When we use your data, Bluebell Office Services Limited (also referred to as “we”, “us” or “our” in this privacy notice), is regulated under General Data Protection Regulation (EU - 2016/679). This new regulation (effective from 25th May 2018), applies across all member states of the EU, including the UK; and we are responsible as the ‘data controller’ for your Personal Data for the purposes of compliance with this regulation.
Our use of your Personal Data is subject to your instructions, the requirements of GDPR, relevant UK and EU legislation, and our professional duty of care & confidentiality.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk/). However, we would be grateful if you would contact us first so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your Personal Data changes by emailing us at: - firstname.lastname@example.org
Personal Data We May Collect About You
Personal Data we may collect in part or in whole: -
• Your name, business address and/or mobile phone number
• Electronic contact details (email addresses, social media accounts)
Personal Data we may collect depending on the chosen service we provide, and why you have instructed us: -
• Your financial details specific to your instructions, including your bank/building society details (e.g. for
book-keeping or invoice payments)
• Where applicable, details to enable us to check and verify your identity, (e.g. your date of birth on driving licences or passport details.)
• Details of your professional online presence, (Twitter, LinkedIn, Facebook etc.)
• Details of your medical history/qualifications.
This Personal Data is required to enable us to provide our service to you. If you do not provide the data we ask for, it may prevent us from providing those services to you.
How Your Personal Data Is Collected
Where relevant we may collect information via -
• Direct interactions - you may provide us with data via the “Contact Us” page on our website; or by communicating with us by email, personal visit, telephone, standard post or via our secure online client portals (Dropbox, Microsoft OneDrive, Google Drive etc.) including when you:
o order our products and/or services;
o create an account on our site;
o request resources or marketing be sent to you;
o enter a competition, prize draw, promotion or survey;
o provide us with feedback.
• from publicly accessible sources, (e.g. Companies House, HMRC, HM Land Registry);
• from a third party with your consent, (e.g. your bank or building society, and other financial institutions. We also may engage in relation to your instructions with medical and occupational health professionals);
• We may receive Personal Data about you from various third parties and public sources as set out below:
o analytics providers such as Google based outside the EU;
o advertising networks such as Facebook & Twitter based outside the EU
Why We Use Your Personal Data
Under GDPR, we can only use your Personal Data if we have a specific reason (Lawful Basis) for doing so. The most common uses for our business include:-
The use of your Personal Data may be necessary to perform the agreement you have with us (e.g. to complete your purchase of a product or service from us)
We may use your Personal Data for legitimate reasons (e.g. we rely on our legitimate interest to analyse and improve our products and services from our website.)
We may use your Personal Data to comply with legal requirements (e.g. government agencies - HMRC, Companies House), public authorities and law-enforcement agencies.
Generally, we do not rely on consent as a lawful Basis for processing your Personal Data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at email@example.com.
We may process your Personal Data for more than one Lawful Basis, depending on the specific purpose for which we are using your data for your chosen service(s) from us.
Special Category Data
Special Category Data refers to additional Personal Data covering -
• Religious beliefs,
• Philosophical beliefs,
• Sex life,
• Sexual orientation,
• Political opinions,
• Trade union membership,
• Health, genetic and biometric data.
• Criminal convictions and offences.
By default, we do not collect any Special Category Data about you unless you give us explicit consent in writing in order to assist in processing a specific service we provide for you (e.g. booking & recording health-related appointments)
Marketing & Promotional Material
From time to time, we may use your Personal Data to send you updates (by email, text message, telephone or post) about any new products and/or services that might be of interest to you, including exclusive offers, promotions and competitions.
We have a legitimate interest in processing your Personal Data for promotional purposes (see ‘How Your Personal Data Is
Collected’). This means we do not usually need your consent to send you promotional communications. However, we will ask for this consent separately and clearly before sending you promotional
We will always treat your Personal Data with the utmost respect and never sell OR share it with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by contacting us directly, or where appropriate using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Who We Share Your Personal Data With
We may have to share your Personal Data with the parties set out below for the purposes described in ‘Why We Use Your Personal Data’:-
• Service providers who provide IT and system administration services.
• Professional advisers including bankers, auditors and insurers who provide banking, insurance and accounting services etc.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
We require all third parties to whom we transfer your data to respect the security of your Personal Data and to treat it in accordance with the law. We only allow such third parties to process your Personal Data for specified purposes and in accordance with our instructions.
We may disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations in respect to
GDPR (such as “The Information Commissioner’s Office” – https://ico.org.uk/).
Should the event arise in the future, we may also need to share some Personal Data with other parties, such as potential buyers of some or all of our business, or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Where Your Personal Data Is Held
Your Personal Data may be held at our central office, our service providers and other agents as described in ‘Who We Share Your Personal Data With'). Some of these third parties may be based outside the European Economic Area.
Transferring Your Personal Data Out of The EEA
To deliver services to you, it is sometimes necessary for us to share your Personal Data outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your Personal Data, so European law has prohibited transfers of Personal Data outside of the EEA unless the transfer meets certain criteria.
Some of our third parties service providers are based outside of the EEA, so their processing of your Personal Data will involve a transfer of data outside the EEA.
Whenever we transfer your Personal Data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
• We will only transfer your Personal Data to affiliate countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission (GDPR); or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give Personal Data the same GDPR protection it has in Europe; or
• Where we use providers based in the United States, we may transfer Personal Data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protection to Personal Data shared between Europe and the US
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual, legal, accounting, or auditing requirements.
We will not retain your data for longer than is necessary for the purposes set out in this policy. Different retention periods apply for different types of data.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Currently, by law we have to retain certain Personal Data about our customers for a period of six years after they cease being customers
(e.g. accountancy & tax purposes to satisfy HMRC)
When it is no longer necessary to retain your Personal Data, we will delete or anonymise it.
Keeping Your Personal Data Secure
We have appropriate security measures to prevent your Personal Data from being accidentally lost, damaged, misused or accessed illegally. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have a program of procedures to deal with any suspected data security breach. We will notify you and the regulator (https://ico.org.uk/) of a suspected data security breach where we are legally required to do so.
However, no method of transmitting Personal Data over the Internet or storing Personal Data either locally or on third party Cloud-based-solutions is completely secure. Accordingly, we cannot guarantee the absolute security of your Personal Data.
Our products and services are not intended for people under the age of 18. Furthermore, we do not knowingly collect Personal Data from children under the age of 18. On such an occurrence where we have collected Personal Data of a person under the age of 18 we will delete such information from our files as soon as possible.
Some affiliated third parties and ourselves, may collect Personal Data with the use of "cookies" in order to analyse trends, track users' movements on our website; and to gather demographic information about our user-base as a whole.
Cookies are small text files saved by your internet browser (Google Chrome, Apple Safari, Mozilla Firefox, Microsoft Edge etc.) when you begin browsing our website. This tells us how and when you interact with our products and services. It is also used to check aggregate usage and web traffic. The purpose of this is purely one of performance & key interest indicators so that we can improve our products and services in future revisions to our website.
Your Privacy Rights
Under GDPR, you have the following rights with regards your Privacy Data.
Requests involving the above are provided free-of-charge. However, a reasonable fee maybe charged (ore refused completely) if your request is excessive, malicious, unreasonable or repetitive.
If you would like to exercise any of these rights, please email, call or write to us at our contact address details below. During this process we may need to request security information from you to help us confirm your identity and ensure your right to your personal data. This is to ensure that your Personal Data is not disclosed to any unauthorised person.
For further information on each of these rights, including the circumstances in which they apply, please visit the UK regulator’s website for GDPR (https://ico.org.uk/)
How to Contact Us
Registered Company Name: Bluebell Office Services Limited
Registered Company Address: 108 Rubery Lane, Rubery, Birmingham B45 9AY, UK