At Banking Competition Remedies Limited (BCR), maintaining your privacy is important to us and we take precautions to safeguard your information. This notice applies where we are acting as a data controller with respect to your information; in other words, where we determine the purpose and means of the processing of that information. This notice sets out the basis on which your information is collected, stored and used by us.
- Who we are and how to contact us
- Information we collect
- How and why we use information
- Sharing of your information
- Your rights
- Storage, transfers and retention
- Making changes to this information
1 Who we are and how to contact us
This is the Privacy Notice of Banking Competition Remedies Limited (also referred to throughout this policy as ‘BCR’, ‘we’, ‘us’, or ‘our’). BCR collects and uses information in the ordinary course of business and is therefore responsible for ensuring that it uses that information in compliance with all applicable data protection laws. This Privacy Notice governs the handling of your information by BCR. This Privacy Notice explains how your information may be held and used by BCR.
If you have any questions or concerns regarding our Privacy Notice, or how we process your information, please contact us via email at firstname.lastname@example.org or by postal service at:
Bank Competition Remedies Limited,
4th Floor Thomas House,
84 Ecclestone Square,
London, United Kingdom,
2 Information we collect
By “information” we mean all of the personal information about you that we collect, use, share and store. Most of the information collected by us is information which you have provided to us directly.
Information we collect from you when you visit and/or request to receive information from our website (by way of a non-exhaustive list):
- personal contact information (e.g. first name, family name, position in the company, company name, company email address, business phone number, business address, city, postcode and country); and
- how you access and use our website or other digital services (e.g. your IP address, your location, the device and software being used, pages visited, content viewed, links and buttons clicked through).
Information that we collect or generate about you includes (by way of a non-exhaustive list):
- the BCR services or products which you have engaged with and our interactions with you; and
- your visits to BCR websites.
In addition to the categories of information described above, BCR will also process further anonymised information and data that is not processed by reference to a specific individual. Your information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports which may be shared within BCR.
3 How and why we use your information
We process your information to the extent necessary for us to provide communications to you, meet our regulatory obligations and for other legitimate purposes permitted by applicable law. Your information may be stored and processed by us in the following ways and for the following purposes (by way of a non-exhaustive list):
- understanding your needs and interests;
- allowing you to use and access the functionality provided by our website services;
- communicating with you, where you have requested or consented, regarding any product or service or any other situation where you have engaged us to provide you with information;
- recording of incoming and outgoing calls for training, monitoring, and security purposes;
- reviewing and improving the performance of our website and your use of it (including any personalisation which you may have indicated and which we have retained using cookies;
- managing and administering our business;
- complying and assessing compliance with applicable law, rules and regulations and internal policies and procedures;
- administering and maintaining databases that store information;
- anonymisation that enables us to undertake market research, analysis and developing statistics from information that is not referenced to a specific individual; and
- to deal with requests from you to exercise your rights under data protection laws.
Whenever we use information, we make sure that the usage complies with all applicable laws. We use your information on the following legal bases:
- ‘Contract performance’ – the information needed to deliver your account, product or service.
- ‘Legal obligation’ – we are required by law to process your information (e.g. to verify your identity or for crime prevention purposes), in connection with any legal proceedings (including prospective legal proceedings); or in order to establish or defend our legal rights.
- ‘Legitimate interest’- we’re allowed to use your information where, on balance, the benefits of us doing so are legitimate and not outweighed by your interests or legal rights (e.g. to enable BCR to evaluate proposals and determining who will receive the grants).
- ‘Consent’- in some cases we may obtain your consent to use information in a particular way or where the law requires consent to be obtained (e.g. if you consent to us sending information about new products. Whenever ‘consent’ is the only reason for us using the information you have the right to change your mind and change or withdraw your consent).
4 Sharing of your information
We may share your information within BCR for the purposes described above. All of our employees and contractors are required to follow our data privacy and security policies when handling information.
We may also share your information with the following recipients;
Official bodies: We share information; to the extent that we are required to do so by applicable law, with governmental bodies or by a law enforcement agencies,
Service providers: we share information with service providers who perform services for us (including cloud services, data storage, sales, marketing, investigations, and customer support). Our contracts with our service providers include commitments that they agree to limit their use of information and to comply with privacy and security standards at least as stringent as the terms of our Privacy Notice.
Third-party relationships: we share your information with affiliated third parties. These third parties will be subject to appropriate data protection obligations.
5 Your rights
You have the following rights under data protection laws within the EU. In most cases you can exercise them free of charge.
You have the right to:
- be informed about the processing of your information;
- have your information corrected if it is inaccurate and to have incomplete information completed;
- object to or restrict processing of your information. Please note that there may be circumstances where you object to, or ask us to restrict our processing of your information but we are legally entitled to refuse that request;
- withdraw your consent to processing of your information at any time. Please note, however, that we may still be entitled to process your information if we have another legitimate reason for doing so (e.g. we may need to retain information to comply with a legal obligation);
- have your information erased in certain circumstances. Please note that there may be circumstances where you ask us to erase your information but we are legally entitled to retain it;
- request access to your information and to obtain information about how we process it;
- move, copy or transfer your information;
- receive some information in a structured commonly used and machine-readable format and/or request that we transmit that data to a third party where technically feasible. Please note that this right only applies to information which you have provided directly to BCR and may not always apply;
- lodge a complaint with the relevant data protection regulator if you think any of your rights have been infringed by us; and
- be informed how your information is used in relation to automated decision making which has a legal effect on or otherwise significantly affects you.
Please note that if you withdraw your consent for the future processing of your information we may be unable to send you some marketing communications or information regarding events sponsored by BCR. Additionally note, when we send you marketing, you will always be provided with an option to unsubscribe or opt out of receiving further marketing from us.
If you wish to exercise any of the rights above please contact us at email@example.com or by postal service at:
Bank Competition Remedies Limited,
4th Floor Thomas House,
84 Ecclestone Square,
London, United Kingdom,
In the EU, you have the right to complain to the data protection regulator in your jurisdiction. As our headquarters are in the UK, you can also contact the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
6 Storage, transfers and retention
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving BCR. Otherwise, we keep your personal information: (i) for as long as needed to provide you with access to services you have requested; and (ii) where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.
The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (the “EEA”). It may be processed by staff operations outside the EEA who work for us or for one of our service providers.
Where we transfer your information to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to information being transferred outside of the EEA, for example, this may be done in one of the following ways:
- the country that we send the information to might be approved by the European Commission as offering an adequate level of protection for information;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your information;
- the country that we send the information to may subscribe to an “international framework” intended to enable secure data sharing;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit us to otherwise transfer your information outside the EEA.
You can obtain more details of the protection given to your information when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your information) by contacting us via email at firstname.lastname@example.org
We have physical, administrative, procedural and technical safeguards in place to protect your information from unauthorised access, use or disclosure. We also contractually require that our third party service providers protect such information to the standard required in the EEA. We regularly adapt these controls to respond to changing requirements and advances in technology.
As a condition of employment, BCR employees are required to follow all applicable laws and regulations, including data protection laws. Access to sensitive information is limited to those employees who need it to perform their roles. Unauthorised use or disclosure of confidential client information by a BCR employee is prohibited and may result in disciplinary measures.
8 Making changes to this information
We will keep this information up to date and we will notify you of any changes by posting on this website and sending messages through a secure channel or any other reasonable means.