Privacy and data protection policy
Privacy and data protection policy
Built Intelligence Limited (We) are committed to protecting and respecting your privacy. We gather/use and keep information in line with the Data Protection Act 1998, General Data Protection Regulations and all relevant regulations.
For the purpose of the Data Protection Act 1998 and for General Data Protection Regulations that apply from 25 May 2018 (the Act), the data controller is Built Intelligence Ltd., of 15 Whiteladies Road, Bristol, BS8 1PB.
The Company fully endorses and adheres to the eight principles of the Data Protection Act. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for the Company must adhere to these principles.
Schedule 1 to the Data Protection Act lists the data protection principles in the following terms:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless – (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act4.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Applying the principles
- All staff and volunteers who process Personal Data on behalf of us will be required to agree to sign our Data Processor agreement.
- The board appoints the Data Protection Officer. All questions and concerns in relation to this policy should be addressed to them.
- When personal information is collected we will ensure that
- this information is necessary for the company purposes
- the information is not kept for longer than it is needed
- those people supplying the information are aware of this policy and how they can obtain a copy
- Personal information (including photographs) of individuals will not be published on our website without obtaining explicit and informed consent from the individuals concerned.
- A copy of this policy will be on our website.
- All personal information held by staff and volunteers on behalf of us will be held and processed in a sufficiently secure manner (whether in paper or electronic form) to prevent unauthorised access (whether by unauthorised staff or third parties). This means we will:
- Store paper based information in secure, lockable cabinets
- Use password protections and encryption of particularly sensitive electronic documents (all computers used to store sensitive information must be encrypted, any mobile devices capable of accessing sensitive information must use a keyboard lock)
- Restrict access to both paper and electronic personal data to those who need to process it for one of the above uses
- Ensure that personal information is transmitted securely in a way that cannot be intercepted by unintended recipients
- The Company may authorise a third party subcontractor to process the personal data on its behalf provided that the subcontractor’s contract with the Company provides equivalent rights to the those set out in this policy.
- Personal data shared with us through the use of website(s) will be deleted upon termination or expiry of the contract. The Company has a comprehensive, redundant backup policy. Personal data is not removed from archived backups.
- All personal data held in our website(s) is stored within the European Economic Area (“EEA”).
Information We May Collect from You
We may collect and process the following data about you:
Information that you provide by filling in forms on our site www.builtintelligence.com and its subdomains (our site). This includes information provided at the time of registering to use our site, subscribing to our service, posting material to our site or requesting further services. We may also ask you for information when you report a problem with our site.
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Details of transactions you carry out through our site and of the fulfilment of your orders.
Details of your visits to our site including, but not limited to, traffic data, location data and other communication data, and the resources that you access.
Telephone calls to and from any of our contact numbers may be recorded for quality, training and security purposes along with the resolution of any queries arising from the service you receive.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our business partners. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
Session cookies allow us to track your actions during a single browser session, for example to remember the items returned from a search. They do not remain on your device beyond your session.
Persistent cookies remain on your device between sessions and allow us to authenticate you and to remember your preferences. We also use them to balance the load on our servers and thus to enhance your experience on our website.
Session and persistent cookies can be either first or third-party cookies - a first-party cookie is set by the website being visited. A third-party cookie is issued by a different website to that being visited.
Built Intelligence Ltd's website uses a mixture of first-party, session and persistent cookies to deliver its services efficiently and to enhance your experience. The only third-party cookies used by Built Intelligence Ltd are those provided by Google Analytics to gather anonymised information for the benefit of all web users. We do not use behavioural targeting cookies. All our cookies fall within the ICC classifications Strictly Necessary, Functionality and Performance and none within the classification Behavioural Targeting.
Following an audit of all cookies we use, we have retired a number which are no longer important. We regard those that remain as necessary to operate our website efficiently and beneficial to you to get the most out of our services.
If at any time you wish to disable our cookies you may do so through the settings on your browser, but if you do so you will not be able to use certain important features of our service.
Where We Store Your Personal Data
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information through the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our site through the internet; any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access to it.
Uses Made of the Information
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us, or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service:
- We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services that may be of interest to you and we, or they, may contact you about these by post or telephone.
- If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those that were the subject of a previous sale to you.
- If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
- If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box on the form on which we collect your data.
Disclosure of Your Information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If Built Intelligence Ltd. or substantially all of its assets are acquired by a third party, in which case personal data held by it about its subscribers will be one of the transferred assets.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to Information
Employees and other subjects of personal data held by us have the right to access any personal data that is being held in certain systems (subject to certain exemptions).
- Subject Access - all individuals who are the subject of personal data held by the Company are entitled to:
- Ask what information the Company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed what we are doing to comply with its obligations under the 1988 Data Protection Act or GDPR.
- Personal Information may be withheld if the information relates to another individual.
- Subject Consent - The need to process data for normal purposes has been communicated to all data subjects. In some cases. If the data is sensitive, for example, information about health, race or gender, express consent to process the data must be obtained.
Any person who wishes to exercise this right should make the request in writing to the Company Data Controller, using the standard letter which is available on line from https://ico.org.uk/
Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
We aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days of receipt of a completed form unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
Changes to Our Privacy and Data Protection Policy
Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. This policy was last amended on 24th May 2018.