Privacy Policy and Data Protection Notice
The Policy
This privacy policy is for the websites www.business-partnership.com and www.bp-corporate.com and is served by Business Partnership (Management) Limited (BPML) and governs the privacy of its users. It explains how we comply with GDPR (General Data protection Regulation), the DPA (Data Protection Act) and the PECR (Privacy and Electronic Communications Regulations)
This policy will explain how we collect, process, manage and store your data and how your privacy and personal data is protected under the above legislation. We constantly review changes in these regulations and will amend our polices accordingly. Importantly we will update this policy after the UK’s exit from the European Union.
Contents:
- About Business partnership
- Legal Processing
- Information we collect
- Security and where our data is held
- How we use your data
- Notification of data breaches
- How is your data collected?
- Disclosure of your information
- How do we contact you?
- How do we record and hold your data
- Updating, Accessing or enquiring about your data
- What we may require from you.
In addition please read in conjunction with our cookies policy.
1. About Business Partnership
Business Partnership (Management) Limited (BPML), a company registered Company Number (4459291) and whose registered office is at Owl Barn, Earls Croome, Worcester, WR8 9DB. BPML wants to collect and use personal information fairly and transparently. We will only use your data for our own marketing purposes in order to provide you with useful and timely information that is relevant to your business objectives (clients/vendors) and acquisition search (prospective purchaser)
It is our view, fairness is:
- using information in a way that people would reasonably expect
- thinking about the impact of our processing and if it will have unjustified adverse effects on you or your business
- ensuring that you understand how we intend to use your data
- giving you the freedom and opportunity to express your data preferences to us
- abiding by your preferences
By providing personal information to BPML, in any of the ways described in this policy, or by entering into a contract with BPML that requires such processing, the Subject is agreeing that they accept this privacy policy and that BPML is authorised to process their personal data.
2. Legal Processing
Current data protection law states that there are a number of legal reasons why a company might collect and process personal data. BPML has undertaken a full review of its policies and procedures to determine the most relevant legal basis for certain situations:
Consent – when you give us specific consent to use your data for a given purpose. For example when you ask us to provide you with details of the sales process (client/vendor), or when you enquire about an acquisition opportunity (potential purchaser).
Contract – when you engage with our services, we will process your personal data in order to deliver the agreed service.
Legal Compliance – if the law or government requires we will collect and process personal data. For example, the law requires us to collect personal information from clients who sign a contract with us for Anti Money Laundering (AML) purposes. Likewise once a potential purchaser progresses to the point of an offer, then AML checks will need to carried out
Legitimate Interest – this legal basis allows us to use personal data in a way that might reasonably be expected as part of running the business. This basis does not affect your freedom or rights and you have the right to request that the information we hold is erased, or that communication preferences are changed. To request changes to your data please contact us. An example of BPML using the legitimate interest legal basis is through direct marketing channels to advise you of services that might be relevant to you, or to advise you of an acquisition opportunity that might be relevant to you or your business.
For more information on legitimate interests, please visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/
3. Information we collect.
With your consent we may collect and hold the following personal data: Name
Job title (if appropriate) Contact Information including; – Work & Home address Work & Home Phone Number Work & Home Mobile number Work & Home Email Address
Business search preferences
Website usage data
Other information relevant to client enquiries and communications
Anti-Money Laundering (AML) background checks.
We collect personal data where people have expressed an interest in buying or selling a business This information is processed under our legitimate business interest and shared internally with our Regional Partners for helping our clients sell their business or assisting others find the business that is right for them.
4. Security: Where and how is your data held
BPML makes use of a number of third party organisations and software applications to store and synchronise data. This is for the purposes of maintaining and recording our direct communication with new business prospects, sending out marketing communications and delivery of marketing services to our clients. Whilst the following list is not intended to be exhaustive, BPML only transfers the personal data relating to our clients where required, for the activities set out below, to the following third parties or Data Processors:
System/Software |
Function |
Data Server |
Regional Partners |
CRM and Marketing Activities |
We use a proprietary system for controlling data and it is managed by external developers and hosted by Rackspace Inc.
https://www.rackspace.com/en-gb/information/legal/privacycenter
http://www.compasscomputers.co.uk/privacy-policy |
Mailing Manager |
Email Marketing Platform |
Mailing Manager has certified compliance with the EU-US/Swiss-US Privacy Shield Frameworks. |
Google Analytics |
Website and Campaign Metrics |
Google own and operate data centres around the world in order to keep their products running efficiently. They adhere to the EU-US and Swiss-US Privacy Shield Frameworks for data compliance. |
Google Adwords |
PPC Campaigns |
https://privacy.google.com/businesses/compliance |
|
|
|
Microsoft Office 365 |
Email management, Data processing and Storage |
|
BPML will update this list from time to time as our systems and operations evolve and inform you accordingly.
5. How do we use your data?
BPML is the sole owner of any data you provide us. We only look to use your data to inform you of our products, services and let you know how we can help you and your business.
Data collected is only used for our own marketing purposes and for delivery of services to our Clients and potential purchasers through our Network of Regional Partners (franchisees of BPML). Our franchisees are contractually bound under this privacy policy and operate accordingly. Outside of our franchise network we do not share, sell or pass any data on to third parties for marketing purposes.
We will only use your personal data when the law allows us to. In particular, we will use your personal data in the following circumstances:
- Where we need to perform our obligations under the sale agreement contract as executed by our franchisees.
- Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation
Generally, we do not rely on consent as a legal basis for processing your personal data via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.We have set out below a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate business interests are where appropriate.Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the list below. (Not exhaustive)
- To register you as a new customer/client/associate or prospective purchaser.
- To process and deliver a service to you in respect to specific enquiries.
- Supply of business sales details/information memoranda plus related background information.
- To customise our web site for you.
- To track business prospects that you have registered /or shown an interest in.
- To maintain our ‘client engagement area’ which connects buyers with sellers by recording a legend of information provided together with electronic communication and activities.
- To send you promotional emails about new business we have been instructed to sell together with other items we feel may be of interest to you.
To maintain data accuracy and ensure the correct use of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your personal data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Such Data Processors and Sub Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organizational controls in compliance with GDPR. Data is stored on servers within the EU.
6. Notification of security breaches
In the event of us becoming aware of a security breach that may affect you, we’ll notify you of the breach, provide a description of what happened and later report the action we took in response.
7. How is personal data collected and recorded by BPML
When you give your personal data to BPML we will process that data in accordance with our responsibilities under the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003. GDPR Regulations (May 2018) and other relevant legislation.
BPML collects and records data in the following ways:
- Events: When we meet you face to face and we share contact details/exchange business cards and follow up with an email – which is explicit in requesting your consent to be added to our database.
- Website: When visitors register for our newsletter or to download information we retain personal data that is input at the time of registration.
- 3rd Party Websites: BPML subscribes to a number of UK and Overseas web sites that specialises in the promotion of business sales, typically www.daltonsbusiness.com; www.businessesforsale.com; www.rightbiz.com; such enquiries are received, and your personal data is added to our data base. You will only receive the sales details on the target business together with any other sales details that we feel would be of legitimate business interest to you in your search for a business opportunity.
- Cookies: Used to help us understand your preferences based on previous or current site activity. Please see our cookie policy.
- Telephone or email enquiries: We will ask you at the time of enquiry if you are happy for us to retain your details for our marketing purposes. We provide you with the opportunity to unsubscribe to email communication.
- Client Contracts: We will record our client’s details and they will also have the opportunity to opt out of marketing communications.
- Data bureaus: We will only purchase lists from suppliers who are GDPR compliant, and who can assure us that every contact has opted-in to receive information on relevant products and services.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources (e.g. Companies House) subscription directories.
- Technical Data from the following parties:
(a) analytics providers such as Google based outside the EU;
(b) third party acquirer networks;
(c) search information providers such as Google based inside or outside the EU
(d) M&A and brokers acting for purchasers.
- Data Contractors using publicly available sources such as directories or websites based inside or outside the EU.
This is information we receive about you if you use any of the other websites we operate or the services we provide. In the case of services that we provide to you, we will inform you at the first point of contact with you.
By interacting with BPML as defined in this policy, the Subject provides their consent for the transfer and use of their data by our Data Processors and their Data Sub-Processors which BPML believe will enhance service delivery and customer relationship management activities. No data transfer will be undertaken that is outside the strict scope of the purposes stated in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event, the security provisions will be compliant with the applicable Data Protection Laws.
We may monitor, record, store and use telephone calls:
- for staff training purposes, helping us to improve the quality of our customer service and to ensure the information we provide is consistent and accurate;
- for reporting on the types and numbers of enquiries we receive;
- to check instructions given to us.
- We understand your personal information is important and we are committed to protecting your privacy. Any information you disclose will be for BPML use only and unless agreed otherwise with yourselves in advance will not be passed to any third party.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective buyer or seller of such business or assets.
- If BPML or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or the terms and conditions of supply of services that will have been provided to you separately, and other agreements; or to protect the rights, property, or safety of BPML our customers, employees and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. Disclosures of your information
You agree that we have the right to share your personal information with:
- Any member of our group, which means our franchisees, our ultimate holding company, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties, including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimization of our site;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective buyer or seller (or their representatives) of such business or assets.
- If BPML or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or the terms and conditions of supply of services that will have been provided to you separately, and other agreements; or to protect the rights, property, or safety of BPML, our customers, employees and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- We disclose your personal contact details to our clients once you have specifically expressed an interest in their business. Once you express an interest in acquiring a business the relevant client will be provided with partial information about your interest but nothing that can personally identify you. Please see our terms and conditions https://www.business-partnership.com/terms-and-conditions/
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
9. How do we contact you?
Our marketing communication is via email, direct mail (post), telephone and at events. You have the right to opt out of any of these communication channels.
10. How do we record and hold your data preferences over time?
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Your data will be held for up to 6 years unless you advise to the contrary. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law and to satisfy our professional indemnity requirements, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for example for tax purposes, client’s request, other questions or queries regarding past service provision etc.
Every piece of communication will provide you with the option to opt out or to be removed from our database altogether.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of service purchase, product/service experience or other transactions.
By providing this constant opportunity to update your preferences, we can be confident that we are only sending communications to those who are actively interested in our service offering. Please be assured that we would never want to be considered a nuisance to you or for our contact to result in a complaint.
11. Updating, Accessing or Enquiring about your data
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by clicking the unsubscribe link provided on our marketing emails.
Under Data Protection Laws, Data Subjects can make certain choices in relation to how their personal data is processed. These include whether your personal data is disclosed to third parties, and preferences regarding the frequency, subject matter, and/or format of communications. Data Subjects or any other concerned parties wishing to discuss matters relating to data protection, such as: Subject Access Request; concern over accuracy of collected data; or enquiries regarding a possible data breach or security incident, please email enquiry@business-partnership.com or write to:
Data Protection Officer…
Mr John Hatt
Business Partnership (Management) Limited
Owl Barn
Earls Croome
Worcester
WR8 9DB
enquiry@business-partnership.com
The email address is monitored within working hours and you should receive a reply within 2 working days.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
No fee usually required
You have the right to access information held about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If we do not hear otherwise from you, we will assume that the information you provide to us is accurate and up-to-date and we will continue to use the information to send you any communications we think are of use to you.
Business Partnership (Management) Limited Sept 2018