British Healthcare Business Intelligence Association (BHBIA)

PRIVACY NOTICE
BHBIA is committed to protecting and respecting your privacy.  We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:
• the personal data we collect about you;
• how we look after your personal data and what we do with it including when you visit our website (regardless of where you visit from);
• with whom your personal data might be shared; and
• your privacy rights and how the law protects you.

WHO WE ARE
British Healthcare Business Intelligence Association is a private company, limited by guarantee, incorporated and registered in England and Wales with company number 9244455 and whose registered office is at St James House, Vicar Lane, Sheffield, S1 2EX.

This Privacy Notice is issued on behalf of the British Healthcare Business Intelligence Association (BHBIA) so when we mention “BHBIA”, “we”, “us” or “our” in this Privacy Notice, we are referring to the British Healthcare Business Intelligence Association who is responsible for processing your personal data.

BHBIA is the controller and responsible for personal information obtained through our website – www.bhbia.org.uk, by phone, email, in letters, from publicly available sources and other correspondence or in person.

PERSONAL DATA WHICH WE COLLECT
Personal data provided by you
We collect personal data about you when you:
• Register as a Member; Certified Non-member or Registered User
• Renew your membership;
• Register for an Event/training;
• Purchase or make payments for any products and services;
• Contact us through our website;
• Sign up to receive our updates;
• Complete feedback or surveys; or
• Participate in competitions or prize draws.

The personal data collected in the above manner may include, but is not limited to:
• full name;
• postal address;
• email address;
• telephone number;
• payment details;
• reservation and/or booking details; 
• information about the way you use our website (see cookie policy for more information)
• image and/or voice captured through photography, filming, videotaping and/or audio recording.

Special categories of personal data
The only special category personal data which we collect from you from time to time via our website is health information. For example, you may ask you to provide us with allergen information so that we can cater appropriately for you and/or access requirements so that we can facilitate appropriate access to the premises where we are operating. We will only collect that special category personal data with your explicit consent and only in relation to the specific event/course you are booking to attend. It will not be kept on file against your permanent profile.

HOW WE USE YOUR PERSONAL DATA
Overview
We collect information about you so that we can:
• Identify you and manage your membership;
• Keep you informed about us and about membership benefits;
• Keep you informed about industry business, legislation and other developments;
• Manage your event/training bookings and ensure that we canprovide you with a personalised and memorable experience with us;
• Process any orders for Products and Services you make with us;
• Assist you with your queries in relation to our organisation;
• Review any papers, submissions, competition or prize draw entries;
• Conduct research, statistical analysis and behavioural analysis;
• Carry out customer profiling and analyse your purchasing preferences to tailor marketing communications
• Detect and prevent fraud;
• Notify you of any changes to our website or to our services that may affect you; and
• improve our services.

In addition, we may directly collect analytics data, or use third-party analytics tools and services, to help us measure traffic and usage trends for the website service generally. (See Analytics and Tracking Information for more about how we monitor website usage).

We may use images and/or voices captured through photography and filming to provide recordings of training to members and promote our activities to interested parties on the basis of legitimate interest. This will be used on digital channels, including websites, and social media, and in print. You can request that we do not use your images or voice by contacting us through the ‘Contact the BHBIA” section of our website.  

Marketing

When we send marketing communications to you we do so because it is necessary for our legitimate interests. Our legitimate interests include contacting you regarding membership of the BHBIA, as well as highlighting relevant courses and conferences, in order to fulfil our objective of empowering the UK healthcare business intelligence community to deliver excellence with integrity. You can request that we stop sending you marketing communications at any time by using the unsubscribe function on our emails, replying to our emails with unsubscribe in the subject line or by contacting us directly through the “Contact the BHBIA” section of our website.

WHEN WE MIGHT SHARE YOUR DATA WITH THIRD PARTIES
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or payment card information. We want to earn and maintain your trust, and we believe this is essential in order do that.

As an essential part of being able to provide our services to you, we do share your data with the following categories of third parties:
• service providers that help us to get any purchases which you make through our website to you, such as payment service providers, delivery companies;
• service providers that help us to run our business such as marketing/design agencies, website hosting providers, website developers and email management system (see Data Security – BHBIA Website and Email Systems for more information);
• professional advisers including lawyers, bankers, auditors and insurers who provide advice to us when we require it;
• law enforcement agencies in connection with any investigation to help prevent unlawful activity; 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. If you would like any more information about the third parties which we work with to provide our services to you, please contact us on the contact details provided later in this Privacy Notice.

In addition when attending BHBIA events  / training courses attendees names and company name will be shared with delegates and speakers unless you explicitly request otherwise.

LEGAL BASIS WE USE FOR PROCESSING YOUR INFORMATION
The GDPR requires Us to rely on one or more lawful bases to use your personal information. We consider the bases listed below to be relevant:
• necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – eg. Membership - Paid Members including Personal / Corporate / Affiliate / Corporate Certified Non-Members / Personal Certified Non-Members and all individuals linked to these membership categories.
• Consent – where individuals positively opt in and consent has been freely given to hold personal information eg. Registered / lapsed users, who actively have registered on the website to receive BHBIA marketing emails.
• Legitimate Interest - We rely on grounds of legitimate interest for processing where we believe it is in the legitimate interests of you, as the data subject, or of the BHBIA to process your data. When we process your personal information in this way, we also consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law). An example of processing based on the grounds of legitimate is sending relevant marketing communications to your work email address.

HOW WE KEEP YOUR PERSONAL DATA SECURE
To protect your information we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner, and all systems that can access the information have the necessary security measures in place.
All employees, contractors and sub-contractors receive the necessary training and resources to ensure they understand their responsibilities in relation to all of our policies and procedures.

In additional to these operational measures we also use a range of technologies and security systems to reinforce the policies and procedures, including ensuring that:
• access to personal data is strictly restricted to those employees who need to access this information as part of their role;
• we store your personal data on secure servers and unauthorised external access to personal data is prevented through the use of a firewall;
• information used for reporting and/or customer profiling purposes is anonymised (so that it does not identify you);
• we store your personal data on secure servers;

To make sure that these measures are suitable, we run vulnerability tests regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled.

For information specifically about data held with the website / email management system see Data Security – BHBIA Website and Email Systems .

HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We shall only retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will then dispose of your information by electronic means or confidential destruction.

If you would like more information about how long we retain specific types of your information, please contact us on the contact details provided later in this Privacy Notice.

TRANSFERS OF YOUR DATA OUTSIDE THE EEA
All information you provide via our website is stored on our secure servers within the European Economic Area (“EEA”). If any data that we collect from you is transferred to, or stored at, a destination outside the EEA at any time, this will be on the basis that there is a level of data protection that is equivalent to that in the EU, or where safeguards have been put in place e.g. EU model clauses, with the addition of the International Data Transfer Addendum issued by the Information Commissioner.

YOUR RIGHTS

The right to access information we hold about you
At any point you can contact us to request a copy of the information we hold about you as well as why we have that information, who has access to the information and where we got the information. Once we have received your request we will respond within 30 days. You can access your information through the website by logging in to “Your Account”, where you can update information provided and change your mailing preferences.

The right to correct and update the information we hold about you
If the information we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated or you can log into the members area and update your details and preferences.

The right to have your information erased
If you feel that we should no longer be using your information or that we are illegally using your information, you can request that we erase the information we hold. When we receive your request, we will confirm whether the information has been deleted or tell you the reason why it cannot be deleted.

The right to object to processing of your information
You have the right to request that we stop processing your information. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your information to comply with your other rights.

The right to ask us to stop contacting you with direct marketing
You have the right to request that we stop contacting you with direct marketing that is outside what is considered reasonable for a membership body to offer member benefits and to ensure good governance of the membership body.

The right to data portability
You have the right to request that we transfer your information to another controller. Once we have received your request, we will comply where it is feasible to do so.

For your security we may need to verify your identity before we process your instructions above.

COOKIES AND TRACKING
Use of cookies
A cookie is a small text file which is placed onto your device when you access our website. We use cookies on this website to:
• recognise you whenever you visit this website (this speeds up your access to the website as you do not have to log in each time);
• obtain information about your preferences, online movements and use of the internet;
• carry out research and statistical analysis to help improve our content, products and services and to help us better understand our customer requirements and interests; and
• make your online experience more efficient and enjoyable.

In most cases we will need your consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a product or service you have requested.

Consent to cookies
If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this Privacy Notice. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.

Turning off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.

For more information about the cookies we use – see cookie policy

TAKE CARE WHEN LINKING TO OUR SOCIAL MEDIA SITES
Our website provides links to our social media sites. Once on any of these social media sites, please take care if you choose to post any information as this will be on a public domain and may be widely accessible. If you would like more information about how any information posted on these sites will be used, please read the sites’ privacy notice carefully.

WEBSITE TERMS OF USE
See our Website Terms of Use for information specifically relating to your rights and obligations when our website.

CONTACTING US
If you have any queries about this Privacy Notice, need further information about how BHBIA uses your personal data or wish to lodge a complaint, please contact us by any of the following means:
• phone us on: 01727 896085
• email us at: admin@bhbia.org.uk
• write to us at: BHBIA, St James House, Vicar Lane, Sheffield, S1 2EX
• contact us using our “Contact the BHBIA” page on the website.

If this does not resolve any complaint you have made to your satisfaction, you may lodge a complaint with the Information Commissioner’s Office.  Further information, including contact details, is available at https://ico.org.uk.

CHANGES TO THIS PRIVACY NOTICE
We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.

Where we have made any changes to this Privacy Notice which affects the manner in which we use your personal data, we will contact you by email to inform you of this change.

This Privacy Notice was last updated on 27th April 2023