This statement explains what we do with people’s personal data, and how people can exercise their rights over it.
Who we are and how to contact us
We are BPS Crowthorne. We are an Irish company with CRO number 291233, and our registered office is at 20 Clanwilliam Terrace, Dubin 2, Ireland.
This statement is intended to provide a succinct, easily understood overview of what we do with people’s personal data. If you have any questions or concerns about the information in this statement, or about our handling of personal data more generally, or if you would like more detailed information on a particular point, you should email us at firstname.lastname@example.org or write to us at the above address for the attention of the financial controller and IT manager.
Sometimes, the data controller of the personal data we process may actually be one of our other group companies. For example, if you work for one of our French customers, the controller may be our French subsidiary. Nevertheless, you can always send your questions or concerns to us, and we will handle them.
The personal data we handle, what we do with it and why
We store and use the names and business contact details of the people we interact with at our existing customers, so we can provide our services, communicate with them, manage our relationship with them, promote our services to them, issue invoices and otherwise operate our business relationship with them.
We store and use the names and business contact details of the people we interact with at our suppliers and other organisations we deal with in the course of our operations, so we can manage our relationships with them and otherwise operate our business. For example, if we collaborate with another organisation on a research project, we will necessarily hold information about the people at that organisation that we are working with.
We store and use the names and business contact details of people at prospective customers, in order to promote our services to them and discuss matters such as commercial and contractual arrangements with them prior to becoming a customer. We also use social media platforms such as LinkedIn identify likely prospective customers, and use the built-in messaging functions of those platforms to contact relevant people at those prospects to promote our products and services. We will always stop contacting them in this way if they ask us to.
We do not promote our products and services to consumers.
Who we share that data with
We only share the data we collect with:
- our subsidiary companies, as necessary for the purposes we collected it for; and
- our suppliers, to the extent necessary for them to perform their services to us. Most notably, we use third party suppliers like Microsoft, CetSat, Constant Contact and Zoho to host some of our IT systems and communications platforms.
How long we keep it for
We keep the details of people we work with on research projects for 10 years after the project finishes.
Otherwise, we keep the details of people at our customers, suppliers and the other businesses we interact with for the duration of our relationship with them, and for 6 years after the end of the tax year in which we last did business with them.
We keep the details of people at prospective customers for as long as we are actively engaged in discussions with them, and for 3 years afterwards.
When we send marketing emails, we will typically retain the email addresses until the recipient unsubscribes, or until we get one ‘hard bounce’ message, whichever happens first.
The legal basis on which we process it
We process the details of people at our customers, our suppliers and the other businesses we interact with on the basis of our legitimate interest in interacting with those businesses to provide our services to them, procure goods or services from them and otherwise to operate and to carry out our functions as a business.
We process the details of people at prospective customers on the basis of our legitimate interest in promoting and arranging to provide our services to new customers.
We will always stop contacting someone for promotional purposes if they ask us to, although it may take a few days to remove them from email marketing lists and other databases.
Your rights and how to exercise them
The law gives you certain rights in respect of the information that we hold about you. Below is a short overview of those rights. The website of the Data Protection Commissioner’s Office (https://www.dataprotection.ie) has a wealth of useful information in respect of your rights over your personal data.
If you wish to exercise your rights, the best way to do so is by email to email@example.com, but if you prefer you can also write to us at the address above for the attention of the financial controller and IT manager.
Your right to a copy of the information we hold about you
With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you, as well as information about what we do with it, who we share it with and how long we will hold it for. We may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.
Your right to have inaccurate information about you corrected
You have the right to have the information we hold about you corrected if it is factually inaccurate. In most cases the easiest way to do that is to ask your usual contact with us to arrange that.
Your right to object to what we do with your data, and to have restrictions placed upon it
Where we process your personal data on the basis of our legitimate interest, you have the right to object to that processing and to have restrictions placed upon it while we consider your objection.
Your right to have your information deleted in some circumstances
You have the right to require us to delete the information that we hold about you if it is no longer necessary for the purpose we collected it for, and there is no other legal basis on which we must, or are allowed to, retain it.
Your right to complain to the Data Protection Commissioner
You have the right to lodge a complaint about our handling of your personal data with the supervisory authority, which in Ireland is the Data Protection Commissioner’s Office.
You can contact the Data Protection Commissioner’s Office on +353 761 104 800 or firstname.lastname@example.org