Privacy notice

This privacy notice explains Built Environment Forum Scotland’s policy regarding personal data. It applies to visitors to our website, individuals who sign-up to newsletters, register for our events or contact us by telephone, e-mail or other means. It also applies if you are or are applying to become a Member or Associate Member of BEFS.

Who we are

We are Built Environment Forum Scotland (BEFS), a membership organisation that acts as a strategic intermediary for Scotland’s built environment sector. We are a registered Scottish charity (Scottish Charity number SC 034488) with offices at 125 Princes Street (3rd Fl)
Edinburgh, EH2 4AD. For details, see About BEFS.

Under the General Data Protection Regulation (Regulation (EU) 2016/679) and related data protection legislation, we are a Data Controller.

What this Policy covers

We are committed to protecting your personal data and your privacy. This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, or that we acquire from a third party, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

Before we process your personal data, we are obliged to inform you of who we are, why we need to process your personal data, what we will do with your personal data and to whom we will pass your personal data.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Our website, bulletin and correspondence may contain links to other organisations that have their own privacy policies. Please make sure you read their terms and conditions and privacy policy carefully, as we do not accept any responsibility or liability for websites of other organisations. This privacy policy applies solely to information collected by BEFS.

If we change our privacy policy, we will place an updated version on this page. This version of our privacy notice was last updated in May 2018.

Personal data we collect

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity of the individual has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  1. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, job title, employer.
  2. Contact Data includes billing address, delivery address, email address, telephone numbers, social media handles and profiles.
  3. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
  4. Usage Data includes information about how you use our website or newsletter.
  5. Requirements include dietary or access requirements when registering for an event.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we collect your personal data

We use different methods to collect data from and about you, including:

Direct interactions. You may give us your personal data by filling in forms, or registering for an event; or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • fill in forms;
  • fill in forms on our website;
  • register for a service (e.g. newsletter or event registration);
  • complete a survey;
  • contribute towards research; or
  • give us some feedback;

Automated technologies or interactions. As you browse or interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, for example, Identity and Contact Data from a project partner or publicly available sources, such as Companies House and government or parliament web pages.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where it is necessary:

  • for us to carry out a specific task in the public interest, which is laid down by law; or
  • for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data.

We have set out below a description of all the ways we use your personal data, and which legal basis we rely on to do so.

Note: we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

 

Activity Type of data Purpose Lawful basis for processing
Browsing and interacting with our website Technical

Usage

Use data analytics to improve the website, services and user experience Legitimate interests: to maintain, improve and update our Website, keep it relevant and to develop our services
When you sign up for our newsletter Identity

Contact

Usage

In order to send you the newsletter and monitor engagement with its content Consent: when you sign up you are opting-in to receive the newsletter

Legitimate interest: to manage and improve content

When you register for our events Identity

Contact

Requirements

Manage attendance; contact you if there are any changes; request feedback Legitimate interest: in order to manage the event, including dietary or access requirements; improve on events; produce outcomes from events
When you contact us or we contact you Identity

Contact

Manage our relationship with you, the built environment sector and stakeholders Legitimate interest: to fulfil BEFS business objects to inform, debate, evaluate and advocate on behalf of the built environment sector
Filling out forms Identity

Contact

Manage membership Legitimate interests: to perform services as a membership forum
When you provide feedback; complete a survey; or contribute towards research Identity

Contact

Conduct research on behalf of sector; policy consultation responses; reports; improve on events and services Legitimate interest: to fulfil BEFS business objects to inform, debate, evaluate and advocate on behalf of the built environment sector

Sharing personal data

We may have to share your personal data with third-party service providers or ‘processors’ to fulfil our contractual obligations to you. For example, we use Mailchimp for mailing our newsletters and Eventbrite for managing our events.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Note: if you are a Member or an Associate Member, you have opted-in to having your identity and contact details shared with other BEFS members. For a complete list of BEFS members, see our Members page.

International data transfers

Personal data submitted to us to purchase online tickets and subscribe to our newsletter is transferred to, and stored at a destination outside the European Economic Area. At present it is being transferred, stored and processed in the United States of America. These transfers occur via Mailchimp and Eventbrite, which as both Privacy Shield certified, which means they comply with EU data protection legislation (General Data Protection Regulation). By providing us with your information you agree to such international data transfer and storage in accordance with the terms of this Policy.

How long we retain your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cookies

A “cookie” is a small text file, which helps the server to identify your computer but not the individual. The cookies help us to make your visitor session a more personal, and enriching experience. If you wish not to have this facility you are able to disable cookies using that option in your particular browsers settings. Please see our separate Cookies Policy for details.

Legal disclaimer

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website.

How we protect personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Download our Personal Data Protection Policy

Your Rights

You can object or withdraw your consent to the use of your personal data at any time. Though in some cases we may not be able to provide your requested service (e.g. bulletin subscription) where the information processing is an integral part of the service. We will tell you if this is likely to be the case.

Subject to some legal exceptions, you have the right to:

  • request a copy of the personal information BEFS holds about you;
  • to have any inaccuracies corrected;
  • to have your personal data erased;
  • to place a restriction on our processing of your data;
  • to object to processing; and
  • to request your data to be ported (data portability).

To learn more about these rights please see the Information Commissioner’s Office website.

Please address any such requests to BEFS through the Contact page.

If you are dissatisfied with our response you can complain to the Information Commissioner’s Office:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Fax: 01625 524 510

How to contact us

If you have any questions about how we collect, store and use personal data please Contact us

Built Environment Forum Scotland
125 Princes Street (3rd Fl)
Edinburgh
EH2 4AD
www.befs.org.uk
Telephone: 0131 220 6241
Email: info@befs.org.uk

Last update: May 2018