Privacy Policy

Your data is personal to you. Lets keep it that way

Our View on Data

We think your personal private data is important to you and should be kept personal and private. You provide us with your personal data so that we can support you or your business. You do not provide us the personal information so that we can sell it. This requires that we have a relationship based on trust and we take this relationship seriously. We refer to it as your data because we genuinely believe it is. We will only share your data with other organisations: because you have asked us to get one of our partners to support you or because we have a legal requirement to.

This privacy notice sets out details on: what data we may collect about you, how we use your data and your rights.

Who this policy is for

This privacy statement is for customers of Batsrock’s Risk Management and Decision Modelling consultancy services. In addition, it applies to suppliers and business customers of Batsrock. It does not apply to customers of Stag Protect and Wisey; these have individual tailored privacy policies that can be found on their brand websites.

Who we are

Why we collect your information

Business Partners, including: insurance companies, appointed representatives, suppliers

What data we collect	We will collect general information such as your name, business address, contact phone number, job title… Depending on the nature of the relationship, we may require proof of identity for example a copy of your passport.
What sensitive data we collect	Depending on the nature of the relationship, we may need to know details of any criminal convictions you have.
Why we collect your data	The generic information is used to enable us to undertake general record keeping and communication. Proof of identity may be used for fraud prevention, anti-money laundering and other such items as required. Details of criminal conviction will be used if your position means that you might be working with vulnerable people or in a position that could facilitate money laundering or fraud.
How we collect your data	Your generic information will be provided by yourself, your company or from public records. Your proof of identity will be provided by yourself or your company. If we require details of criminal conviction you will be asked to provide a DBS check.
Who we will share your data with	Unless required for legal reasons, we do not expect to share this information. If we need to share your information for business reasons, we will agree this with you in advance of it being shared.

Your data is held by our customer

What data we collect	Whilst working on consultancy projects for our customers we sometimes have to process the personal data of their employees or customers. This normally falls into two categories: The first is where we need to provide you with information, for example training. In this situation we will collect your name and contact details. The second situation is where the consultancy work requires that we process information held about you by our customer. In this situation the data will be a subset of the data that is in our customers systems.
What sensitive data we collect	If we are only collecting your contact details, we will not collect any sensitive data. If we are collecting data as part of a consultancy project the data will be a subset of the data held by our customer and specific to the project involved.
Why we collect your data	The data is collected to enable us to fulfil our contractual duties with our customers. Is it either collected to enable us to contact you with information, for example updates and training materials, or to enable us to perform any required analysis.
How we collect your data	Your information will be provided our customer.
Who we will share your data with	Unless required for legal reasons, or as part of our contractual obligations to your employer we will not share your data.

What marketing and profiling activities we carry out

Marketing

As a business partner we will ask if you would like to receive marketing material, and the mediums you would like to receive it by.

In all situations you have the right reverse your decision.

Profiling

We do not undertake any profiling activities on our customers or suppliers.

We may undertake profiling activities as part of our consultancy work if this is required to fulfil our cosultancy work.

Legal basis for collecting and processing data

Under data protection law we must have a legal basis for collecting and processing your data. There are 6 legal bases, but we only use 4 of them.

Person	Consent	Contract	Legal compliance	Legitimate purpose
Business partner	Your marketing preferences.	If we are both party to the same contract, we might have to have basic information on you.		So that we can perform every-day business activities e.g. record keeping.
Customer data	The consent you have provided to our customer to hold and process the data.	The contract with our costumer will outline the processing to be undertaken.

Consent – You have given consent to the processing of your data.
Contract – Processing is necessary for the performance of a contract that you are party to.
Legal compliance – Processing is necessary for compliance with our legal obligations.
Legitimate purpose – Processing is necessary for the purpose of the legitimate interests pursued by us or a 3rd party.

How long do we keep your data for

Transferring data outside the EU

How do we protect your data

Your Rights

Under the General Data Protection Regulation you have a number of rights related to your data. We fully support these rights. If you wish to exercise your rights please contact us using the contact details found below.

Access to your data	You have the right to a copy of the data we hold on you as well as certain details on how we have used it. We will usually provide the information in a password protected PDF file. This will usually be provided by email.
Rectification	We want to hold the most accurate data on you, as this enables us to provide the best service. If you believe that the data is inaccurate or incomplete you can ask us to update the data.
Restriction of processing	In certain situations, you have the right to ask us to stop using your information. This may be because the information is inaccurate or you feel we no longer have a legitimate need to use it.
Withdraw consent	Where we rely on your consent to process the information, you have the right to remove our right to process the information. If you take this step it may limit our ability to support you.
Erasure	This right enables you, in certain situations, to request that we delete your information. We will review you request and take into account other factors, for example a regulatory requirement, to determine if we are able to action your request.
Object	This right enables you, in certain situations, to object to us processing data about you. It is your decision if you wish to receive marketing material from us. You can object to the receiving of this information. You can object to our processing of other information about you. If you object we will consider your objection and determine if we are able to comply with your request or if other legitimate reasons, e.g. legal requirements, overrule your objection.
Data portability	Within certain limitations, you can request that we provide a copy of your personal data to a third party.
Automated decision making	We do not carry out any automated decision making. If we did you would have the right to request that we no longer used an automated method and resorted to a manual method.
Make a complaint	You can complain about: 1. how your personal data has been processed, 2. how your request for access to data has been handled, 3. how your complaint has been handled, 4. appeal against any decision we have made following a complaint. Complaints should be sent to us as set out in our “Contacting Us” section.

Contacting us

Legal

Privacy policy