REFCOM | Privacy Policy

2. Our values and what this privacy policy is for

We respect your privacy and want you to be familiar with how we collect, use and disclose information directly or indirectly relating to you as an individual ("Personal Data"), and the rights that you have in this regard.

This privacy policy (the "Privacy Policy") describes how we, as a data controller, process your Personal Data when you use our Website, and when you interact with us in relation to our business and services. We use "you" to mean users of our Website and the individuals with whom we interact.

If you have any queries or feedback on this Privacy Policy, you can contact us by using the contact information in Section 16 of this Privacy Policy.

3. Your Key Rights

You have various rights in respect of our use of your Personal Data as set out in more detail in Section 7. Two of the fundamental rights to be aware of are that:

You may ask us to stop using your Personal Data for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
You may ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person's, legitimate interest.

4. Your confirmation to us

Please read this Privacy Policy carefully to understand how we handle your Personal Data. By engaging with us in the ways set out in this Privacy Policy, you confirm that you have read and understood it, as it applies to you.

5. What personal data do we process about you?

a. How we collect your personal data

We collect your Personal Data in the following ways:

When you submit Personal Data to us. We collect Personal Data about you when you actively provide it to us, for example when you send us an email, register on the Website, call us or provide us with any Personal Data in any other manner.
When you use our Website. We collect some Personal Data about you automatically as you use our Website.
When you use our services. We may collect some Personal Data about you when you use our products and services, such as when you use our software, sign up for an account or use other services available on our Website.
From your employer. We may receive some Personal Data from your employer or your employer's company website.
From third parties. We may collect some Personal Data from selected third parties who have the right to share the information with us, such as other companies in the BESA group, third party service providers and selected industry partners.
When we procure services. When we procure services from third parties, we collect certain Personal Data to manage this relationship (or prospective relationship), such as contact details made available to us and information about how you use our products and services.
When you visit us. We may collect some Personal Data from you when you visit one of our offices, such as contract information and from CCTV recordings in our buildings.
Other publicly available sources. We may collect your Personal Data from publicly available sources such as LinkedIn, RocketReach or Companies House.

b. what personal data we process

We process the following Personal Data about you:

"Contact Information" means Personal Data such as your first and last name, job title, phone number, email address, and postal address.
"Data and Usage Information" means information about how you use our Website, what content you have interacted with, which website you came from, the number of visits to the Website and traffic data about how long you visit our Website for. We use cookies to track user sessions on the Website. Please see the "Cookies" section below for more information.
"Preferences Information" means information about your preferences set for notifications, marketing communications, acceptance of legal terms and information about how you prefer to interact with our Website.
"Profile Information" means Personal Data required to establish your account such as your first and last name, a username, email address, your date of birth and age, your gender, your business information, country of residence, employer details, qualifications, skillcards, National Insurance number.
"Technical Information" means information about the type of internet browser and operating system you use, your internet protocol (IP) address, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using.
"Relationship Information" means information about our professional relationship with you and your employees, such as a customer-supplier information (pitch documents, information from third parties such as LinkedIn, ID details and other data related you the provision of products and services).
"Bank Card Information" means payment details including the name on the relevant credit or debit card, card type, card expiry date, credit card number, security number, bank account number and sort code.

c. Why we process your data

The purposes for which we process your Personal Data and the relevant legal bases for that processing are set out in the table below.

Please note that we need certain types of Personal Data so that we can provide services to you and perform contractual and other legal obligations that we have to you. If you do not provide us with such personal information, or if you ask us to delete it, you may no longer be able to access certain services.

Purpose for Processing	Categories of Personal Data Processed	Legal Basis for Processing	Processing Operations
To provide you with information regarding our services and updates or additional services available from us and other BESA group companies and selected third parties.	Contact Information	This processing is necessary for our legitimate interests, which are to provide you with information about us and the services offered by us and selected third parties.	For this purpose we will collect, record, store and use your Personal Data.
To provide you with and manage our services (including training (as required) and helpdesk services) and deal with any enquiries or complaints you may have.	Contact Information Profile Information Bank Card Information	Our processing of your Personal Data for this purpose is necessary either for: us to fulfil a contract with you; compliance with a legal obligation to which we are subject; your consent; or pursuing our legitimate interests which are to provide you with the services or with information on our services we would reasonably expect you to have an interest in.	For this purpose we will collect, record, store and use your Personal Data.
To inform you about changes to the Website, including to relevant terms and conditions and this Privacy Policy.	Contact Information Data and Usage Information	Our processing of your Personal Data for this purpose is necessary either for: compliance with a legal obligation to which we are subject; or pursuing our legitimate interests, which are to inform you well in advance of those changes taking effect.	For this Purpose, we will collect, record and store your Personal Data.
To send you direct marketing communications by email about services, events or any other activities which may be of interest to you.	Contact Information Profile Information Preferences Information	This processing will be based on: our legitimate interests to do so for marketing and business development purposes; or if you are a sole trader or a non-limited liability partnership, your consent. If you have ticked an option to receive marketing from us, your consent	For this purpose, we will collect, record, store, use and organise your Personal Data.
To improve our services and provide you with more relevant information.	Profile Information Technical Information Data and Usage Information	Depending on the circumstances, our processing of your Personal Data is on the basis of: your consent; or it being necessary for the purposes of legitimate interests pursued by us, which are to promote our business, activities and updates.	For this purpose, we will collect, record, organise and use your Personal Data.
For our own research to understand our users and how they use our services and our Website to help us adapt and improve them appropriately.	Technical Information Data and Usage Information	Our processing of your Personal Data for this purpose is on the basis of your consent.	For this purpose, we will collect, analyse, record, store, organise and use your Personal Data.
To create aggregated and anonymised reports (including to build a company profile) and measure the performance of our products and services.	Technical Information Contact Information Service Usage Information	This processing is necessary for our legitimate interests, which are to improve our products and services.	For this purpose, we will collect, organise and use your Personal Data.
To ensure that the content on the Website is presented in the most effective manner for you and your device.	Technical Information Data and Usage Information	Our processing of your Personal Data for this purpose is on the basis of your consent.	For this purpose, we will collect and use your Personal Data.
To provide you with a safe, smooth, efficient and customised user experience.	Technical Information Data and Usage Information Profile Information	Depending on the circumstances, our processing of your Personal Data is on the bases of: your consent; as is necessary for compliance with a legal obligation to which we are subject; or as is necessary for the purposes of legitimate interests pursued by us, which are to ensure the proper and compliant operation of our Website and services.	For this purpose, we will collect, record, store, organize and use your Personal Data.
To procure and use services	Contact Information Relationship Information	Our processing of your Personal Data for this purpose is necessary for pursuing our legitimate interests to run and operate our business.	For this purpose, we will collect, record, store, organize and use your Personal Data.
To comply with our legal obligations, court orders or government authority requests, when we reasonably believe that we are legally required to disclose your Personal Data.	All categories of Personal Data in Section 5	Our processing of your Personal Data for this purpose is for compliance with a legal obligation to which we are subject.	For this purpose, we will collect, record, store, organise, retrieve, disseminate, restrict and use your Personal Data.
To identify any fraudulent activity being committed.	Profile Information Technical Information Data and Usage Information Service Usage Information	Our processing of your Personal Data for this purpose is necessary for pursuing our legitimate interests which are to protect our organisation against fraud.	For this purpose, we will collect, record, analyse, store, organise and disseminate, use your Personal Data.
To ensure the safety and security of people and property	Profile Information (including from CCTV images)	Our processing of your Personal Data for this purpose is necessary for pursuing our legitimate interests which are to ensure the safety and security of people and property	For this purpose, we will collect, record, analyse, store, organise and disseminate, use your Personal Data.
To lawfully enforce our legal rights and perform our obligations and allow us to pursue any available legal remedies or limit the damages we may sustain.	All categories of Personal Data in Section 5	Our processing of your Personal Data for this purpose is for compliance with a legal obligation to which we are subject.	For this purpose, we will collect, record, store, organise, retrieve, disseminate, restrict and use your Personal Data.
To conduct internal audit and reporting processes, ensuring adequate insurance coverage for our business, ensuring the security of facilities, research and development, and to identify and implement business efficiencies.	All categories of Personal Data in Section 5	Depending on the circumstances, our processing of your Personal Data is on the bases of: as is necessary for compliance with a legal obligation to which we are subject; or as is necessary for the purposes of legitimate interests pursued by us, which are to verify the accuracy and processes of our business operations.	For this purpose, we will collect, record, analyse, store, organise and disseminate, use your Personal Data.

Before using your Personal Data for any purposes which fall outside those set out in this Section 5, we will undertake an analysis to establish if our new use of your Personal Data is compatible with the purposes set out in this Section 5. Please contact us using the details in Section 16 if you want further information on the analysis we will undertake or have taken.

d. The personal data we don't collect

We will not intentionally process the following sensitive Personal Data, referred to as "Special Category" data: racial or ethnic origin; political opinions; religion or philosophical beliefs; health or medical condition; criminal background; trade union membership; genetic or biometric data; or sexual life or orientation.

Please do not send, nor disclose, any Special Category data to us.

6. Cookies

As described in the table above, when you use our Website and online products and services, read our emails, or otherwise engage with us through a computer or mobile device, we may automatically collect information about how you access and use the relevant content and information about the device you use to access the content. When we send you emails, we place a pixel on your device to understand whether you have opened the email and read it. This helps us design emails that are interesting and appealing.

Our automated data collection is typically carried out using cookies. Cookies are small data files sent by a web server to a web browser in order to enable the server to collect information back from the browser. We use cookies in accordance with the details set out in the table in Section 5c above.

You can delete cookies from your hard drive at any time. You may also set your browser to disable cookies. However, you should be aware that, if you disable cookies, this may limit your ability to enjoy the full functionality of the Website, product or service. There is full information on how you can do this at http://www.aboutcookies.org/.

Please refer to our cookies policy for more information.

7. Your rights in relation to personal data

You have the following specific rights in respect of your Personal Data that we hold:

The right to be informed about how your Personal Data is being used.
The right to access the Personal Data we hold about you.
The right to request that we correct inaccurate Personal Data or request that we delete your Personal Data, if you consider that it is incorrect or we do not have the right to hold it.
A right to object to or restrict certain processing activities.
The right to withdraw consent to any consent-based processing at any time. You can do this by contacting us using the details in Section 16. Where you do withdraw your consent, we will stop processing your Personal Data for that purpose immediately, except where we are required by law to continue the processing. We cannot reverse any processing that we may have carried out before you withdrew your consent.
To ask us to stop or start sending you direct marketing messages at any time.
The right to data portability (moving some of your personal data elsewhere) in certain circumstances.
The right not to be subject to a decision based on automated processing and to ask us to explain any computer-system decision about you.
The right to complain to your data protection regulator — in the UK, the Information Commissioner’s Office, contact details for which can be found under Contacting Us in Section 16.

If you have questions, you wish to contact us to exercise your rights, or you wish to make a complaint, you can contact us using the contact information listed in Section 16 of this Privacy Policy.

We will consider all such requests and provide our response within a reasonable period (and in any event within such period required under applicable law). Please note, however, that certain Personal Data may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims. If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

8. Who do we share your personal data with and why?

We may share your Personal Data to the following categories of recipients as an essential part of being able to provide our services to you.

Who do we share your Personal data with?	What Personal Data do we share?	Why do we share your Personal Data?	Where does your Personal Data go?
Other members of the BESA group or our affiliated companies. We may also share information with third parties in which we have an ownership interest or commercial relationship.	All categories of Personal Data in Section 5	To manage our Website to ensure everything is working as it should be. To manage our communications to you.	United Kingdom, Isle of Man, Republic of Ireland
Third party service providers appointed by us including (but not limited to): (a) companies who help operate our Website; (b) marketing and promotional partners; (c) IT service providers; (d) third party payment providers; (e) software solutions providers; and (e) companies who provide communication, auditing, archiving, data analysis and administration services including banks, accountants and legal services.	All categories of Personal Data in Section 5	To develop and improve our Website. To provide technical support for our systems and digital platforms when things go wrong. To send email communications to you (which could include direct marketing) and to conduct analysis of any relevant email campaigns. To host our systems and Website. To provide reporting solutions and data analytics. To provide necessary support to our business in relation to communications, auditing and consulting.	The location of our third party service providers is global although the majority are based in the UK and EEA.
Authorities, public agencies, regulators and law enforcement	All categories of Personal Data in Section 5	We may share your Personal Data as we believe to be necessary or appropriate with relevant authorities, affiliates and third parties: to comply with our legal obligations; to respond to requests from public and government authorities (including courts and law enforcement) which may include public and government authorities outside your country of residence; to enforce our legal rights; to protect our operations or those of any of our affiliates; to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and to allow us to pursue available remedies or limit the damages that we may sustain.	The location of the competent authorities shall depend on the particular purpose.
Third parties in the event of any sale, merger, reorganization, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).	All categories of Personal Data in Section 5	We may share your Personal Data with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).	The location of the third party shall depend on the specific details of the reorganization, merger, sale, joint venture, assignment, transfer or other disposition.

We may also disclose and use anonymised, aggregated reporting and statistics about users of our Website or our products and services for the purpose of internal reporting or reporting to our group companies or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable individuals to be personally identified.

If you would like to know more about the third parties we may share personal data with, or how to find out more about how they will use your Personal Data, please contact us using the contact details listed in Section 16 of this Privacy Policy.

9. Children

You must be aged 16 or over to purchase products or services from us. Our website and services are not directed at children and we do not knowingly collect any personal information from children.

If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, or from any other source, then we will delete that information as soon as possible. Please contact us using the details in Section 16 if you are aware that we may have inadvertently collected personal information from a child.

10. Marketing

As set out in Section 5 above, we may collect and use your personal information for undertaking marketing by email, telephone and post.

We may send you certain marketing communications (including electronic marketing communications) if it is in our legitimate interests to do so for marketing and business development purposes or, if you are a sole trader or a non-limited liability partnership if you have consented to receive such electronic marketing information.

However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.

If you wish to stop receiving marketing communications, you can contact us by email at refcom.info@thebesa.com

11. What overseas transfers of personal data do we carry out?

To achieve the purposes described in this Privacy Policy, we may transfer your Personal Data to countries which do not offer the same level of protection for your personal data as the UK or the European Economic Area.

Where such locations do not offer an adequate level of protection for your Personal Data, we will ensure that your Personal Data will continue to be protected by implementing appropriate safeguards when it is transferred to one of these countries.

The table at Section 8 above provides details of the countries to which we transfer Personal Data, but if you want any information about any transfers of your Personal Data to third countries (including the relevant transfer mechanisms or safeguards), please contact us using the contact details listed Section 16 of this Privacy Policy.

12. How long do we keep your personal data

It is important to us that we keep your Personal Data accurate and up-to-date. We will delete the Personal Data that we hold about you when we no longer need it for the purposes for which it was obtained (as described in this Privacy Policy) or as required to comply with any legal obligations to which we are subject.

13. Risks to your information

The main risk of our processing of your Personal Data is if it is lost, stolen or misused. This could lead to your Personal Data being in the hands of someone else who may use it fraudulently or make public, information that you would prefer to keep private.

In the course of provision of your Personal Data to us, your Personal Data may be transferred over the internet. Although we make every effort to protect the Personal Data which you provide to us, the transmission of information over the internet is not completely secure not within our control. As such, you acknowledge and accept that we cannot guarantee the security of your Personal Data transmitted over the internet and that any such transmission is at your own risk.

14.How we protect your information

We are committed to protecting your Personal Data from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures. These include secure offsite hosting of your personal data and ensuring that all passwords are stored in such a way to prevent subsequent decryption.

We also keep your information confidential. Our internal procedures cover the storage, access and disclosure of your information. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%.

Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

15. Links to other websites

Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

16. Contacting us

If you have questions about our Privacy Policy, please feel free to email us at refcom.info@thebesa.com

If you wish to raise a concern or exercise any of your rights about our processing of your Personal Data, you can contact us using one of the options below.

You can contact us by using the Contact form, when made available on our Website

You can send us an email to the following address: refcom.info@thebesa.com
You can call us on: +44 (0)1768 860409
You can write to the following postal address: Old Mansion House, Eamont Bridge, Penrith, Cumbria, CA10 2BX, United Kingdom.

You also have a right to lodge a complaint with the relevant supervisory authority (in particular in the Member State of your habitual residence, place of work or place of the alleged infringement), if you are of the opinion that any of your Personal Data is processed in a manner constituting an infringement of applicable data protection law. In the UK this is the Information Commissioner's Office, which can be contacted on 0303 123 1113 or www.ico.org.uk/make-a-complaint.

17. Updates to this privacy policy

You can find out when this Privacy Policy was last amended by checking "LAST REVISED" date at the bottom of this page.
All changes to this Privacy Policy will be posted on this page. Please check back frequently to see any updates or changes to this Privacy Policy.

If you object to any changes, you may cease using our Website, products or services or close your account. By continuing to use our Website, products or services after we publish changes to this Privacy Policy, you are confirming that you have read and understood the changes.

You may wish to print, download or otherwise retain a copy of this Privacy Policy (and of any revised version) for your records.

LAST REVISED: [07/05/2024]

Privacy Policy

1. Who we are