PRIVACY POLICY

 
Hi! We are the Business Fraud Prevention Partnership (or BFPP as you might also hear us referred as). 

We’re passionate about privacy and ensuring we maintain your privacy is really important to us. Natually, as part of the services we provide, we are entrusted with the personal data of users and understand that there a duty of responsibility in doing so. 

Here’s lots of information about how we go about protecting your data and respecting your privacy.


 
1. General Information


As an organisation, we take security and privacy very seriously. In this policy, we have provided information about how we collect, store and use personal data when you either browse www.thebfpp.org (the BFPP website), use our applications (Hub) or otherwise share personal data with us. We’d encourage you to read this Privacy Policy carefully and to understand how we will treat your personal data.

Please note, this Privacy Policy should also be read together with our Terms of Service, which also applies to your user of the BFPP Website and Hub.



2. What information do we collect?


Your personal data


“Personal data” means any information that might identify you (or other persons), provided to us after you subscribe to any of our services, request further information or during a demo period of whilst using the Hub. This also includes any other information you might provide to us or a third party to provide to us with your authorisation.

This “personal data” may also be contained in information that we collect about you in connection with your use of the BFPP website or Hub. Crucially, we comply with our obligations under the General Data Protection Regulation and any other applicable data protection legislation that may affect your rights.


Information you provide


Whilst dealing with BFPP, you are likely to provide (or authorise someone else to provide) personal data to use, for example, if you sign up for a free demo account via the BFPP website, sign up to receive our emails, answering surverys or questionaires, enter competitions or provide information in your account profile on the Hub. This is likely to also occur when you raise a support ticket with us or enter any forms which might be submitted to us requesting more information about our services. It will also include personal data that you upload/provide in order to use the Hub to deliver training to employees.

From the first moment you interact with us, we are collecting data. This might be where you provide us with data, or sometimes we collect data about you automatically. 

We’ve set out some of the main ways we do this below:

  • When you browse a page on our website or Hub 
  • Requesting a demo of our services 
  • We call you 
  • You use the Hub 
  • You receive emails from us 
  • You view and sign contracts 
  • You interact with customer support 
  • You opt-in to our marketing messages  


Types of data we collect about our clients (e.g. our sales point of contact within an organisation) :

  • Contact information: your name, email address, telephone number, address or professional social media accounts (e.g. LinkedIn or Twitter)
  • Data that identifies you: such as your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you are accessing our website from, operating system and version 
  • Data on how you use BFPP Website and our Hub: the URLs you visit throughout our site, services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often and your participation in resources and activities 

We do not collect personal financial information. The financial information we store relates to organisations, but may have some personal data attached – e.g. a contact’s name within an organisation to assist with invoicing etc.

We don’t collect any "sensitive data" about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences) except when we have your specific consent, or when we have to comply with the law.

We are a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not target BFPP at children, and we do not knowingly collect any personal data from any person under 16 years of age.


Types of data we collect about our users (e.g. employees signed up to participate in our services) :

  • Contact information: your name, email address and details about your job role (e.g. title and department). This may also include your location, together with other information you may optionally share with us, such as your age, sex or photograph whilst building your profile 
  • Data that identifies you: such as your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you are accessing our website from, operating system and version 
  • Data on how you use BFPP Website and our Hub: the URLs you visit throughout our site, services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often and your participation in resources and activities, including answers to questions and scenarios


How and why we use your data:

Under data protection laws, we’re only allowed to use your personal data for certain reasons and where there is a legal basis to do so. Here are the reasons for which we process your personal data: 

  • Keeping the Hub running: managing your training (like onboarding users, assigning new training content, monitoring performance etc), log in authentication, remembering your settings, processing your training activities, hosting and back-end infrastructure (legal basis: contract, legitimate interests) 
  • Improving our services: testing features, including interactive with our feedback and questionnaires, managing our website pages, monitoring user journeys, traffic optimisation, data analysis and research, including profiling and the use of machine learning and other techniques over your data (legal basis: contract, legitimate interests) 
  • Customer support: notifying you of any changes to our service, solving issues via LiveChat, email or phone, including fixing any bug (legal basis: contract) 
  • Marketing purposes (with your consent): sending you emails and messages about our new features, services and content (legal basis: consent) 


What do these “legal basis” terms mean?

  • Consent: you have given us your clear consent to process your personal data for a specific purpose. But, of course, you can change your mind at any time. If you wish to remove your consent, you can do this by emailing us at support@thebfpp.org. 
  • Of course, if we need to process your personal data as part of a contract (e.g. as an employee of a company participating in our services), we will still likely need to process your data to deliver our service under contract. Therefore, if we have another legal basis for processing your information, then we may continue to do so subject to your legal rights. 
  • Contract: this means where the processing of your personal data is necessary for a contract that you or your organisation has with us, or because we have asked you to take specific steps before entering into that contract
  • Legitimate interests: processing your data can be necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweigh by your rights and interests. These legitimate interests are: 
o gaining insights from your behaviour on our website or in our app
o delivering, developing and improving our service
o enabling us to enhance, customise or modify our services and comms
o determining whether marketing campaigns are effective
o enhancing data security

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.



3. Your privacy choices and rights

Your choices

  • You can choose not to provide us with personal data via the BFPP website and can continue to browse the webpages, but we will not be able to process transactions with personal data. For users on our Hub, we will have already been provided with your name and email addresses via your organisation under contract, but you do not need to provide us with any additional information (e.g. photo, age, sex, etc) unless you wish to do so. 
  • You can turn off cookies in your browser by changing its settings: You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and browse its pages, but some of our services might not work effectively. 
  • You can ask us not to use your data for marketing: we will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved, but you can opt out from marketing at any time by emailing us at support@thebfpp.org 


Your rights:

  • You have the right to access information we hold about you. This includes the right to ask us supplementary information about: 
o the categories of data we’re processing 
o the purposes of data processing 
o the categories of third parties to whom the data may be disclosed 
o how long the data will be stored (or the criteria used to determine that period) 
o your other rights regarding our use of your data 
  • We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason. 
  • You have the right to make us correct any inaccurate personal data about you 
  • You can object to us using your data for profiling or making automated decisions about you: we may use your data to determine whether we should let you know information that might be relevant to you, for example, tailoring emails to you based on your behaviour 
  • You have the right to port your data, in the event that you need it elsewhere: we can provide you with a copy of your data in CSV. 
  • You have the right to be “forgotten”: you can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for the purposes of your use of BFPP or based on a legal contract we may have in place 
  • You have the right to lodge a complaint regarding our use of your data – please direct any complaints to us at support@thebfpp.org so that we can address your concerns. Should we fail to do so, you can further a complaint with the UK Information Commissioner’s Office via www.ico.org.uk. 



4. How secure is the data we collect?

We have physical, electronic and managerial procedures to safeguard and secure the information we collect. For more information on our efforts to ensure you data is held in a secure manner, please our data security policy.

Please remember, unfortunately, no data transmission is guaranteed to be 100% secure, so where providing optional personal information, please note this can be at your own risk.

Keep your username and password safe and secret at all times.

If you suspect your privacy has been breached, please contact us immediately via support@thebfpp.org



5. Where do we store the data?

The personal data we collect is processed at our office in Manchester, with our servers being hosted in the UK. We may also process personal data via third parties as detailed below.

By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.



6. How long do we store your data?

We will archive and stop actively using personal data about you within 6 months of the end of a contract and/or since we last had contact with you. We will delete your personal data from our archives no later than 6 years from the end of a contract and/or since we last had contact with you.



7. Third parties who process your data?

Tech businesses often use third parties to help them host their application, communicate with customers, power their emails, etc. We partner with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy. Where personal data is transferred to a third party in the United States we take steps to ensure that the organisation in question has a current certification with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce's International Trade Administration (ITA).

Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:

Infrastructure

Service Provider: UKFast
Data Collected or Shared: Contact details, data from users as part of contract, data that identifies you
Purpose: This is a web hosting provider, whom we use to operate our services from.
Place of Processing: UK

Service Provider: Nimbox
Data Collected or Shared: Contract details, data from users as part of contract, data that identifies you, sales information
Purpose: This is a hosted, secure storage facility which we use to store data as part of the every-day operations of the business
Place of Processing: UK

Analytics

Service Provider: Google Analytics
Data Collected or Shared: Contact details, how you use BFPP, data that identifies you, cookies
Purpose: Google Analytics is a web analytics service: we use it to track your use of the service and prepare reports on user activity.
Place of Processing: US

Comms

Service Provider: MailGun
Data Collected or Shared: Contact details, how you use BFPP
Purpose: We use this service for sending, storing and tracking emails
Place of Processing: US

Service Provider: Agile
Data Collected or Shared: Contact details, how you use BFPP, cookies
Purpose: This helps us collect email addresses for our mailing list, shows us analytics on how you read our pages and emails, as well as providing our LiveChat functionality and support contact
Place of Processing: UK

Payments

Service Provider GoCardless / FreeAgent
Data Collected or Shared: Contact details
Purpose: To facilitate invoicing and payments of corporate customers (may include name and email address of individuals linked to corporate accounts, but no personal financial information)
Place of Processing: UK



8. Cookies

We use cookies. Unless you adjust your browser settings to refuse cookies, we (and these third parties) will issue cookies when you interact with BFPP. These may be ‘session’ cookies, meaning they delete themselves when you leave BFPP, or ‘persistent’ cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.

You can block cookies by activating a setting on your browser allowing you to refuse the setting of cookies. You can also delete cookies through your browser settings. If you use your browser settings to disable, reject, or block cookies (including essential cookies), certain parts of our website will not function fully. In some cases, our website may not be accessible at all. Please note that where third parties use cookies we have no control over how those third parties use those cookies.

Which specific cookies do we use?

Service Provider: Google
Key Cookies:

NID
_ga
_gid
_gat
_gat_gtag_UA_68491880_5

Purpose: Google Analytics uses cookies allows us to see information on the activities of visitors to our website and users of our service, including page views, source and time spent on our website or Hub. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy.

Service Provider: Agile
Key Cookies:

t29fkna7d7k6nrqvgggkkptgm4-agile-crm-session_id
t29fkna7d7k6nrqvgggkkptgm4-agile-crm-guid
t29fkna7d7k6nrqvgggkkptgm4-agile-crm-session_start_time

Purpose: Agile uses cookies to recognise particular people who have interacted with us previously. This may be visitors to our website, users or contract counterparties. This includes our support functions.

You may refuse the transmission of your Information by opting out (contact them direct for more information), however please note that you will delete the opt out cookie when you delete your cookies in your browser settings.

We hope you have found this policy to be useful in detailing what personal data we collect, store and shared in providing our services.  If you have any comments, suggestions, questions or feedback, please do not hesitate to get in touch with a member of our team via support@thebfpp.org.