Call +44 (0) 1179 666 761 or email info@bescorporate.net to speak to our specialist team

Privacy Policy

 

This privacy policy sets out how BES Rehab Limited and its related companies (BES) uses and protects any personal data with regard to the collection, storage, access and processing of such information under EU Regulation 2016/679, commonly known as the General Data Protection Regulation or GDPR.

BES is committed to ensuring that your privacy is protected. We place the highest importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals we deal with.

Depending on how you came into contact with the company or its subsidiaries and what your ongoing relationship with the company is, we will be holding and processing your data for different periods and reasons.

 

In Brief

Personal data is information that can be used to help identify an individual, such as name, address, phone number, or an email address.

BES is required to process the personal data of individuals (also known as “data subjects”) as part of its business practices. Individuals can include, but are not limited to, customers, suppliers, business contacts, and any other individuals with whom we have a direct or indirect relationship.

While it’s important that you read this policy to understand what information we collect, how we may use it, and what your rights are, we understand that you may not have time right now to do this, so we’ve added this quick summary:

  • We collect information about customers, suppliers, business contacts, and any other individuals we have a direct or indirect relationship with
  • We collect information to provide services or goods, to provide information for administration, research, analysis, and for the establishment and defence of legal claims
  • We only collect the information that we need or that would be useful to us to ensure we meet your needs
  • We never sell your data and we will never share it with another organisation for marketing purposes
  • We only share data where we are required to do so by law or with carefully selected partners who do work for us. All partners are required by their contract to treat your data as carefully as we would, to only use it as instructed, and to allow us to check that they do this.

That’s our policy in brief: please read the full policy. If you have any questions about privacy or how we process your data you can direct these to our Data Control Officer by emailing info@bescorporate.net.     

 

Where is your data held?   

We use an Enterprise Resource Planning (ERP) system called NetSuite (owned by Oracle), so the vast majority of the structured personal data that we hold is held within NetSuite. This is a cloud-based system which means that the data is stored on servers separate from our organisation. These servers are based within the EU and, as required in the GDPR, we have a contract with NetSuite stipulating their responsibilities under GDPR as a data processor.

We also use BOX, which is also a cloud solution meaning that the data is stored on servers separate from our organisation. On BOX we store unstructured data such as contracts, forms and the like as Word documents or PDFs.

Some data is held on devices used by employees such as mobile phones, laptops, and PCs. We have a policy to keep this to a minimum and for practical purposes only, for instance our sales representatives will hold names and phone numbers of customers that they see frequently. All our devices are password protected. We will never hold sensitive data, or “risky” data such as credit card details, or details of people’s medical conditions on such devices. Unless of course you send this data in an email, in which case it will remain on devices for a period of time until it can be stored elsewhere in a more secure fashion.

Some data are held in a physical format such as a paper form. As far as is reasonably possible, we will endeavour to digitise this data.

From time to time we use the services of 3rd Party companies to be able to send out mailings or e-shots. In these cases, data is extracted from NetSuite into Microsoft Excel and transferred to these 3rd Party providers. They only hold the data for as long as is required to perform the task we have asked them to perform, and then the data is either deleted or returned to us. As required by the GDPR we always seek to use reputable providers and have a contract with these 3rd Party providers to ensure that they act in accordance with the regulation.

From time to time we will also extract data from NetSuite into Microsoft Excel for internal processing, such as sales analysis. These data will therefore temporarily be stored on an employee’s device for the duration of the processing and then deleted once complete.

We use Microsoft Exchange for our emails. This means data stored within emails are stored on Microsoft’s servers, and on devices synchronised with the servers. We have a policy of deleting emails after 3 years unless they carry information that may need to be accessed for legal reasons over a longer time period.

 

Your Rights

The General Data Protection Regulation provides data subjects with the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to be forgotten
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making & profiling

You can make a request in relation to any of the above to the Company at any time and we will respond as soon as we can and at the latest within one month of the request. As long as the request is reasonable and not repetitive we will not change anything for such requests. If the request is unreasonable or repetitive then we will charge a fair administration fee proportionate to the amount of work involved, and this will be made known to the individual before conducting the work.

BES will comply in all capacities to fulfil our obligations as set out below.

 

The Right to be Informed 

This is all about transparency, so you know what data an organisation holds and what it is doing with it. BES will only collect and process personal data for and to the extent necessary for the specific purpose or purposes set out below.

Privacy Policy

The Right to Access

This enables you to see the exact data held by an organisation. If you wish to make a request for access please contact our Data Control Officer by using the details provided below.

 

The Right to Rectification

This entitles you to force an organisation to make corrections to the data held on you. If you wish to make a request for rectification please contact our Data Control Officer by using the details provided below.

 

The Right to Erasure

Under the General Data Protection Regulation Data Subjects hold the right to have their personal data erased. This is also known as ‘the right to be forgotten’. This right is not absolute and is only applicable in certain circumstances.

You have the right to erasure if:

  • the personal data is no longer required for the purpose(s) which we collected or processed it
  • we are relying on the lawful basis of consent for holding the data and consent is removed
  • we are relying on the lawful basis of legitimate interests to process the data, you object to the processing and we have no overriding legitimate interest to continue this processing
  • we are processing the data for direct marketing purposes and you object to this processing
  • we have processed the data unlawfully
  • it is a requisite for legal compliance that we do so
  • we have processed the data to offer services to a child.

If you wish to make a request for erasure please contact our Data Control Officer by using the details provided below.

Please note that we cannot keep a record that you have requested to have your data erased. If for whatever reason, your data is received again in a lawful manner in the future, we may make contact again. You would need to follow the above process to then have your data erased.

 

The Right to Restrict Processing

The right to restrict processing gives individuals the ability to limit the way BES uses their data and presents an alternative to erasure.

You may request the restriction of processing due to issues within the information we hold about you, or if you have an issue with how we have processed your data. In most cases, restrictions on processing are not required to be indefinite, but they will need to be in place for a certain amount of time and only lifted once we have notified you.

If you wish to make a request for restriction please contact our Data Control Officer by using the details provided below.

 

The Right to Data Portability

This right allows you to obtain and reuse personal data for your own purposes across different services. This right entitles you to move, copy, or transfer personal data from one IT environment to another without hindrance to usability.

This right only applies:

  • to personal data you have provided to us
  • where processing is based on consent or the performance of a contract; and
  • when processing is carried out by automated means.

Where requests are granted BES will provide data in an open and commonly used machine-readable format which allows the data to be used by other organisations.

Where requested (and technically feasible) we will transmit the data directly to another organisation/data controller.

If you wish to make a request for portability please contact our Data Control Officer by using the details provided below.

 

The Right to Object

This right gives you the ability to object to specific processing activities carried out by BES. Unlike the right to restriction, objections are usually permanent in nature.

You have the right to object to:

  • direct marketing (including profiling) in all forms
  • processing for purposes of scientific/historic research and statistics
  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)

Where BES receives an objection to processing for purposes of direct marketing, BES will cease all processing of the subject’s personal data for those purposes regardless of time, and without delay, or charge. We have no grounds to refuse or challenge an objection to processing for the purposes of direct marketing.

If you wish to object to processing activities please contact our Data Control Officer by using the details provided below.

 

Rights in relation to automated decision making & profiling

BES does not use automated decision making, including profiling, in any of its current practices.

BES will undertake a thorough Data Protection Impact Assessment, including a review of this policy prior to engaging in any automated decision making or automated profiling activities.

If you have any questions please direct them to our Data Control Officer by using the details provided below.

 

Complaints

You can contact us directly with any concerns or complaints by contacting our Data Control Officer using the details provided below.

Alternatively, you can contact the Information Commissioners Office by phone on 0303 123 1113 or by visiting their website https://ico.org.uk.

 

Data Breach Notification

If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of Individuals (“data subjects”) (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), BES has a policy and procedure to inform the Information Commissioner’s Office of the breach without delay, and in any event, within 72 hours of BES becoming aware of it.

In the event that a personal data breach is likely to result in a high risk (higher than stated above) to the rights and freedoms of individuals, BES will ensure that all affected are informed of the breach directly and without undue delay.

 

Contact Details for Data Control Officer

Email: info@bescorporate.net

Telephone: 44 117 966 6761

In writing to:

Data Control
BES Rehab Ltd
131 South Liberty Lane
Ashton Vale
Bristol
BS3 2SZ

 

Cookies on the BES Websites

Cookies are used to track information for Google Analytics and for the Content Management System to enable BES to optimise the site and its content and provide the most valuable information and resources we can to our customers.

 

BES and Direct Marketing

BES’ communication policy works on a basis of “opt-in” only with regards to direct marketing. At the point where we collect your data, you will be asked if want to receive direct marketing content from BES.

You may object to any direct marketing you receive from BES at any time. Where we receive an objection to direct marketing, we will cease all processing of your personal data for these purposes regardless of time, and without delay or charge.

If opted in to receive marketing communication, we collect information surrounding how you use our marketing email communication, for example whether you open them and which links you click on.

We have no grounds to refuse or challenge an objection to direct marketing.

 

Links to Other Websites From BES Websites

Our website contains links to other websites of interest. Please note that once you have used these links to leave the BES websites, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

© 2018 BES Rehab Ltd

BHTA-ISO-9001
BHTA-Logo