This Privacy Notice explains what information BOKS International gather about you, what we use that information for and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.
It is our policy to collect only the minimum information we require from you. If you believe we hold more information about you than is required, or if you have any queries about how we handle your personal data, please contact us using the details below.
Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.
If you have any questions about this Privacy Notice or the way your personal information is processed by us, or would like to exercise one of your rights explained within, please contact us using one of the following means:
Email: [email protected]
Post: Data Protection Officer, BOKS International, 3 Acorn Business Centre, Northarbour Road, Cosham, Portsmouth PO6 3TH.
Types of Personal Data Processed
The personal data processed as part of our marketing strategy is limited to ‘personal data’ as defined in Article 4(1) of the EU General Data Protection Regulation (‘GDPR’). We take every effort to minimise the personal data we collect and its processing to what are essential for the purposes of marketing to you. The personal data we store is limited to First Name, Last Name, Job Title, Age, Company shareholding, and email address. These are publicly available details that are used to identify an individual and their relationship to a company.
Categories of Data Subjects
Personal data we process for our own purposes and on your behalf may include, but may not be limited to, member data, prospect data, staff data, contractor data and supplier data.
Legal Basis for Data Processing
Where we collect and store your personal data for our own purposes, the lawful bases for doing so, are as follows:
To provide our services to you in performing our contractual obligations to you in accordance with our admission agreements. In order to work with you as a member, we require some personal data from you. The continued processing of relevant personal data will be necessary to enable us to deliver services to you.
We will have a legitimate interest in processing your data for the purposes of Direct Marketing in such a circumstance that your data profile, as available in the public domain, matches what we would expect based on an analysis of our typical member. Our services involve sharing your details with other member firms for the purposes of networking and the possibility of referring business. You will be in a Senior role within an organisation that provides professional services in line with those advertised on our website.
We will have a legitimate interest in processing your data for the purposes of ongoing
communication with you as a member. An integral part of your membership requires that you receive ongoing updates regarding the alliance as a whole and the updates provided by other members. It is reasonable that as a member you will expect these communications and it is in our legitimate interest to keep you informed.
For any other purposes for which you provided the information to us and where there is no other condition for processing available, if you have agreed to us processing your personal information.
Duration of Processing
We will process personal data on your behalf for so long as you remain. At the cessation of our processing activities on your behalf it is your choice as to what happens to the personal data you have provided to us.
Legitimate Interest Assessment
We have carried out a Legitimate Interest Assessment (LIA) as recommended by the ICO. The data we collect is not of a sensitive nature and is limited only to that which is essential for our purposes in conducting direct marketing activities. The data we procure is available in the public domain, through social media and it is therefore reasonable to assume that you, the subject, would expect some degree of marketing communications from relevant potential suppliers. The impact of any communications we send to you, the subject, is in our opinion minimal, and you have every right and opportunity to restrict this.
At BOKS International, we source marketing and prospect data from a range of direct and indirect sources. The direct sources are communications with you, either over the phone, by email, or through form submissions on our website. The indirect sources are all in the public domain and identified using web searches for details of appropriate contacts within organisations and referrals from your colleagues or acquaintances. In all cases we will do so based on the understanding that international referrals are a core requirement of professional service organisations and a subject with a senior role in such an organisation will have a pronounced interest in such.
Use of sub-processors
As part of our service delivery it is necessary for us to use sub-processors.
Our IT is largely provided by parties external to BOKS International. Some solutions we utilise are cloud based and our need to rely upon those systems varies depending upon the services we deliver to you.
All sub-processors are bound by contracts with BOKS International to provide at least the same level of protection for your data as we do.
Most sub-processors do not engage directly with your data and simply provide secure storage solutions for the data we process. Unless we have otherwise expressly agreed conditions with them, sub-processors are prohibited from using your personal data for their own purposes.
BOKS International utilise a number of suppliers to provide us with IT and other associated services for the delivery of our business and services to you. In many cases, the suppliers we use will be granted access to the data we are processing in order to provide us with technical assistance. Such processing activities are not directly related to our principal services to you and are considered ancillary to our own internal activities.
As an international alliance, our staff need to be able to work from anywhere in the world using our IT services. Although your data will be securely stored within our IT environment and the aforementioned cloud solutions at all times, it will from time to time be necessary for our staff to access these systems, both inside and outside of the EEA.
To assist in providing some services to you, BOKS International may utilise external subcontractors to process your personal data. The processing activities which may be undertaken by subcontractors includes, but is not limited to, data entry processing on engaged services, client management and billing. These subcontractors may operate outside the European Economic Area (‘EEA’) and from countries that do not have laws that provide specific protection for personal information. To minimise the transferring of personal data, these subcontractors are provided direct access to the IT environment and software platform, in which to perform the processing activities. Appropriate IT security controls are in place at all times and all subcontractors are bound by contracts (e.g. the standard (model) contractual clauses issued by the EU for the transfer of personal data to data processors or data controllers outside the EEA) which require your personal data to be safeguarded and which provide at least the same level of protection for your data as we do.
If you are registered as the primary contact for you firm, as a member of the alliance, other members of BOKS International will have access to your personal data. This data will also be made publically available on our website to prospective clients and referrers. We transfer your personal data to other members of BOKS International where necessary unless you have specifically requested us not to. This is an integral part of the service we provide and should be expected by you when becoming a member.
Where your personal information is not publicly shared by us as part of your membership, BOKS International has put technological and organisational controls in place to protect your personally identifiable information. Only authorised persons are provided access to personally identifiable information we have collected, and all such individuals have received appropriate training and have agreed to maintain the confidentiality of this information.
Data Retention Policies
BOKS International carry out frequent updates to our prospecting data. Any information or company associations which are found to be out of date are deleted. If we deem you to have a legitimate interest, we will store your data for a period of no longer than 5 years before reviewing this.
We actively minimise the personal data we request or hold, which means unless you seek to engage us, we will store only that which is absolutely necessary for us to make and maintain contact with you.