BiKBBI Privacy Statement

The British Institute of Kitchen, Bedroom & Bathroom Installation (BiKBBI) takes the security of information seriously. We are registered with the Information Commissioners Office (ICO), who are the data regulator for both The Data Protection Act (DPA) 1998 and The General Data Protection Regulations (GDPR) 2018.

Our ICO registration is: Z1906069.

This privacy notice tells you what to expect when the BiKBBI collects personal information. It applies to information we collect about:

– Visitors to our website
– Our members
– Complainants and other individuals in relation to a data protection or freedom of information complaint or enquiry
– People who use our services, eg who subscribe to our newsletter or request a publication from us
– People who notify under the Data Protection Act / GDPR.

Visitors to our website

The BiKBBI website is secured with an Extended Validation SSL Certificate. This is signified by the ‘https’ prefix on the URL bar and the inclusion of a padlock symbol.

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key. A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.

An SSL certificate contains the following information:

– The certificate holder’s name;
– The certificate’s serial number and expiration date;
– A copy of the certificate holder’s public key;
– The digital signature of the certificate-issuing authority.

When someone visits www.bikbbi.org.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies by the BiKBBI

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do I change my cookie settings? Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

E-newsletter / E-magazine

We use a third-party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy notice.

Security & performance

The BiKBBI uses a third party service to help maintain the security and performance of the BiKBBI website. To deliver this service it processes the IP addresses of visitors to our website.

WordPress

We use a third party service, WordPress.com, to publish our website. This site is hosted at WordPress.com, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.

WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice

Our members

We collect standard and sensitive information from our members in relation to our membership criteria. This information is collected at the point of original application and updated throughout their membership with us. This information is stored for a period of five years after membership expiry and will be deleted / destroyed in line with our legal obligations / current legislation.

Members information will not be shared with any third-party, unless disclosed within this privacy notice. If our installer member works with our retail partners, the retail partner will have access to selected standard information we hold on record, to allow them to manage compliance in conjunction with their agreement with the member.

You have the right to request destruction of your personal data, in line with GDPR. Requests for such action should be made to the Data Manager via the address below.

Current members, from 25/5/2018, will be able to view all information we hold on them, via their membership login to our members website. Expired members can request details (see Access to personal information below).

People who contact us via social media

We use a third-party provider, Hootsuite to manage the majority of our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute.

If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle. Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not, identify any complainants unless the details have already been made public.

People who use BiKBBI services

The BiKBBI offers various services to the public. We use a third party to deal with some publication requests, but they are only allowed to use the information to send out the publications.We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.

People who use our inspection service

The BiKBBI provides expert witness services to our members, retail partners and to the general public. This service is delivered in line with our committment to Part 35 of The Civil Procedure Rules. As such, we hand sensitive information relating to matters that may involve legal proceedings. Information will not be shared with any third party, without the prior consent of those involved, but will be presented to the Courts upon legal instruction.

Whilst The BiKBBI may publish statistics in relation to its inspection service, it never publishes specific details relating to the identity of those parties involved.

People who register (notify) under the Data Protection Act 1998

Many businesses are required by law to ‘notify’ certain specified information to the Information Commissioner. This may contain personal information, for example where the business is a sole trader. The ICO compiles this information into a register which it is required by law to make publicly available. The ICO cannot therefore give any guarantees as to how the information contained on the register will be used by those accessing it.

When businesses fill in their registration forms, they are asked to provide the contact details of a relevant member of staff. ICO will use this for its own purposes, for example where we have a query about a registration, but will not put it on the public register.When we request information as part of the registration process, we make it clear where the provision of information is required by law and where it is voluntary.

Your rights

Under the Data Protection Act 1998 and The General Data Protection Regulations 2018, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Complaints or queries

BiKBBI tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of BiKBBI’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.If you want to make a complaint about the way we have processed your personal information, you can contact us.

Access to personal information

BiKBBI tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you, we will:

– Give you a description of it;
– Tell you why we are holding it;
– Tell you who it could be disclosed to; and
– Let you have a copy of the information in an intelligible form.

To make a request to us for any personal information we may hold you need to put the request in writing addressing it to our Data Manager to the address provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Data Manager.

Disclosure of personal information

In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. Further information is available in our Information Charter about the factors we shall consider when deciding whether information should be disclosed.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review.

This privacy notice was last updated on 17th March 2018.

Data enquiry?

If you would like further information about how we handle your data, or if you would like access to information we hold about you, please contact us:

By mail:

The Data Manager
The British Institute of Kitchen, Bedroom & Bathroom Installation Limited
Riverside Business Centre
Fort Road
Essex
RM18 7ND

By telephone:

01268 412 457

Lines open Monday-Friday, 10am – 4pm excluding public holidays.

By email:

info@bikbbi.org.uk