Privacy - Bright Blue Day

Privacy

We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it. It also explains how we’ll store and handle that data, and how we keep it safe.

1. Who are we?
We are Bright Blue Day Limited, a UK Limited Company number 4535919. Our Registered Office is at Parkway House, 26 Avenue Road, Bournemouth BH2 5SL.

2. The legal bases we rely on
• Consent
In specific situations, we can collect and process your data with your consent. When collecting your personal data, we’ll always make it clear to you which data is necessary in connection with a particular purpose.
• Contractual Obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
• Legal compliances
If the law requires us to, we may need to collect and process your data.
• Legitimate Interest
In specific situations, we may require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

3. When do we collect your personal data?
• When you contact us, via telephone, email or via our website.
• When you engage with us as a client, a supplier, an advisor, an employee and during other legitimate business activities.

4. What sort of personal data do we collect?
When you engage with us as a third party we may collect information including, but not limited to your name, gender, occupation, employer name and address, email and telephone number.

If you are engaged directly with us as an employee we may collect additional information including, but limited to, your home address, personal email and personal telephone number, National Insurance number, previous employment details and next-of-kin details.

5. Visitors to our website
Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.

5.1. Google Analytics
When someone visits our website at www.brightblueday.com we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

5.2. Online forms
If you fill out one of our website forms (for example on the “Contact Us” page) the data is stored in a secure database and a notification email which includes that data is sent to the relevant team within our company. As our site uses SSL (https) the data you submit using the contact form will be encrypted once you press the “Submit” button.

5.3. Hosting
Our website is hosted by Rackspace within the UK.

5.4. Data Security
We are aware of how much data security matters to all of our clients, suppliers and employees. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

All data we hold is stored securely on systems hosted by ourselves or approved third-parties.
We regularly monitor these systems for possible vulnerabilities and attacks, and all appropriate measures are undertaken to ensure their security.

6. People who call our office
Should you contact our offices by phone any data collected will stored and processed in line with this Privacy Notice.

7. People who contact us via email
Should you contact us by email your email will be stored on Microsoft’s servers and will only be accessible to our employees and our IT support partners. All emails are subject to virus scanning and junk mail filtering.

8. People who are our customers
We retain customer data sufficient and necessary for the ongoing efficient provision of our services to our clients. The provision of our services may include communication with our customers, invoicing, and for contractual and legal purposes. Customer data is stored both locally and on cloud-based systems and is generally stored for six years following the cessation of trade with a customer.

9. Employee data
Employee data sufficient for the lawful conduct of our business is collected directly from employees, and occasionally provided by third parties (for example from tax authorities or where we have received a reference as part of a recruitment process). Data is stored in both local and third-party cloud-based systems.

10. Recruitment
As part of our recruitment processes we will collect personal data relevant only to employment opportunities. Data is collected either directly from applicants or from third-party recruitment businesses. Data is stored both locally and on cloud-based systems and is retained for no longer than for six months from receipt.

11. Data Retention
Whenever we collect or process your data, we will only store the data for as long as is necessary for the purpose for which it was collected or as long as it is lawful for us to do so (for example this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).

12. Third party processors
We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use a number of third-party organisations, e.g. accountants, HR support, etc.

In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply.

13. Processing of data outside the EEA
Sometimes we will need to share your personal data with third parties outside the European Economic Area (EEA).The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

14. Your rights
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website:
https://ico.org.uk/for-the-public/

14.1. Complaints
If you want to make a complaint about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/

14.2. How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. Should you wish to do so please contact us, using the contact details below.

In addition if you wish to raise concerns about the way we are processing your data or would like to raise an objection, then please email us via psst@brightblueday.com with your concerns.

15.3. Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.

14.4. Erasure of your data (the “right to be forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems.

If you wish to exercise your right to be forgotten, please contact us via the contact details below.

14.5. Portability
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a CSV export of your data.

14.6. Access to your data
You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request.

To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.

15. Disclosure of information
We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.

16. More information
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk

17. How to contact us
If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact:

Rob Headlam rob.headlam@brightblueday.com 01202 669090