Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, borne™ / Borne Agency Ltd
- “you”, “the user” refer to the person(s) using this website
- GDPR means General Data Protection Act
- PECR means Privacy & Electronic Communications Regulation
- ICO means Information Commissioner’s Office
- Cookies mean small files stored on a user’s computer or device
All data subjects whose data is processed by borne™.
Fair Processing Notice
Data protection law says that we are allowed to use personal information only if we have proper reason to do so. This includes sharing it outside of borne™.
These are the ways we may use your personal information and which of the reasons we rely on to do so:
|What we use your personal information for||Our Reasons||Our legitimate interests|
|To manage our relationship with you and your business||Your consent||Keeping our records up to date|
|To develop new ways to meet our customers’ needs and to grow our business||Fulfilling contracts||Keeping our records up to date|
|To develop and carry out marketing activities||Our legal duty||Working out which advice would be relevant to you|
|To detect, investigate, report and seek to prevent financial crime||Our Legitimate interest||Being efficient about how we fulfil our legal duties|
|To manage risk for us and our customers||To save someone’s life or in a medical situation||Complying with regulations that apply to us|
|To obey laws and regulations that apply to us||To carry out a public function|
|To respond to complaints and seek to resolve them||Our legal duty|
What is Personal Data?
Under the EU’s General Data Protection Regulation, Personal Data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Special Categories of Personal Data
Certain data is classified under the Regulation as ”special categories”:
- Ethnic origin
- Political Opinions
- Religious Beliefs
- Trade-union membership
- Genetic Data
- Biometric Data
- Health Data
- Data concerning a natural person’s sex life
- Sexual orientation
Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
Why does borne™ need to collect and store Personal Data?
In order for us to provide you with services, we need to collect personal data for correspondence purposes and/or detailed service provision.
In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We may pass your personal data on to Third Party service providers who are contracted to borne™ in the course of dealing with you.
Our contractors are obliged to keep your details securely and use them only to fulfil the service requested. Once your service need has been satisfied or the case has been closed, they will dispose of the details in line with our firm’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do so.
How borne™ uses your information
Borne™ will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR).
We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. We will keep your data for as long as you are a customer or staff member of borne™.
After you stop being a customer or staff member of borne™ we reserve the right to keep your data for longer for one of the following reasons
- To respond to any questions or complaints
- To show that we have treated you fairly
- For Legal reasons
- Regulatory Reason
- Technical Reasons
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Information about connected individuals
We may need to gather personal information about your close family members and dependents in order to provide our service to you effectively. In such cases it will be your responsibility to ensure that you have the consent of the people concerned to pass their information on to us. We’ll provide a copy of this privacy notice for them or, where appropriate, ask you to pass the privacy information to them.
How do we collect personal information?
Data you give to us:
- When you talk to us on the phone, at our office or at external meetings
- When we provide marketing advice
- When you apply for products and services
- When you use our website
- In emails, letters and mobile devices
- In financial reviews
- If you take part in competitions
Data from third parties
- Companies that introduce you to us
- Social networks
- Fraud prevention agencies
- Medical practitioners
- Government and law enforcement agencies
Who we share your personal information with
- HM Revenue & Customs, regulators and other authorities
- Fraud prevention agencies
- Any party linked to you or your business
- Organisations that introduce you to us
- Companies that we introduce to you
- Companies you ask us to share your data with
- Product providers
- Fund houses
Where is your information processed?
The majority of your information is processed in the UK and European Economic Area (EEA)
However, some of your information may be processed by us or third parties we work with outside of the EEA, including countries such as the United States.
Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we put checks in place that they meet these obligations.
If you choose not to give personal information
We may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot advise on your accounts which could mean that we cancel our service you have with us.
Any data collection that is optional would be made clear at the point of collection.
We may use your personal information to tell you about news about borne™ or contact you about events.
You can ask us to stop sending you marketing messages by contacting us at any time.
How to get a copy of your personal information?
You have the right to request a copy of the information that we hold about you. If you’d like a copy of some or all of your personal information, please write to us at the below address or email email@example.com:
FAO Data Protection Squad
Borne Agency Ltd
2nd Floor, St James Mill
What if you want us to stop using your personal information?
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the right to object and right to erasure or the right to be forgotten.
There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.
How to complain
Please let us know if you are unhappy with how we have used your personal information by contacting us.
You have the right to complain to the Information Commissioner’s Office.
Information collected is stored in the United States, and Google may transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
If you dismiss the cookies warning bar that appears when you visit the site, we store a cookie that records that you have seen the warning. No personalised information is stored, and we do not track this information in any way. The cookie that is set is used merely to stop you seeing the warning repeatedly when browsing the site.
Two cookies are created automatically by systems used in our infrastructure. These hold no identifiable information and are used purely in the provisioning of the site.
The cookies used, and their lifespan are detailed below:
- __utmc – google – session (will be deleted when you close your browser)
- __utmb – google – 30 mins
- __utmz – google – 6 months
- __utma – google – 2 years
- ADMINDYNSRV – server – session
- DYNSRV – server – session
- “cookiebar” – site – 24 hours
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third-party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also contact us at firstname.lastname@example.org and we would be happy to remove you from any lists.
Our EMS provider is Mailchimp. We hold the following information about you within our EMS system:
- Email tracking – open rates, click rate, activity
- Email address
- P address
- Subscription time & date
- Contact preferences
- Favourite email client
- Favoured email format
- Last time account was updated