This Privacy Notice describes how BVA BDRC as a data controller collects, uses and discloses information with respect to our marketing activity, and what choices you have regarding this. We take every reasonable precaution to ensure the privacy and security of your information.

To enable us to fulfil our marketing activity we may ask to collect standard information about you such as your name, email address, telephone number, job title, name of organisation.

Why we process your data
We may process your data for a number of different purposes:

• To keep you up to date with the latest, relevant products we are offering;
• To keep you up to date with the latest, relevant content we’ve published;
• To keep you up to date and invite you to any of our latest, relevant events or webinars;
• To administer any event delegate bookings you’ve bought from us;
• To give you access to relevant products, content and information provided by other companies within the BVA Group.

Our lawful basis for processing your data
It is necessary for us and in our legitimate business interest to:

• Keep clients and other contacts informed of our latest content, products and
  services;
• Use a variety of direct marketing channels and messages to ensure our contacts are kept informed;
• Collect personal data that helps us keep our content targeted and relevant.

We store and process your information within the UK, the European Economic Area (EEA) and the USA. We only work with companies outside of the EEA which we have determined have an adequate level of data protection to help ensure your rights and protections.

We are required by law to keep your personal data only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal data will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations. We review the data we hold at least once every two years. For more information about how we store your data, please contact us directly.

We may receive and store other information, for example:

• Data submitted to our website
• If you participate in an event
• If you participate in any of our market research projects
• If you apply for a job
• If you interact with our social media accounts
• Or otherwise communicate with BVA BDRC.

We won’t share your data with any other third parties outside of the BVA Group unless specifically agreed by you.

You’re in control
You can update your contact preferences or unsubscribe from any contact from us at any time. You’ll find the unsubscribe link in any email from BVA BDRC.

Alternatively, you can email us ISOCompliance@bva-bdrc.com to request your information is removed. You have the right under the Data Protection Act and the EU General Data Protection Regulation to access any information held about you.

You also have the right to the following:

• Object to processing of your data;
• To port data (if automated data collection);
• To erasure of any personal data made public;
• To restrict processing;
• To rectify data held

We will be happy to respond to any of these requests or any issues you may have. You can make a request by emailing ISOCompliance@bva-bdrc.com. You can contact our Data Protection Officers at DPO@bva-bdrc.com.

Please be aware we may need to retain your information on our files to resolve disputes, enforce our user agreement, or for technical and legal requirements and constraints related to the security, integrity and operation of our surveys.

BVA BDRC does not capture or store personal information, but merely logs the user’s IP address which is automatically recognised by the web server. This is used to record the number of visitors to our site. Making our website useful, reliable and easy to use sometimes involves placing small amounts of information on your device, for example your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally and are only used to improve our services for you through, for example:

• enabling a service to recognise your device so you don’t have to give the same
  information several times during one task
• recognising that you may already have given a username and password so you don’t need to do it for every web page requested
• measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast

We will only collect and use personal information in accordance with this policy to the extent deemed reasonably necessary to serve our legitimate business purposes, and we will maintain appropriate safeguards to ensure the security, integrity, accuracy and privacy of the information you have provided. In addition, we will take reasonable steps to ensure that third parties to whom we transfer any personal information provide sufficient protection of that information.

BVA BDRC has security measures in place to protect the loss, misuse, and alteration of the information under our control. Only certain employees have access to the information you provide us and are only granted access for legitimate business purposes.

Our policy will indicate the date it was last updated, but if there is a substantive change in the way that we use your personal information, we will notify you via email of the relevant changes. If you choose to opt out of our changed practice then please email ISOCompliance@bva-bdrc.com.

For more information on BVA BDRC visit our website at www.bva-bdrc.com.
You have the right to lodge a complaint with the way your data has been handled by BVA BDRC with the Information Commissioners Office (https://ico.org.uk)

Last updated: August 2023