Welcome to the BM Data Services Limited’s privacy notice.
This privacy notice provides information on how we collect and process personal data when you visit our website, contact us or use your services.
- Important information and who we are
BM Data Services Limited is the controller and responsible for your personal data. It is a wholly owned subsidiary of Blaser Mills Law, a regulatory legal practice. When we mention “us”, we are referring to the BM Data Services Limited which is responsible for processing the personal data which will be clear to you when you use our website. BM Data Services Limited is the controller responsible for this website.
If you have any questions about this privacy notice or our data protection practices please contact James Simpson, the data privacy manager for us.
Our full details are:
Full name of legal entity: BM Data Services Limited
Name or title of data privacy manager: James Simpson
Email address: firstname.lastname@example.org
Postal address: 40 Oxford Road, High Wycombe, Buckinghamshire, HP11 2EE
2.The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity & Contact Data.
- Sensitive Data
- Transactional Data
- Technical Data.
- Profile Data.
We explain these categories of data as follows;
Identity & Contact Data – we collect name and email address. In the course of managing enquiries, we may also receive other identity data from you to validate requests. This may include identity data such as passport, driving licence and address details.
Sensitive Data – in the course of handling an enquiry, you may pass on details that require us to collect and use sensitive personal data relating to you. Such data could include information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of criminal offences, or genetic or biometric data.
Transactional Data – as we represent clients, we will collect data from you regarding the products, services and arrangements you may have or receive from them.
Technical Data – we collect information when you visit our website including, the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform.
We use different methods to collect data about you, which are;
- Emails from you;
- Telephone calls;
- Browsing our website;
- Receipt of documents from third parties such as supervisory authorities and enforcement bodies.
- Information given to us by our clients.
3. How we use your personal data
We will only use your personal data for the purpose for which we collected it which include the following:
- To register, process and answer your enquiry.
- To pass your enquiry onto the relevant client;
- To manage any supervisory or enforcement action involving you;
- To improve our website, products/services and client relationships.
- To recommend products or services which may be of interest to you if you are a client.
We therefore use personal data for;
- Legitimate interests in providing and improving our services;
- To fulfil contractual requirements to our clients in managing enquires from data subjects and supervisory bodies;
- To meet legal obligations in managing enquiries and responding to official requests from supervisory bodies;
- To protect your vital interests such as assisting in ensuring that client’s manage your personal data lawfully.
We will not use your personal data for taking any automated decisions. We also do not use non-client personal data for marketing purposes.
4. How we share your personal data
We share your personal data with Blaser Mills Law for file storage. We may also share personal data where our client requires legal advice on a matter pertaining to you. The information is transferred under a client retainer and so is covered by legal privilege. To manage your enquiry, we also share your requests and data with the relevant client relevant to your enquiry.
5. International transfers
We may transfer, store and process your personal data outside the UK. As an Article 27 Representative, our client’s will be based outside the UK and your enquiry to us will be in relation to your dealings with a client. Therefore, when we pass the enquiry to the client, it will involve your personal data being transferred internationally. We do this via encrypted email services provided by Microsoft.
6. Security of data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered or accessed in an unauthorised way. We use Microsoft encryption for our emails and we have Cyber Essentials accreditation for file storage.
7. Example of how your personal data is collected and used.
You may be receiving services from Company X which is based in the United States. It has appointed us as its Article 27 GDPR Representative because it does not have an establishment in the UK or EEA.
If you have an issue with its use of your personal data, you may send us an email making a complaint. Under the terms of our relationship with Company X, we have agreed to register your enquiry and to pass it on to them so that they can respond to the complaint. This means that we are passing your email address internationally to the USA. We do so under our client retainer with Company X.
Company X may ask us to correspond with you in relation to your complaint rather than dealing direct with you. If we do so, we will learn more about your complaint which may involve us receiving more personal data about you, either from you or Company X. This data could include sensitive data depending on the type of complaint. Where we are managing a subject access request from you, we may also need to validate your identity. This means that we may ask for forms of photo identification from you which we will pass on to Company X. However, generally, our clients will contact you directly to validate identity.
In some circumstances, you may involve a data protection supervisory authority or a law enforcement body. They may contact us as the representative of Company X. We will then receive personal data about you from such bodies and we may provide them with personal data received from our client to respond to them. It may also be that information has to be used for Court processes if a complaint goes that far.
We keep records of our dealings as client files because they are necessary for legal, tax and insurance purposes.
We do not use personal data of any other purposes.
8. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the Information Commissioner’s Office, the UK regulator for data protection issues (www.ico.org.uk).
Your main rights are as follows:
- A right to request access to your personal data.
- A right to request correction of your personal data.
- A right to request erasure of your personal data.
- A right to object to processing of your personal data.
- A right to request restriction of processing your personal data.
- A right to request transfer of your personal data.
- Where relevant, a right to withdraw consent to use your data.
If you wish to exercise any of the rights set out above, please contact us.
9. How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us or our client to assert or defend against legal claims. We securely destroy personal data in accordance with applicable laws and regulations on expire of the relevant retention period.
10. Further details