pfbb UK Privacy Policy

Introduction

Welcome to the Partnerships for Better Business Ltd pfbb UK Privacy Policy.

Our Privacy Policy refers to our commitment to treat information of employees, job candidates, clients, customers, suppliers, stakeholders and other interested parties with the utmost care and confidentiality.

As part of our operations, we need to obtain and process information. This information includes any offline or online from which a person can be identified. We try to ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

Who we are

Partnerships for Better Business Ltd (also trades as pfbb UK) is a Private Limited Company registered in England and Wales. Company Reg No: 05576356    VAT No: 202 0008 95

In this policy, references to ‘we’, ‘us’, ‘our’ and ‘The Company’ are to Partnerships for Better Business Ltd (pfbb UK).

References to ‘our website’ or ‘the website’ are to www.pfbbuk.co.uk

References to Company Staff or Employees are to those individuals directly employed by pfbb UK

References to ‘the Managing Agent’ refer to Partnerships for Better Business Ltd (pfbb UK) acting as contract and project managers, on behalf of the BID  as one of our clients. In this capacity we act as Data Processors. The scope of this work is covered by the contractual arrangements between us and the client. This policy does not cover any activity undertaken by our clients or their other suppliers which are not covered by pfbb UK contractual arrangements with that client. (see section What we do)

 

How to contact us

If you have any requests concerning your personal information or any queries with regard to these practices please contact

The Operations and Finance Director at:

Email: [email protected]

Telephone: 01332 419051

Post: Partnerships for Better Business Ltd (pfbb UK). Iron Gate House, 10 Iron Gate, Cathedral Quarter, Derby DE1 3FJ

Please note that all data thus captured will be used and held in accordance with the requirements of Data Protection Legislation

You have the right to make a complaint about how your personal data is handled at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

Informing us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

 

What we do

We act both as a Data Controller and a Data processor.

We are Data Controllers of our own data which includes the data of:

  • Employees who work directly for our company.
  • Self-employed people who act as business surveyors
  • Suppliers who supply our business directly.
  • Prospective clients
  • Others who make enquiries via our website or other means of communication

We are Data Processors for our Clients

  • We work with a range of clients as a consultant to help them develop and deliver Business Improvement Districts. These clients may contract us as the Managing Agent.
  • Certain information is provided to us (as a Managing Agent) to enable us to communicate with businesses/individuals on the basis of lawful basis, legitimate interest  or consent with regard to Business Improvement District activity
  • In these instances, we may act as a manager for their employees, and as the strategic support or project deliverer for their company activities.
  • We liaise with suppliers on behalf of these clients and we work with other suppliers who also provide services direct to these clients.

Our relationship with our clients, suppliers and other contractors are covered under our Terms and Conditions of Engagement, Data Sharing Agreement and Data Processing Agreements as relevant

 

Who is covered under this Policy?

Employees of our company and its subsidiaries must follow this policy.

The specific work we do for a client when we are the Managing Agent.

We request that any contractors, suppliers, partners and any other external entity that we work with are compliant with Data Protection Legislation and follow the principles in this policy where appropriate

 

How we advise our Company Staff about the information we collect

Employees are referred to the pfbb UK Privacy standard (internal) Policy with regard to the data that they handle, to the pfbb UK Employees Data Policy with regard to the Data we hold on employees and to the pfbb UK Staff Handbook.

 

The types of data we collect about you

We may collect this data in our own right as pfbb UK or on behalf of our client if we are acting as Managing Agent

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, details of your employer and place of work.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Membership Data includes dates that you became a director or a member either of our own company (or on behalf of the clients for which we are Managing Agents)  etc., and information necessary  for you to be registered on Company’s House as a director.

 

If you use our website, we may collect the following information:

Identity data and Contact Data: your name, company name, email address and telephone number

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • (Your IP Address is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website)
  • This technical data recorded by the Website allows us to recognise you and your preferred settings; this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject, or warn you before downloading cookies, information regarding this may be found in your browsers ‘help’ facility.

Usage Data includes information about how you use our website, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

 Special Categories of Personal data. In any other instance, if we do collect any special category data accidentally or incidentally we do not store it and delete it as soon as reasonably practical after becoming aware that we have it.

 

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

 

How is your personal data collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your details by filling in forms online or offline or by corresponding with us by meeting, post, telephone, email or otherwise.

  • This includes personal data you provide when you use our website to make an enquiry on our website

 

When we liaise with you or you liaise with us regarding prospective or active contracts

  • For clients, you provide us with your details. This information will be added to throughout the period of time during which we act for you and kept in accordance with our data retention procedure
  • For suppliers we collect information when we trade with them and this may arise very early in the process eg: at tender or quote stage.
  • For introducers (prospective enquirers) to the Company, we collect information through direct interaction, or from business cards, introduction letters, incoming mail shots etc provided by the enquirer, where your consent is then reconfirmed back to you.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.   See our pfbb Website Terms of Use

 

How we use Cookies. A “cookie” is a type of tracking software. It is a small, unique, text file that is sent to your browser from a web server and which asks permission to be placed on your computer’s hard drive. Once you agree, the cookie helps analyse web traffic. Cookies allow web applications to respond to you as an individual.  The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We run Google Analytics, to aid the management of the site and for the purposes of authentication. We also use cookies to help you access our maps services, store session information and improve the users experience when navigating the website. We only use this information for statistical analysis purposes. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below

Technical Data from the following parties:

  • analytics providers such as Google based outside the EU;
  • advertising networks and
  • search information providers
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from data brokers or aggregators
  • Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register .

 

When we are acting as Managing Agent (Data Processor)

We may collect or receive the following additional information relating to the development of or the project delivery for a Business Improvement District

This data may be collected from

  • Our client
  • NNDR Non Domestic Business Lists from Local Authorities. This may include  data relating to the recovery of levy collection debts
  • Business contact details collected direct from individuals
  • BID websites or social media from members of the public
  • Public interaction
  • Data provided to us by the BID/Data Controller.

 

Once this information is available to us, the following rules apply.

Our data will be:

  • Accurate and kept up-to-date
  • Collected fairly and for lawful purposes only
  • Processed by the company within its legal and moral boundaries
  • Protected against any unauthorized or illegal access by internal or external parties

Our data will not be:

  • Communicated informally
  • Stored for more than a specified amount of time
  • Transferred to organizations, states or countries that do not have adequate data protection policies
  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically we must:

  • Let people know which of their data is collected
  • Inform people about how we’ll process their data
  • Inform people about who has access to their information
  • Have provisions in cases of lost, corrupted or compromised data
  • Allow people to request that we modify, erase, reduce or correct data contained in our databases

To exercise data protection we are committed to:

  • Restrict and monitor access to sensitive data
  • Develop transparent data collection procedures
  • Train employees in online privacy and security measures
  • Build secure networks to protect online data from cyberattacks
  • Establish clear procedures for reporting privacy breaches or data misuse
  • Include contract clauses or communicate statements on how we handle data
  • Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)

We do not subject any personal data we hold to automated decision making including profiling

We do not handle any data which relates to children.

 

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
  • Where we are acting in our capacity as a Managing Agent

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

See our policy pfbb UK Lawful basis for processing data for more details on the basis that we will rely on to process your personal data.

Please contact us if you need details about the specific legal basis we are relying on to process your personal data

 

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out / unsubscribe links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions

 

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

What we do with the information we collect

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • To respond to your enquiry
  • To process your order, to provide after sales service (we may pass your details to another organisation to supply/deliver products or services you have purchased and/or to provide after-sales service).
  • In certain cases we may use your email address to send you information on our services related to your enquiries to us or previous services we have provided you with.
  • We may also use your information to contact you for market research purposes or keep you informed of our activities and opportunities. We may contact you by email, phone or post.
  • We may use the information to customise the website according to your interests.

When we are acting as Managing Agent (Data Processor) on behalf of our client

  • communicate with parties in relation to that BID and to process their activities and transactions  in our capacity as Data Processor for them

 

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • You may check the ‘Optin box’ on any online or offline form  to indicate your preference for receiving information by email and post opt in
  • Whenever you are asked to fill in a form on the website or in person, look for the box that you can check to indicate that you do not want the information to be used by anybody for direct marketing purposes.
  • If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at the email address at the top of this policy or selecting the unsubscribe option on our emails.
  • If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
  • Please also see the section under Disclosures/Sharing your information with regard to how to restrict access to your data in the case of Third Party Links

 

Will you be sent information that you did not ask for?

If you have provided us with your consent, we will use your personal information to keep you updated  about our services and information in relation to Business Improvement District projects, activities  and opportunities. This may be through an occasional  email based newsletter or occasional postal newsletters.

Where appropriate you may be sent email communications relevant to content on the website or to keep you informed of relevant changes to the service, this may also include planned outages and operational changes to the website.

In each case, if you wish not to receive such communications, unsubscribe to the enewsletter (normally displayed at the end of the email)  or unsubscribe from the settings in the webpage. If you have any queries regarding this issue please contact us .

 

When we are acting as Managing Agent (Data Processor) on behalf of our client

  • any data sent to you will be on our clients behalf in accordance with your preferences  and their legal basis for liaising with you

 

Disclosures /Sharing your information

We may have to share your personal data with the parties set out below for the purposes set out above

External Third Parties

  • We may use third parties to carry out certain activities, such as processing and sorting data, and issuing our e-mails for us. These third parties must at all times provide the same levels of security for your personal information as us  and, where required, are bound by a legal agreement to keep your personal information private, secure and to process it only on our  specific instructions.
  • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • We will not share your data with other third parties unless we are obliged to disclose personal data by law, or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation, for our legitimate business interests, is in the public interest or we have your consent

These include

Mail Chimp (email marketing system) The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA    (Certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework)

FBI Direct Limited, (Postal mailing house) 3 Enterprise Way, Jubilee Business Park, Derby, DE21 4BB

 

 Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

 

We may use third parties to carry out certain activities such as monitoring how customers use the website. These third parties are listed below

  • Google Analytics:

The component of Google Analytics (with the anonymizer function) has been integrated on our website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

  • Linked In.

Components of the LinkedIn Corporation have been integrated on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES.   For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

  • Twitter

Components of Twitter have been integrated on our website. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread ‘tweets’

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

  • YouTube

Components of YouTube have been integrated on our website. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

 

When we are acting as Managing Agent (Data Processor) on behalf of our client , we may be required to work with specific External Third Parties on behalf of our client

We may need to pass the information we collect to other companies who act on our behalf, as our Managing Agents for BID project delivery, for administrative purposes, or by whom we are contracted to act on their behalf as the Managing Agent for project delivery.  If we do share your personal information with in this instance it will only be in the circumstances set out below.

  • We may interact with third parties as  specified by  our client or as required as part of our remit to deliver our contract
  • During BID Development work, NNDR data will be shared to us as the Managing Agent for the BID
  • During BID Delivery or Project Support services for a BID, NNDR data or data relating to the recovery of levy collection debts will be shared between us as the Managing Agent for the BID and the BID (as our Client) in accordance with the Operating Agreement with the Clients local authority, our Data Sharing Agreement or our contract with the Client.
  • We may also supply your personal information to the commissioning BID and related NNDR team (if we are contracted by them to be their Managing Agent for their BID) government bodies and law enforcement agencies but only: if we are required to do so by the BID Operating agreements, BID Regulations or requirements of any applicable law; if in our good faith judgement, such action is reasonably necessary to comply with legal process; to respond to any legal claims or actions; or to protect the rights of our company, the BID client, its customers and the public

 

International transfers

We do not transfer your personal data outside the European Economic Area (EEA).

 

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will comply with this in line with our internal Data Breach Policy and our Information Security Policies.

 

Period of time that data will be kept /Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

  • Data relating to clients and suppliers will be maintained for such periods as are laid down by the professional bodies responsible for the conduct of the Company and/or statutory and regulatory requirements.
  • Data relating to prospective enquirers will be kept for 7 years.

 

When we are acting as Managing Agent (Data Processor) on behalf of our client

  • Data relating to BID Levy payers will be maintained for the duration of the contract.
  • Data relating to project delivery will be retained for 7 years after the end of the BID Development (unless pfbb UK is retained as Managing Agent) / or 7 years after BID Delivery is completed.

 

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.  To exercise these rights, please contact us.

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Please note that we do not handle data that is applicable for data portability.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

 

Subject Access Requests

You may request details of personal information which we hold about you under the Data Protection Legislation.  Subject Access Requests will be dealt with in line with Data Protection Act 2018 .

If you would like a copy of the information held on you, or to exercise any of the rights set out above, please contact us to request a pfbb UK Subject Access Request Form .

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

When we may not comply with a Subject Access Request

If we feel that your request is vexatious, or complying with it would involve disproportionate effort on our part, breach the confidence of someone else or breach the law then we will not comply with it and we may not inform you of the reason for non-compliance (depending on what that reason is)

 

Internet-Based Transfers

Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.

 

References to pfbb UK policies

The following pfbb UK policies are available upon request in writing to us (See section on How to Contact us)

 pfbb UK Lawful basis for processing data

pfbb UK Website Terms of Use

pfbb UK Cookie Policy

pfbb UK Subject Access Request  Form Template

 

Changes to the Privacy Policy

We will keep our policy under review.

This policy was last updated on 22 June 2018 v1.2

Historic versions are can be obtained by contacting us.