ABOUT THIS POLICY
WHO ARE WE?
We are Business Design Centre Ltd., a limited company registered in England and Wales under number 01593648 and Upper Street Car Park Ltd., a limited company registered in England and Wales under number 01636570 with its registered office at 52 Upper Street, London, N1 0QH (“BDC“, “USCP” “we”, “our”, and “us”).
We are registered with the UK Information Commissioner’s Office (“ICO”) under registration number Z6461340.
Business Design Centre Ltd.,
52 Upper Street,
By telephone: +44 (0)20 7288 6406
By email: firstname.lastname@example.org
WHAT INFORMATION DO WE COLLECT?
Information you provide us
You may choose to provide us with personal data when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, via our website, by placing an order, in contracting venue space or otherwise.
The ways in which you may interact with our business where personal data is collected and/or processed include but are not limited to:
- Enquiring about and/or entering into a contract to hire venue space;
- Exhibiting at or attending an event at the venue;
- Renting office or co-working space;
- Using the Upper Street Car Park (USCP);
- Visiting the venue to meet with staff, tenants or otherwise;
- Making use of the company websites and online ordering platform;
- Being in the employment of the BDC or a company contracted to work on our behalf whether onsite or otherwise.
The categories of personal data you may provide in these circumstance includes:
- first and last name;
- job title and company name;
- email address;
- phone number;
- postal address;
- payment details;
- marketing and communications data includes your preferences in receiving marketing from us and your communication preferences.
Information we collect from third parties
We collect most of this information from you directly. However, we also collect information about you:
- from publicly accessible sources, e.g. Companies House;
- from third party sources of information, e.g. directly from the event organisers;
- which you have made public on websites associated with you or your company or on social media platforms such as Facebook, Twitter, Instagram and LinkedIn;
- from a third party, e.g. a person who has introduced you to us or other professionals (e.g. contractors) you may engage.
Information we collect online (in the event that you access our venue based internet or otherwise)
We collect, store and use information about your visits to our website and about your computer, tablet, mobile or other device through which you access our network or website. This includes the following:
- technical information, including the Internet protocol (IP) address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location;
- information about your visits and use of the Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used;
- information collected by cookies on our website (for more information on cookies, please see the section on cookies below).
Sensitive personal data
We do not generally seek to collect sensitive (or special categories of) personal data. Sensitive personal data is defined by data protection laws to include personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health. If we do collect sensitive personal data, we will ask for your explicit consent to our proposed use of that information at the time of collection for example in the case of first aid incident.
Our business activities are not intended for or directed at children under the age of 16 years and we do not knowingly collect data relating to children under this age.
HOW WE USE YOUR INFORMATION
The purpose for which we use and process your information (excluding sensitive personal data) and the legal basis on which we carry out each type of processing is explained below.
|Purposes For Which We Will Process Data||Legal Basis For Processing|
|To provide you with information and services that you request from us. This includes but is not limited to online orders for exhibition stands, quotes for venue hire, office space or other services provided.||It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.|
|To send you alerts, newsletters, bulletins, announcements, and other communications concerning Business Design Centre or notifications we believe may be of interest to you.||It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.You will have opted in to receive this kind of information and can always opt-out of receiving direct marketing-related email communications by following the unsubscribe link.|
|To enforce the terms and conditions and any contracts entered into with you. This includes but is not limited to Office Leases and License Agreements and Event License Agreements.||It is in our legitimate interests to enforce our terms and conditions of service under a contract. We consider this use to be necessary for our legitimate interests and proportionate.|
|To send you information regarding changes to our policies, other terms and conditions and other administrative information.||It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|To provide our online services and website including troubleshooting, data analysis, testing, research, statistical and survey purposes;To improve our website to ensure that consent is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access our website.To keep our website and network safe and secure.||For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of our website and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|To ensure the safe operating of the venue through the collection of health and safety documents and the operating of video capture (CCTV and other recording technologies) or thermal imaging software.||It is a legislative obligation on the venue and in the vital interests of the public and users of the venue to be able to carry out their activities in a safe working environment.|
Where we rely on legitimate interests as a lawful basis, we will do so in a considered manner to ensure that your interests, rights and freedoms do not override our legitimate interests. If you do not wish to provide us with your personal data and processing such information is necessary for a provision of services or the performance of a contract with you, we may not be able to perform our obligations under the contract between us.
Business Design Centre Ltd. will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
WHO WE SHARE YOUR PERSONAL DATA WITH
We share your information with the following third parties:
- Business Design Centre Ltd. employees based in the UK
- Business Design Centre Ltd. service providers where it is required for the fulfilment of a contract or service provision including;
These Data Processors may include, inter alia;
- Good Eating Company; where catering services are placed or required
- GD Electrics; where electrical service orders are placed or required
- Granite Consulting; where Internet and networking service orders are placed or required
- Full Circle Ltd; where stand fitting service orders are placed or required
- Onward Display; where signage service orders are placed or required
- Aztec Event Services; where audio-visual service orders are placed or required
- Teamwork (UK) Ltd; where porter, cloakroom or cleaning services are placed or required
- EntrySign; when visitors access the building to meet with tenants, staff or non-event personnel
- Teamex UK; where security or staffing services are placed or required
- Scheidt & Bachmann, 3C and Chauntry; where car parking services are provided with Upper Street Car Park Ltd.
- WES Logistics; where delivery services will be required to or from the venue.
- Live Creative and March Branding; by whom our websites are maintained.
- Upland-Adestra; which is used for email marketing.
- Any other suppliers that we deem reputable and who we work with in the normal course of our business activities.
- Our third party data processors and service providers who assist with the running of our website and our office services including our IT support services, and data storage/back up services.
Our third party processors and service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.
In addition, Business Design Centre Ltd., may disclose information about you in the following circumstances:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if all or substantially all of Business Design Centre Ltd.’s assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation;
- if necessary to protect the vital interests of a person; and
- to enforce or apply our terms and conditions or to establish, exercise or defend the rights of Business Design Centre Ltd., our staff, customers or others.
We may from time to time transfer (“transfer” includes making available remotely) personal data to countries outside the United Kingdom (and Economic European Area (EEA)).
The transfer of personal data to a “third country” i.e. outside the UK, will only take place if one or more of the following applies:
- Is a country that the United Kingdom has determined to have an adequate level of protection for personal data;
- The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the United Kingdom; compliance with an approved code of conduct approved by a supervisory authority; certification under an approved certification mechanism as provided for in the Regulation; contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;
- The transfer is made with the informed consent of the relevant data subject(s);
- The transfer is necessary for the performance of a contract between the data subject and the Business Design Centre Ltd. (or for pre-contractual steps taken at the request of the data subject);
- The transfer is necessary for important public interest reasons;
- The transfer is necessary for the conduct of legal claims;
- The transfer is necessary to protect the vital interests of the data subjects or other individuals where the data subject is physically or legally unable to give their consent; or
- The transfer is made from a register that, under relevant data protection law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.
SECURITY OF YOUR PERSONAL DATA
We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.
Despite these precautions, however, Business Design Centre Ltd. cannot guarantee the security of information transmitted over the Internet or that unauthorized persons will not obtain access to personal data. In the event of a data breach, Business Design Centre have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will keep your personal data for as long as is necessary for reasons outlined in this Policy, while there is a legitimate business reason for doing so, or where it is in the public interest. Exercising your right to have your data erased by us before this time may not be possible for technical, legal, regulatory or contractual reasons.
ONLINE AND ELECTRONIC COMMUNICATIONS
External Web Links
Our website will contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Business Design Centre Ltd. does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Our core email marketing is carried out through a platform provided by Upland-Adestra. For email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing.
Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to opt out of receiving email marketing communications from us at any time by:
- contacting Joe Mullee using the contact details set out above; or
- using the “unsubscribe” link in emails.
Whilst every member of staff at the Business Design Centre Ltd. has a personal private email address, email which you send to us or which we send to you may be monitored by Business Design Centre Ltd. to ensure compliance with professional standards and our internal compliance policies. Monitoring is not continuous or routine, but may be undertaken on the instruction of Senior Management where there are reasonable grounds for doing so. Occasional spot checks or audits may also be undertaken on the instruction or with the authority of a Director.
Right to Access
You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“data subject access request”). We may refuse to comply with a subject access request if the request is manifestly unfounded or excessive or repetitive in nature.
Right to Data Portability
You may also have the right to receive personal data which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
Right to Rectification
We want to make sure that your personal data is accurate and up to date. You have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can update your details or change your privacy preferences by contacting us as provided in “Contacting us” above. We may refuse to comply with a request for rectification if the request is manifestly unfounded or excessive or repetitive.
Right to Object
With direct marketing you have the right to object at any time to our processing of your personal data for direct marketing purposes.
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to Restrict Processing & Right to be Forgotten
In certain circumstances, you have the right to:
- request the erasure of your personal data erasure (“right to be forgotten”);
- restrict the processing of your personal data to processing in certain circumstances.
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. We may refuse a request for erasure, for example, where the processing is necessary to complete a contractual agreement or comply with a legal obligation. We may refuse to comply with a request for restriction if the request is manifestly unfounded, excessive or repetitive in nature.
EXERCISING YOUR RIGHTS
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
You have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is Information Commissioners Office who can be contacted at https://ico.org.uk or telephone on 0303 123 1113.
POLICY HAS BEEN APPROVED
This Policy will be reviewed and updated on an annual basis, or sooner if required and has been approved and authorised by:
NAME: Joe Mullee
POSITION: Group Finance Director and Company Secretary
DATE: August 2023