The Productivity Group, trading as Be the Business (“Us”, “We”, “Our”), is a charitable company limited by guarantee with registered charity number 1173660. Registered office address: 10 Queen Street Place, London, England, EC4R 1AG.
We are committed to protecting your privacy and will only use the information that we collect about you lawfully in accordance with data protection legislation. This policy is intended to give you an understanding of how and why we use the information you provide to us both online (our website is located at digital.bethebusiness.com (the “Website”)) and otherwise.
(1) What information do we collect about you?
(2) Where and how do we collect your personal information?
(3) Why will we process your personal information?
(4) Our legal bases for processing your information
(5) How we use your personal information
(6) Legitimate interests
(7) Will we share your information with others?
(8) Disclosures of your personal information
(9) How do we protect the security of personal data?
(10) How long do we keep your data for?
(11) Your privacy rights
(13) How to contact us
(14) Cookies notice
Please read this policy carefully to understand how we will collect, use and store your data.
To make a Subject Access Request, please have a look at our guidance document and then use our request form.
Questions & Answers
1.1 We collect personal data about you for a number of reasons, including communicating with you, responding to requests for information, to provide you with access to our resources (including our tool Benchmark your Business) and events. Where we refer to personal information in this notice, it might include any/all of:
(a) Identity information including your name, gender, date of birth, username, and social media ID’s or similar identifier.
(b) Contact information including your billing address, delivery address, email address and telephone numbers.
(c) Your business information, including your business name, unique company number, job role, number of employees, turnover, business region, business sector, business size, and incorporation date.
(d) Technical information including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. We use this information for the operation of the service, to maintain and improve the quality of the service, and to provide general statistics regarding use of the Website.
(e) Profile information including your username and password, your interests, preferences, feedback and survey responses.
(f) Usage information including information about how you use our website, products and services.
(g) Marketing and Communications information including your preferences for receiving marketing from us and our third parties and your communication preferences.
1.2 We also collect, use and share aggregated information. This includes statistical or demographic data. Aggregated information may be derived from your personal information but is not usually considered personal information as this data does not directly or indirectly reveal your identity. For example, we may aggregate usage information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated information with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.
1.3 On occasion we also collect sensitive personal data about individuals, for example, health information. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law.
1.4 We also collect information about the use of our website using cookies (see the Cookies section of this policy for more information).
2.1 We collect personal information in the following ways:
(a) Directly from you – this includes where you sign up to create an account, sign up to join a group, or communicate with us.
(b) From third parties – this includes members of our Partner Leadership Group and corporate partners.
(d) To understand supporters –we work hard to ensure our work is effective. This includes us developing an understanding of our supporters by research through publicly available sources. We may obtain personal data from publicly available information and combine this with personal information to understand more about the interests and motivations of supporters. We may do this to enable us to tailor and target our communication and engagement (including in relation to the level at which you could support us). We will only use publicly available information from reputable sources (for example, from newspapers, postings on LinkedIn, information held on Companies House or information otherwise in the public domain).
(e) Cookies (and automated technologies or interactions) – we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see below for more information on cookies.
(f) Third Party Websites – When you use our website or otherwise engage with us, you may receive links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we would please encourage you to read the privacy notice of every website you visit as that will govern how that website will process your personal information.
3.1 We will process your data for the following reasons:
(a) Deliver services, literature and/or other materials and information you have requested from us;
(b) To provide you with access to our resources, including the Benchmark your Business tool;
(c) To help you be an Ambassador for us;
(d) To send you updates about our work, along with information future programmes and events.
(e) For our own internal administrative purposes and keep a record of your relationship with us;
(f) To manage your communication preferences;
(g) To conduct surveys, research and gather feedback;
(h) To produce reports and studies based upon our activities (only anonymised data to be included in the publication);
(i) To comply with applicable laws and regulations, and requests from statutory agencies.
4.1 UK data protection law (the General Data Protection Regulation) requires us to have a “legal basis” for processing (using) your personal data. The legal basis we rely on are:
(a) Where we have your specific consent to use your personal information for a specific purpose. Please see “How will we use the information about you”.
(b) Where we process your personal information for our legitimate interests. Please see “Legitimate Interests”.
(c) Where the processing of personal information is necessary to perform a contract with you.
(d) Where the processing of personal information is necessary to comply with a legal or regulatory obligation that applies to us (for example, in some instances, we may be required to share your information with the Charity Commission, Information Commissioners Office or other regulators) or to use your information for due diligence or ethical screening purposes.
5.1 We will not sell your personal information. We only wish to contact you in a way that is consistent with our relationship (how you would expect to be contacted and with materials you would expect to receive from us).
5.2 Our communications may include information about our objective and activities, the projects we’re involved with and the impact of your support as well as requests for financial support at a corporate level. We will use your personal information to tailor and target our communications to you.
5.3 We will use your personal information:
(a) To send you marketing communications by email, SMS or to contact you by phone for marketing and fundraising purposes where we have your consent.
(b) To send you marketing communications by post based on legitimate interest or otherwise where we process your personal information based on our legitimate interests. For more information on this, please see “Legitimate Interests”.
(c) To manage our work effectively and provide you with the best experience by analysing and segmenting our supporter base, to enable us to tailor and target our approach and provide the best service and experience according to your interests as well as in relation to the level of support you may be able to provide.
(d) Profiling your personal data: An important component in Be the Business being able to match mentees with suitable mentors is by profiling your personal data. We use elements of your personal data such as business type, the kind of help you need, age band, location, email, ethnicity and gender and use this to find a suitable match, and in some cases we use an algorithm to help us. You will be informed that we are using an algorithm to match you before you sign up to any mentoring scheme and you will be asked for your explicit consent for us to use automated profiling on your personal data
(e) For research and analysis purposes – this may include inviting you to participate in surveys or research or analysing usage data from our website to improve our content or user experience.
(f) For the provision of services or “administration” – this may include:
- Dealing with gifts in kind or corporate sponsorship, including communications to confirm and say thank you, or for other administrative reasons relating to your gift.
- Dealing with any transaction you enter into with us and for us to fulfil any contract with you (for example, where you sign up to an event).
- Preparing reports about our work, services and events.
- When you contact us to ask questions.
- If you provide any content to us.
- Monitoring website use (to enable us to improve user experience).
- Responding to your enquiries, contacts or requests about your personal information.
- Notifying you about changes to the website or our services.
- For internal record keeping (we will keep a record of our relationship).
- Carrying out fraud prevention (and money laundering checks), undertaking credit risk activities and in relation to legal claims we take or defend.
- To safeguard those who work for or with us (or we otherwise engage with).
6.1 When we use legitimate interest as the legal basis for processing, we will consider and balance any potential impact on you and your rights before we process your personal information for our legitimate interests and will only proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the interests of our organisation in conducting and managing our operations to enable us to give you the best service and the best and most secure experience. Specific examples of this include:
(a) Sending you information and marketing materials to your postal address.
(b) Analysis and profiling of our supporters.
(c) Using third party sources to keep your postal address up to date.
(d) Use of personal information to monitor use of our website (and apps) for technical purposes.
7.1 We do not share, sell or rent your information to third parties for their marketing purposes, unless we have your explicit consent to do so. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law.
7.2 We may allow our staff, consultants and/or external providers (data processors) acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to analyse data and to process payments). (See “Disclosures of your personal information”.) We only provide them with the information they need to deliver the relevant service, and ensure that we take steps to ensure that they process personal data in a secure manner.
8.1 We may share your personal information with the following third parties set out below:
Analytics, tracking and search engine providers
We may share data with analytics and search engine providers who assist in the optimisation of our site and our services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HMRC / Other Regulators
Where we are under a legal duty to disclose of share your personal information in order to comply with legal obligations, including to HM Revenue & Customs, regulators and other authorities (who require reporting of processing activities in certain circumstances).
We work with various partners, including business partners, suppliers and subcontractors who will process data on our behalf. These suppliers include those who provide us with IT, system administration and other services and the providers of other services (including market research).
8.2 We may share your personal information to enforce or protect our legal rights, or the safety of those who work for us, or with us, our beneficiaries, donors or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.3 If we merge (or if we were to sell any part of our operations), including where Be the Business or its assets are acquired by another charity or other third party, personal data will be one of the transferred assets.
8.4 We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. Some of our partners run their operations outside of the EEA (European Economic Area) and this may include countries who have different data protection laws. We will always take steps to make sure appropriate protections are in place (in accordance with UK data protection law) and that information is safeguarded.
9.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
9.2 While we will use all reasonable efforts to safeguard your personal data, the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us.
9.3 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
10.1 Be the Business has a Records Management Policy and a retention schedule for all information and data, please contact firstname.lastname@example.org if you would like a copy. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.2 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you no longer have a relationship with us, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
10.3 If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
11.1 You have a number of rights under data protection legislation. These include:
(a) Right of access
You have the right know what information we hold about you and to ask, in writing, to see your records. We will provide you with details of the records we hold as soon as possible and at latest within one month, unless the request is complex. We may require proof of identity before we are able to release the data. Please use the details in the “Contact us” section if you would like to exercise this right.
(b) Right to be informed
You have the right to be informed how your personal data will be used. This policy as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
(c) Right to withdraw consent
Where we process your data on the basis of your consent (for example, to send you marketing texts or e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section.
(d) Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section.
(e) Right to restrict processing
In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
(f) Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.
(g) Right of rectification
If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details in the “Contact us” section.
(h) Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
If you are unhappy with the way in which we have handled your personal please contact us at email@example.com. You are also entitled to make a complaint to the Information Commissioner’s Office - https://ico.org.uk/.