New Bsquared website privacy and security policy - May 2018


Bsquared Privacy Policy

This privacy policy is effective as of 25 May 2018. The previous version of this privacy policy is available here.

Bsquared Consulting is committed to respecting your privacy and protecting your personal information. Our privacy policy describes how we capture and use the personal information that we gather about visitors to this website and users of our products and services. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

Bsquared Consulting provides products and services which help organisations improve customer engagement and loyalty. We do this by deploying a range of tools to gather and analyse customer insight. These tools include face-to face reviews and interviews and surveys conducted online, by telephone and on paper. We conduct these programmes on behalf of clients to gather data from their customers, analyse this information and report the findings back to clients. Bsquared Consulting is the “Data Controller” of the data collected from these programmes and we process it on behalf of our clients.

If you have any questions or comments relating to our privacy policy or practices, please contact us at:

Data Protection, Bsquared Consulting, Orchard House, Main Road, Anslow, Staffordshire, DE13 9QE

020 3747 9795

dpo@bsquared-consulting.com

 

Our privacy policies differ depending on which of two categories you fall into:

1. Privacy policy if you are a respondent on a programme Bsquared is running on behalf of a client

2. Privacy policy if you use our products and services, or visit our website

 

1. Privacy policy if you are a respondent on a programme Bsquared is running on behalf of a client

Bsquared Consulting runs programmes on behalf of clients to gather customer insight which help these organisations better understand their customers and to provide direction for strategy, product and service development and to resolve issues.

Bsquared Consulting collects data from the customers of our clients and these individuals are invited to participate in a face-to-face review or interview or a survey which can be online, telephone or paper based. Bsquared Consulting is the “Data Controller” and we refer to this contact information and the responses as “Survey Data”.

Bsquared Consulting will only use data gathered from a programme on our client’s behalf. Our clients work with us to decide the appropriate information they wish to collect, and determine who they would like to invite to participate in the programme. We strongly recommend you read the privacy notices of our client (who you are a customer of) to understand more.

 

  1. The information we collect about you
  2. How we use the information
  3. Who we share the information with
  4. Your rights as a data subject
  5. How long we keep your information
  6. Security of your information
  7. Changes to our privacy policy

 

1.      The information we collect about you

We collect the following information about you:

 

Survey Data: we collect your responses given during face-to-face reviews and interviews and we collect your responses following your participation in a survey which we run on behalf of a client. Our client will have provided us with your information to enable us to make contact with you to invite you to participate in the research programme. Bsquared Consulting process this Survey Data on our client’s behalf and make no use of it ourselves.

 

2.      How we use your information

We use the information we hold about you in the following ways:

Survey Data: your responses collected from a research programme carried out on behalf of a client will be used for analysis relating to that specific programme only. Responses are stored and maintained by Bsquared and we keep the data to allow us to:

  • Rerun aggregate reports (e.g. because additional feedback may be returned late from the other customers)
  • Facilitate re-use of personal demographic data in case the client wishes to go through the process again at a later date and wants a report comparing new data with the original result
  • Go back to the original data and to check for inconsistencies.

 

Your contact information: by participating in one of our programmes, you agree that we may request certain personal identifiable information. Participation in these programmes is completely voluntary and you have a choice whether or not to disclose this information. We request this information as a unit of analysis. In any reports prepared, no information will be included that will make it possible to identify a particular respondent, unless approved by the respondent themselves. Respondent information is held only by Bsquared Consulting in accordance with our legitimate interest of undertaking the research programme on behalf of our client.

We will not use any information we hold about you for marketing purposes.

 

3.      Who we share the information with

Survey Data: unless we are required to do so by law, we will not disclose your Survey Data to any third parties. It will be held by Bsquared Consulting on behalf of our client.

 

4.      Your rights as a data subject

At your request we will provide you with information about whether we hold any of your personal information and provide a copy of this information to you. To request this information please contact us at dpo@bsquared-consulting.com. You may request that we update, amend or delete your personal information.

You have the right to exercise the following additional rights:

Right of Erasure: in certain circumstance you have the right of erasure of personal information held about you, although this may be qualified where e.g. it is necessary for that information to be retained for record keeping purposes or compliance with our obligations.

Right to Object: you may have the right to object to our processing of your personal data for purposes based on our legitimate interests. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.

Right of Restriction: you may have the right to request that we restrict the processing of your personal data (e.g. where you believe that the personal data we hold about you is inaccurate or unlawfully held).

Right to Data Portability: you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal information provided by you to another data controller.

If you would like to exercise such rights, please contact us at dpo@bsquared-consulting.com. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of the processing carried out before complying with the request.

You also have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. In the UK, this is the Information Commissioner's Office [https://ico.org.uk/]

 

5.      How long we keep your information

Survey Data: our clients determine how long they would like us to store your Survey data. Our clients often run sequential surveys and refer back to past surveys for comparison of results. Your data is stored securely and for no other purposes than comparison.

 

6.      Security of your information

Bsquared works on a distributed network. All data is confidential and secure. Within Bsquared, data is handled and held on paper and in MS Office and Adobe Personal Document File (PDF) file formats and includes both raw and processed data. Bsquared personnel work remotely; however all files are opened / worked on and saved remotely, rather than loaded on local PCs. This network is secured by a firewall and encrypted access is granted via Microsoft Remote Desktop. All the machines on this private network use a robust Antivirus solution. The network is periodically scanned for malware. All local PCs operate Windows 7 or higher and a local AV solution. Data is saved centrally on a hosted private network. Personnel work on the main Bsquared file repository which is access controlled by a File Server and NAS device behind the firewall. Data is only accessible by Bsquared personnel and this is regularly backed up daily using cloud technology within the private network. At any time, Partners and Lead Consultants may have working copies (paper and electronic) in their possession for the purposes of analysis and presentation.

 

Online surveys are hosted on Snap Surveys WebHost software. Snap WebHost is the online questionnaire delivery, analysis and reporting service operated by Snap Surveys [www.snapsurveys.com]. Snap Surveys commitment to data security is evidenced by its ISO 27001:2013 certification. Its data centre providers Rackspace and UKFast are also ISO 27001:2013 certified.

 

7.      Changes to our privacy policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will post a notice on the homepage of our website. We will also keep prior versions of this policy in an archive for your review.

 

 

 

 

2. Privacy policy if you use our products and services, or visit our website

This policy applies to all personal information for which we are the data controller.

  1. The information we collect about you
  2. How we use your information
  3. Who we share your information with
  4. Links to other websites
  5. Updating your information
  6. Your rights as a data subject
  7. How long we keep your information
  8. Security of your information
  9. Changes to our privacy policy

 

1.      The information we collect about you

We collect information about you when you provide it to us, when you use our products, services and website, if we have had a contractual relationship in the past or if we have had a conversation with you, by telephone or email, about our products and services.

Account information: where you subscribe to our products or services, or create an account with us, we collect information from you such as your name, email address, username, phone number, address and organisation. We also ask for and collect personal information such as an email address and name from any individual that you authorise to use our products and services.

Billing information: where you need to make a payment to us for our products or services, we collect your billing details, including billing address and financial and payment information.

Information that you provide to us: we collect the information that you give to us, for example when you:

  • Contact us by phone, email, online chat or otherwise
  • Fill in forms on our website
  • Register to use our website
  • Sign up for our newsletters and promotions
  • Respond to a survey run by ourselves
  • Contact us for customer support
  • Have been a client of Bsquared Consulting in the past and we hold your details
  • Have been in telephone or email communication with us about using our products and services

 

Technical information: we collect information relating to your interaction with our products, services and website, including type of browser and/or device used, operating system, pages viewed, date/time stamp, referrer page and IP address.

Usage information: we collect information relating to your interaction with our products and services. We collect information about your use of our website including which webpages you view, the services you view or search for, your referring and exit pages, the length or your visits to certain pages and the times and dates of these actions.

Cookies: we use cookies to distinguish you from other users of our products, services and website. This helps us to improve our website’s performance and your experience of using our website. You can control the use of cookies at the individual browser level. Some of those cookies are necessary for the use of our services. If you reject cookies, you can still use our website, but your ability to use some features or areas of our website may be limited.

Social media features and widgets: our website includes social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing them.

Third party services: if you choose to enable or connect to a third party application or service in conjunction with our products and services, that third party service may make certain information about you available to us, for example your name and email address in order to authenticate you. You should check your privacy settings on these third party services to understand and control the information provided to us through these services.

Information from other users: other users of our products and services may provide us with information about you. For example, when another individual authorises you to use our products and services, they will provide us with your name and email address, or an individual in your organisation may provide us with your contact information if they designate you as the billing or technical contact on your organisation’s account.

 

2.      How we use your information

We use the information that we hold about you in the following ways. For each of these, we have identified our legal basis for processing your information in that way.

Providing our products and services: we use your information to provide you with the products and services which you have subscribed to or requested. This processing is necessary to perform our contract with you for these products and services.

To collect payment: we use your information to collect fees due to us for your use of our products and services, in accordance with our legitimate interest / contractual relationship of collecting revenue.

Responding to enquiries: we will use your contact information and any information that you send to us to respond to your questions, requests for information or complaints. Depending on the nature of your enquiry, we may do this on the basis of performing our contract with you, our legal obligations, or our legitimate interests of providing you with the best service and understanding how we can improve our products and services based on your experience.

Legal requests: we may need to use your information to comply with a legal obligation such as to respond to a court order or a request from a supervisory authority or government, or to prevent fraud.

Notifications: we will use your information to send you communications which are required by law or to notify you of changes to our terms or this privacy policy, or changes (permanent or temporary) to our products and services. Such messages will not include any promotional content. Depending on the nature of the communication we may do this on the basis of performing our contract with you or complying with our legal obligations.

Surveys and feedback requests: we may use your information to invite you to participate in surveys run by us on our own behalf, for example to invite your feedback on our products, services and website. These communications will not contain any promotional content and will be sent on the basis of our legitimate interests of improving our products, services and website. However, if you prefer not to receive such communications, please contact us at dpo@bsquared-consulting.com.

Marketing: we may use your information to provide you with information about our products and services only, and we will not provide your information to third parties for marketing purposes. We send these communications either on the basis of your consent (where you have specifically consented to receiving such communications) or in accordance with our legitimate interests of growing our business.

You may stop receiving marketing communications from us at any time. To withdraw your consent or to opt-out of receiving marketing communications, you may contact us at dpo@bsquared-consulting.com or follow the unsubscribe instructions contained in the communication itself.

Legal basis for processing (EEA only): where your data is processed by Bsquared Consulting or if you are an individual from the EEA, we must have a legal basis for collecting and using your information when we act as data controller. This will be one of the following:

  1. Where we require the information to perform a contract with you (e.g. to deliver the services that you have requested);
  2. Where we have your consent to do so, and in this case you have the right to withdraw or refuse to give your consent at any time. This will not however affect the lawfulness of any processing based on your consent before you withdraw it.
  3. Where the processing is necessary for our legitimate interests (and those legitimate interests are not overridden by your interests or fundamental rights and freedoms); or
  4. Where we need to comply with legal or regulatory obligation.

If you have any questions about or require further information concerning the legal basis on which we collect and use your information, including regarding our legitimate interests, please contact us.

 

3.      Who we will share your information with

We only disclose your information in the circumstances below:

Our service providers: we may disclose your information to our third party service providers, Hubspot and Snap Surveys Ltd. In each case we have agreements in place with the service provider to ensure that they provide appropriate protection for your information and to ensure that they are only permitted to use your information in accordance with our instructions and as necessary to provide the relevant service to us.

Professional advisers: we may need to disclose your information to our professional advisers, including our lawyers, bankers, auditors and insurers.

Compliance with legal obligations and enforcement of our rights: we may also have to disclose your information if this is reasonably required to:

  • Comply with any applicable law, regulation or legal process or to respond to a request from a government or a regulatory body
  • Enforce our agreements, policies and website terms of use
  • Protect the security or integrity of our products and services

 

Other users within your organisation: where your organisation purchases products and services from us covering multiple authorised users and contacts, we may disclose your information to other users within your organisation, for example to verify billing information.

 

4.      Links to other websites

This privacy policy covers our products, services and website. Our website may contain links to and from third party websites. The information practices and the content of such other websites are governed by the privacy policy of that website. If you click on a link to those websites you will leave our website to go to the website that you selected. Please note that we cannot accept responsibility or liability for any use of your personal information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as us. We encourage you to review the privacy policies of any third party before you submit any personal data to them.

 

5.      Updating your information

If you wish to update, amend or request deletion of your personal information you may do so by emailing us dpo@bsquared-consulting.com. We will respond to your request within 30 days.

 

6.      Your rights as a data subject

At your request we will provide you with information about whether we hold any of your personal information and provide a copy of this information to you. To request this information please contact us at dpo@bsquared-consulting.com. You may update, amend or request deletion of your personal information as described above.

Where your information is processed by Bsquared Consulting or if you are from the EEA you may have the right to exercise additional rights available to you, including:

Right of Erasure: in certain circumstances you have the right to erasure of personal information held about you, although this may be qualified where e.g. it is necessary for that information to be retained for record keeping purposes or compliance with our obligations. If we are unable to comply with your request, we will explain why.

Right of Rectification: you have the right to have your personal information rectified if it is inaccurate or incomplete.

Right to Object: you have the right to request that we stop processing your personal information for marketing purposes, and can request that we stop processing your personal information for other purposes based on our legitimate interests. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to continue to process your information.

Right of Restriction: you may have the right to request that we stop processing your personal information (e.g. where you believe that the personal information we hold about you is inaccurate or unlawfully held).

Right to Data Portability: you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information provided by you to another data controller.

You also have the right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you would like to exercise such rights, please contact us at info@bsquared-consulting.com [link]. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. In the UK, this is the Information Commissioner’s Office https//ico.org.uk/.

 

7.      How long we keep your information

We will retain your information for as long as your account is active or as needed to provide our products and services or otherwise fulfil the purposes described in this policy, including for the purposes of satisfying any legal, accounting or reporting requirements. If you wish to delete your personal information at any time, please contact us at info@bsquared-consulting.com [link]. If we are unable to comply with that request, for example because we need to retain some or all of your information to comply with a legal obligation, we will let you know and explain why.

 

8.      Security of our information

Bsquared works on a distributed network. All data is confidential and secure. Within Bsquared, data is handled and held on paper and in MS Office and Adobe Personal Document File (PDF) file formats and includes both raw and processed data. Bsquared personnel work remotely, however all files are opened / worked on and saved remotely, rather than loaded on local PCs. This network is secured by a firewall and encrypted access is granted via Microsoft Remote Desktop. All the machines on this private network use a robust Antivirus solution. The network is periodically scanned for malware. All local PCs operate Windows 7 or higher and a local AV solution. Data is saved centrally on a hosted private network. Personnel work on the main Bsquared file repository which is access controlled by a File Server and NAS device behind the firewall. Data is only accessible by Bsquared personnel and this is regularly back up daily using cloud technology within the private network. At any time, Partners and Lead Consultants may have working copies (paper and electronic) in their possession for the purposes of analysis and presentation.

 

Online surveys are hosted on Snap Surveys WebHost software. Snap WebHost is the online questionnaire delivery, analysis and reporting service operated by Snap Surveys [www.snapsurveys.com]. Snap Surveys commitment to data security is evidenced by its ISO 27001:2013 certification. Its data centre providers Rackspace and UKFast are also ISO 27001:2013 certified.

 

 

9.      Changes to our privacy policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will post a notice on the homepage of our website. We will also keep prior versions of this policy in an archive for your review.