The British Association of Beauty Therapy and Cosmetology Limited (BABTAC) is a not for profit company, limited by guarantee and owned and managed by its members. Registered in England, No: 06744285 Registered Office: 18c Ley Court, Barnett Way, Barnwood, Gloucester, GL4 3RT, UK
For the purposes of the GDPR, BABTAC is the ‘controller’ and ‘processor’ of the personal data you provide to us
If you have any queries about this Policy, the way in which BABTAC processes personal data, or about exercising any of your rights, please send an email to firstname.lastname@example.org or write to Data Protection, BABTAC, BABTAC Ltd, Ambrose House, Meteor Court, Barnett Way, Barnwood, Gloucester, GL4 3GG, UK
Please read this Policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.
What personal data do we collect?
We may collect and process personal data you provide to us if you:
- enter into a contract with us to receive products and/or services,
- complete a form on our Website;
- complete a survey;
- correspond with us by phone, e-mail, or in writing;
- report a problem;
- sign up to receive our communications;
- create an account with us;
Information we collect about you:
If you visit our Website, we may automatically collect the following information:
- technical information, including the internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit to our Website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
If you enter into a membership and insurance contract this information could include:
- your name, title, company name, date of birth and gender
- contact details including telephone number, postal address & company address, email address (where provided by you)
- copies of your qualifications to verify for insurance purposes
- marriage certificates or documentation for verification of any change to name
- website and social media details (ONLY if requested by member for salon listing)
We may also receive information about you if you use any of the other websites we operate or the other services we provide.
In certain limited cases, such as in industry surveys, we may collect certain sensitive personal data from you - such as age, gender, ethnic origin, qualification details etc. However, we will only do so on the basis of your explicit consent or for insurance compliance purposes
How do we use your personal data?
When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.
Contract performance: we may use your personal data to fulfil a contract, or take steps linked to a contract:
- to provide the products and/or services to you;
- to communicate with you in relation to the provision of the contracted products and services;
- respond to and defend against insurance claims
- to provide you with administrative support such as account creation, security, and responding to issues; and
- provide you with industry information, surveys, information about our awards and events, offers and promotions, related to the products and/or services.
Legitimate interests: where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
- providing you with newsletters, surveys, information about our awards and events, offers, and promotions which may be of interest to you;
- communicating with you in relation to any issues, complaints, or disputes;
- improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website;
- performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns.
- developing, improving, and delivering marketing and advertising for products and services offered
NOTE: you have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights.
Where required by law: we may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who do we share your personal data with?
We may share your personal data with members of staff internally
We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
We may also share your personal data with trusted third parties including:
- insurance brokers, legal and other professional advisers, consultants, and professional experts;
- service providers contracted to us in connection with provision of the products and services such as providers of IT services and customer relationship management services; and
- analytics and search engine providers that assist us in the improvement and optimisation of our Website.
We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
We will share personal data with law enforcement or other authorities if required by applicable law.
How long will we keep your personal data?
For members with insurance, to ensure compliance, the organisation must hold your personal data on file for a minimum of 7 years following the termination of your insurance policy. For Associate memberships, details are kept for minimum period of six years following expiry, to ensure legal, audit and other regulatory requirements are met.
Where you receive marketing communications from us, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.
Where do we store your personal data and how is it protected?
We store your personal data on our secure onsite server. We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where you have a username or password (or other identification information) which enables you to access certain services or parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Under the GDPR, you have various rights with respect to our use of your personal data:
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (or view them directly online through your own personal secure login on the website)
- require the organisation to change incorrect or incomplete data (or contact data and communication opt in options can be amended anytime personally online through your personal secure login)
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
- ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact us. You can make a subject access request by requesting and completing the organisation's Subject Access Request Form.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
If you have any queries about this Policy, the way in which BABTAC processes personal data, or about exercising any of your rights, please send an email to email@example.com or write to Data Protection, BABTAC Ltd, 18c Ley Court, Barnett Way, Barnwood, Gloucester, GL4 3RT, UK
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint the applicable supervisory authority or to seek a remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner’s Office.
Changes to our Policy
Any changes we may make to our Policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our Policy