This privacy statement is for customers of Batsrock’s Risk Management and Decision Modelling consultancy services. In addition, it applies to suppliers and business customers of Batsrock. It does not apply to customers of Stag Protect and Wisey; these have individual tailored privacy policies that can be found on their brand websites.
Please see our legal notice for details of the company’s this notice applies to.
Business Partners, including: insurance companies, appointed representatives, suppliers
|What data we collect||We will collect general information such as your name, business address, contact phone number, job title…
Depending on the nature of the relationship, we may require proof of identity for example a copy of your passport.
|What sensitive data we collect||Depending on the nature of the relationship, we may need to know details of any criminal convictions you have.|
|Why we collect your data||The generic information is used to enable us to undertake general record keeping and communication.
Proof of identity may be used for fraud prevention, anti-money laundering and other such items as required.
Details of criminal conviction will be used if your position means that you might be working with vulnerable people or in a position that could facilitate money laundering or fraud.
|How we collect your data||Your generic information will be provided by yourself, your company or from public records.
Your proof of identity will be provided by yourself or your company.
If we require details of criminal conviction you will be asked to provide a DBS check.
|Who we will share your data with||Unless required for legal reasons, we do not expect to share this information. If we need to share your information for business reasons, we will agree this with you in advance of it being shared.|
Your data is held by our customer
|What data we collect||Whilst working on consultancy projects for our customers we sometimes have to process the personal data of their employees or customers.
This normally falls into two categories:
The first is where we need to provide you with information, for example training. In this situation we will collect your name and contact details.
The second situation is where the consultancy work requires that we process information held about you by our customer. In this situation the data will be a subset of the data that is in our customers systems.
|What sensitive data we collect||If we are only collecting your contact details, we will not collect any sensitive data. If we are collecting data as part of a consultancy project the data will be a subset of the data held by our customer and specific to the project involved.|
|Why we collect your data||The data is collected to enable us to fulfil our contractual duties with our customers. Is it either collected to enable us to contact you with information, for example updates and training materials, or to enable us to perform any required analysis.|
|How we collect your data||Your information will be provided our customer.|
|Who we will share your data with||Unless required for legal reasons, or as part of our contractual obligations to your employer we will not share your data.|
|Marketing||As a business partner we will ask if you would like to receive marketing material, and the mediums you would like to receive it by.
In all situations you have the right reverse your decision.
|Profiling||We do not undertake any profiling activities on our customers or suppliers.
We may undertake profiling activities as part of our consultancy work if this is required to fulfil our cosultancy work.
Under data protection law we must have a legal basis for collecting and processing your data. There are 6 legal bases, but we only use 4 of them.
|Person||Consent||Contract||Legal compliance||Legitimate purpose|
|Business partner||Your marketing preferences.||If we are both party to the same contract, we might have to have basic information on you.||So that we can perform every-day business activities e.g. record keeping.|
|Customer data||The consent you have provided to our customer to hold and process the data.||The contract with our costumer will outline the processing to be undertaken.|
- Consent – You have given consent to the processing of your data.
- Contract – Processing is necessary for the performance of a contract that you are party to.
- Legal compliance – Processing is necessary for compliance with our legal obligations.
- Legitimate purpose – Processing is necessary for the purpose of the legitimate interests pursued by us or a 3rd party.
We will keep data about business partners for either 3 Years or the length of time we are legally required to. We will store it for no more than the longer of these two periods.
If your data is held by our customer and is being used as part of our consultancy work, we will only keep data for the time required to undertake the consultancy work.
We do not usually need to transfer your data out of the EU. In the event we do we have controls in place to ensure that your data is protected to the same level as if the transfer had occurred within the EU.
We think your personal private data is personal and private to you and has the right to stay that way. We have internal procedures on safeguarding data, that include how we destroy data, how we share data and who has access to the data.
Under the General Data Protection Regulation you have a number of rights related to your data. We fully support these rights. If you wish to exercise your rights please contact us using the contact details found below.
|Access to your data||You have the right to a copy of the data we hold on you as well as certain details on how we have used it. We will usually provide the information in a password protected PDF file. This will usually be provided by email.|
|Rectification||We want to hold the most accurate data on you, as this enables us to provide the best service. If you believe that the data is inaccurate or incomplete you can ask us to update the data.|
|Restriction of processing||In certain situations, you have the right to ask us to stop using your information. This may be because the information is inaccurate or you feel we no longer have a legitimate need to use it.|
|Withdraw consent||Where we rely on your consent to process the information, you have the right to remove our right to process the information. If you take this step it may limit our ability to support you.|
|Erasure||This right enables you, in certain situations, to request that we delete your information. We will review you request and take into account other factors, for example a regulatory requirement, to determine if we are able to action your request.|
|Object||This right enables you, in certain situations, to object to us processing data about you.
It is your decision if you wish to receive marketing material from us. You can object to the receiving of this information.
You can object to our processing of other information about you. If you object we will consider your objection and determine if we are able to comply with your request or if other legitimate reasons, e.g. legal requirements, overrule your objection.
|Data portability||Within certain limitations, you can request that we provide a copy of your personal data to a third party.|
|Automated decision making||We do not carry out any automated decision making. If we did you would have the right to request that we no longer used an automated method and resorted to a manual method.|
|Make a complaint||You can complain about:
1. how your personal data has been processed,
2. how your request for access to data has been handled,
3. how your complaint has been handled,
4. appeal against any decision we have made following a complaint.
Complaints should be sent to us as set out in our “Contacting Us” section.
If you have any questions or comments about our privacy notice, or wish to make contact in order to exercise any of your rights set out within, please contact us using any of the following methods:
Ring: 03333 445 654
Post: Data Protection, Batsrock Group, 21-22 Bath St, Frome, Somerset, BA11 1DJ.