in your web browser.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
- Your social media username/s, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
Personal Data we may receive from other sources:
- Credit information from credit reference agencies.
- Your name and profile information that you make publicly available.
- When you’ve given a third-party permission to share with us the information they hold about you.
How is this information gathered?
We gather personal information through third-party sales team partners, through lead generation forms on our website as well as over the phone or email when relevant.
Examples of third parties we work with are:
- Direct marketing companies who help us manage electronic communications and telemarketing
- Data Insight companies to ensure your details are up to date and accurate.
- IT Companies who support our website and business systems
What specific information do we gather, store and/or use from our Website
Our website does not collect specific, detailed information about you personally as a visitor to our site.
Where information is gathered, we will inform you of this along with the explanation of why it is required. This information will be for purposes such as responding to an enquiry made and we will ask for this information for us to get in touch and provide the relevant information which has been requested by you.
What information is retained?
Cookies and tracking software are used on a temporary basis and expire when the site has been left. These are used for purposes such as website improvement. Google Analytics is also used for the same reason of website improvement and understanding how you use it. This information is not shared with anyone.
The information we collect and hold via Tracking software is the following:
- Browser used (Bing, Chrome, Internet Explorer etc.)
- Location (based on IP address)
- Site searches
- Device(s) used
- Frequency on Site
- Session duration (time spent on the site)
- Page(s) visited
- Page session duration (time spent on specific page)
- Web Surfing Behaviours
- We currently use the following companies that may process your personal data through website usage – Facebook, Twitter, LinkedIn, Google, Instiller and Mail Chimp.
How is personal data protected?
We treat your data with care and take appropriate steps to protect it.
- We secure access to our websites and apps using ‘https’ technology.
- Access to your personal data is password-protected, and sensitive data is secured by SSL encryption.
- We regularly monitor our system to identify ways to further strengthen security.
How and why do we use your personal data?
While you are a customer of BLL, the basis for processing your data is ‘contract’. When you are not or no longer an active customer of BLL the basis is ‘legitimate interest’ as we would like to continue to build a business relationship with and keep you informed of ongoing developments at BLL and more readily help you in the future as you require.
Whatever your status with BLL, we want to give you the best possible experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you. We then use this to offer you content, products and services that are most likely to interest you.
We may use your details for the purpose of creating a profile to gauge decision making and for direct marketing purposes. For example, using information held, we may create profiles based on the following: –
- Email Address
- Telephone Number
- Geographic Location
- Job Title/Job Role
The data privacy law allows this as part of our legitimate interest in understanding our customers and potential customer and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide the best experience.
Here’s how we’ll use your personal data and why:
- To process any ‘contracts’, orders or hold negotiations that you make by using our sales team or sales agents. If we don’t collect your personal data during negotiations or ordering, we won’t be able comply with our legal obligations. We would then keep those details for a reasonable period to fulfil contractual obligations.
- To respond to your queries. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this because of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- To protect our business and yours from fraud and other illegal activities. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
- To market our product and services. We will use your personal data, preferences and details of your transactions to keep you informed by email, web, telephone about relevant content, products and services including information, tailored offers, discounts, promotions, events, competitions and so on. We market because of legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests; and we do so in a way which might reasonably be expected as part of running our business. This does not impact your freedom or rights. Our marketing will follow best practice laid out by the Information Commissioner’s Office (ICO) when dealing with corporate subscribers under the PECR.
- Send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, marketing data misuse issues, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- Develop, test and improve the systems, services and products we provide to you. We’ll do this because of our legitimate business interests.
- Comply with our contractual or legal obligations to share data with law enforcement.
- Send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Disclosures of your personal data to third parties
We work with a number of trusted and contracted third parties to be able to provide goods and services to you. These third parties include (but are not limited to) those who provide services to us for the delivery of goods and business system providers. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Required disclosures to third parties
We will disclose or share your personal data to comply with any legal or regulatory obligations.
Other situations in which we will use your personal information
We need the categories of information detailed in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal and regulatory obligations. In some cases we may use your personal information to pursue legitimate interests of our own provided your interests and fundamental rights do not override those interests:
- Business management and planning, including accounting and auditing.
- To conduct data analytics studies to review and better understand customer engagement.
Choices you have with your personal information
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the work we do and our exciting products and services, then you can:
- unsubscribe using the button on the email communication we send to you
- by contacting our customer service team on 01322 526262 or, by email to firstname.lastname@example.org
We will not contact you for marketing purposes if you have indicated that you do not wish to be contacted.
It is important that the personal data we hold about you is accurate and current so please let us know if your personal data changes during your relationship with us.
You can change your marketing preferences at any time by contacting us by email: email@example.com or on 01322 526 262.
If you fail to provide personal information
If you fail to provide certain personal information when requested by us, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations (such as financial and tax reporting maintenance).
How do we protect your data?
We have security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We will limit access to your personal data to those employees, agents, contractors and other third parties who need to know such information.
How long will we store your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
What are my Rights?
You have the following rights in respect of the personal data we hold about you:
Right of Access – This allows you to request access to your personal data (commonly known as a “data subject request”). This enables you to receive a copy of the personal information we hold about you.
Right to rectification – You can request correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Right to restrict processing – This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want to establish the data’s accuracy: (b) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims (c) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
No fee usually required – You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you – We may need to request specific information, such as a certified copy of your passport, from you to help us confirm your identity and ensure your right to access the information (or exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw your consent to processing – You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
Right to object to processing – You may object to processing of your personal data where we are relying on a legitimate interest.
Right to erasure – You may request to have your data removed from our systems. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note we may not always be able to comply with your request of erasure for specific legal reasons.
Right to data portability – A right to request personal data be transferred to you or to a third party.
Right of complaint – If you wish to make a complaint in relation to any data protection issue you may have regarding our handling of your data please contact us to see if we can resolve the situation with you. Alternatively, you can contact the Information Commissioner’s Office at www.ico.org.uk
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.
You can contact us in respect of your personal data
Questions, comments and requests regarding this privacy notice are welcomed and should be address to firstname.lastname@example.org or by post to
BLL Holdings Ltd,
8 Veridion Way,
To contact the regulator, please see below:
0303 123 113 or go to www.ico.org.uk
Updated 9 August 2018