Privacy Policy - How We Handle Your Data

About This Policy

Brackley Business Association Ltd (“we”, “us”, “BBA”) is committed to protecting your privacy and personal data. This policy explains how we collect, use, store, and protect your information in accordance with UK GDPR and Data Protection Act 2018.

Data Controller: Brackley Business Association Ltd
Contact: hello@brackleybusiness.org.uk

What Information We Collect

Member Information

• Business name and address
• Representative name and position
• Contact details (email, phone)
• Business sector and description
• Payment information
• Meeting attendance records

Website Visitors

• IP addresses and browser information
• Pages visited and time spent
• Cookies for functionality
• Form submissions

Communications

• Email correspondence
• Meeting notes and minutes
• Photos from events (with permission)
• Feedback and complaints

How We Collect Information

Directly From You

• Membership application forms
• Website contact forms
• Email communications
• Meeting registrations
• Event sign-ups

Automatically

• Website analytics
• Email open/click tracking
• Meeting attendance systems
• Payment processing

Why We Use Your Information

Membership Management

• Process applications
• Manage member database
• Send communications
• Organize meetings
• Maintain democratic processes

Service Delivery

• Business directory listings
• Event organization
• Grant applications
• Council representation
• Marketing activities

Legal Obligations

• Company law compliance
• Financial record keeping
• Health and safety
• Data protection compliance

Legitimate Interests

• Website functionality
• Improving our services
• Preventing fraud
• Protecting our reputation

Legal Basis for Processing

We process your data under:

• Contract: Membership agreement
• Legal Obligation: Company law requirements
• Legitimate Interest: Member communications
• Consent: Marketing emails (opt-in)

Who We Share Information With

Never Shared

We never sell or rent your personal data.

Limited Sharing With:

• Accountants: For financial record keeping
• Legal Advisors: When required for legal matters
• IT Providers: For secure data storage
• Payment Processors: For membership fees
• Councils: When representing members (with consent)

Public Information

With your consent, we may include in public directories:

• Business name and contact details
• Business description
• Website and social media links

How Long We Keep Information

• Active Members: Throughout membership plus 6 years
• Former Members: 6 years after leaving
• Website Data: 2 years
• Financial Records: 6 years (legal requirement)
• Meeting Minutes: Permanently (governance record)

Your Rights

Access Your Data

• Request copy of information we hold
• Understand how it’s used
• Check accuracy

Rectification

• Correct inaccurate information
• Complete incomplete records
• Update changed details

Erasure (“Right to be Forgotten”)

• Request deletion of data
• Not applicable to legal obligations
• May affect membership status

Restrict Processing

• Object to certain uses
• Suspend processing pending resolution
• Maintain but not use data

Data Portability

• Receive data in standard format
• Transfer to another organization
• Applies to electronically provided data

Object to Processing

• Marketing communications
• Automated decision making
• Legitimate interest processing

Security Measures

Technical Security

• Encrypted data storage
• Secure website (HTTPS)
• Regular security updates
• Access controls
• Backup systems

Organizational Security

• Staff training
• Access on need-to-know basis
• Clear data handling procedures
• Regular policy reviews
• Incident response plans

Cookies and Website

Essential Cookies

• Session management
• Security features
• Form functionality

Analytics Cookies

• Website usage statistics
• Improvement insights
• No personal identification

Managing Cookies

• Browser settings control
• Opt-out options available
• Functionality may be affected

Children’s Privacy

We do not knowingly collect information from children under 16. If you believe we have such information, please contact us immediately.

International Transfers

We only use UK-based service providers where possible. Any international transfers comply with adequate protection standards.

Data Breaches

In the unlikely event of a data breach:

• We’ll investigate immediately
• Notify authorities within 72 hours
• Inform affected individuals
• Take remedial action
• Review and improve security

Changes to This Policy

We may update this policy to reflect:

• Legal requirement changes
• Service improvements
• Technology updates
• Best practice developments

Changes will be:

• Posted on our website
• Notified to members
• Effective from publication date

Contact Us

Data Protection Queries

Email: hello@brackleybusiness.org.uk
Subject: Data Protection Query

Making Requests

Please include:

• Your full name
• Business name (if member)
• Contact details
• Specific request details
• Proof of identity

Response Times

• Acknowledgment: Within 5 working days
• Full response: Within 1 month
• Complex requests: Up to 3 months

Complaints

If you’re unhappy with how we handle your data:

1. Contact us first: hello@brackleybusiness.org.uk
2. Information Commissioner’s Office: ico.org.uk

ICO Contact Details

• Website: ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Related Documents

This policy works alongside:

• Articles of Association
• Membership Terms
• Code of Conduct
• Website Terms of Use

---

Last Updated: June 2025
Next Review: June 2026

Your privacy matters to us. We’re committed to handling your data responsibly and transparently.