PRIVACY AND PROTECTION OF PERSONAL INFORMATION 

The British Retail Consortium (BRC) is a membership organisation, promoting the story of retail, shaping debates and influencing the issues that matter to the industry. Find more information about us.

Although our members are businesses, not individuals, we do collect and use personal information relating to individuals as part of our activities. This is generally in order to manage our membership and to carry out our wider work representing the interests of retailers in the UK. We also collect personal information about individuals who sign up to our events, surveys, information or subscription services, or to receive our briefings. We also collect data on other individuals we work with.

This privacy policy sets out how the BRC collects and uses personal information about individuals. 

Please read this privacy policy carefully to understand how the BRC will use your personal information. If you have any questions or queries in relation to this privacy policy, you can contact our Compliance Officer at:

GDPR@brc.org.uk

BRC, Fourth Floor, 2 London Bridge, London, SE1 9RA

020 7854 8900 

We are registered on the Information Commissioner's Office Register registration number Z5391833. 

This privacy policy explains:

  1. Information we may collect about you (including cookies)
  2. Use of your information
  3. Contacting you
  4. Sharing your information
  5. Our legal basis for collecting, holding and using your information
  6. Security and storage of your information
  7. Your rights

 

Information we may collect about you

 

Information you give to us. You may give us information about you by filling in an online form, contacting us by phone or e-mail or in person. This includes information you provide if you complete a membership form on behalf of a business, if you register to attend one of our events or sign up to our information and subscription services. You may also give us your information if you complete an application form or otherwise apply for a job here, either directly, or via a third party.

The information you give us depends on the reason for you contacting us, but may include your name, job title, address, date of birth, e-mail address and phone number, financial and debit card information, personal identification documents, data relating to access or dietary requirements and your political opinions.

Information we collect about you. The BRC also uses cookies to automatically collect information about individuals visiting our website. See our cookie policy.

Information we receive from other sources. We work closely with other organisations, such as business partners, sub-contractors, analytics providers, search information providers, and we may receive information about you from them. For example, we could gain access to your business contact details via recognised business data providers who collate information from sources including publicly available information such as Companies House. We may also be given your contact details by our primary contact at your organisation, if they think that you would benefit from getting involved with the BRC or benefit from engaging in our activities. For example, they could nominate you to sit on one of our communities.

The categories of information we receive from these sources may include your name, address, date of birth, e-mail address and phone number, financial and debit card information, personal identification documents, data relating to access or dietary requirements and political opinion.

We may also collect information about you from publicly available sources, such as public websites, social media or media reports, in order to better understand the people who we interact with. This may include information relating to your political opinions.

Use of your information

We need to obtain, store and use information about you for legitimate business purposes - namely so that you can enjoy and benefit from our services.  We may use information we hold about you in the following ways:

  • to confirm your identity
  • to administer the membership of your company/organisation
  • to let you know about other relevant services, both ours and those of other parties whose products and services we have agreed should be made available to you (see the section below on 'Contacting you' for more information about this)
  • to update and correct our membership records
  • to carry out statistical and market analyses, including benchmarking exercises, to enable us to understand you better and improve our services
  • to develop, test and improve our systems
  • to notify you about changes to our services
  • to ensure the content of our website is presented in the most effective manner for you and for your computer
  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to improve our website to ensure that content is presented in the most effective manner for you and for your computer

We may combine information we receive from other sources with information you give to us for the purposes set out above (depending on the types of information we receive).

Contacting you

An important part of our work is communicating with our membership, telling them about our activities and how we are supporting their interests, and seeking their views on current issues. To do so, we use personal information to keep in touch with individuals within our member organisations, as well as partners and other individuals.

We will use the contact information you have given us to send you important information. This may be by post, email, text message or telephone.

We may also use the information we hold about you, in order to provide you with information about other products or services we feel may interest you.

Because we operate primarily with businesses rather than individuals, we do not generally seek your consent to send you marketing communications. We believe that such communications are both in our legitimate interests, to raise awareness of our work and promote our services, and in your interests. However, if you are registered with the BRC you can review and edit your personal information at any time by accessing the Profile section on our website. You can control your communications preferences and opt in or opt out to receive member communications most relevant to you. You will be asked to enter your username and password to make amendments to your details, or you can contact GDPR@brc.org.uk to update your preferences.

Sharing your information

We may share your information with selected third parties including:

  • Event venues, attendees, speakers, sponsors and organisers contracted by BRC
  • Online service providers such as event booking systems, marketing systems and survey tools
  • BRC’s payroll and benefits providers, as well as building management (internal staff only)

We may also share your personal information to third parties if we are under a duty to disclose or share your personal data, in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety of our customers, or others.

Our legal basis for collecting, holding and using your information

Data protection law sets the lawful legal bases (or ‘conditions’) which allow us to collect, hold and use your personal information. For the BRC, these are:

  • For the purposes of our own legitimate interests. We believe that we have a legitimate interest in being able to provide our services to our member organisations and to represent our members and the interests of retailers in the UK. As set out in this notice, this sometimes requires us to collect and use personal information about individuals. We only use this legal basis where these interests are not overridden by your interests and fundamental rights or and freedoms.
  • Where we have entered into a contract with you. In these circumstances, we may need to process your personal information in order to fulfil the contract. For example, this may apply if you book to attend one of our events.
  • Where we are under a legal obligation to process personal information. For instance, we are required to collect certain information in accordance with our obligations under equalities legislation.
  • Sometimes, we will ask you for your agreement to process your personal information. This is particularly the case when we wish to collect or use any special categories of personal information (see below).

Data protection law recognises certain "special categories" of personal information, which include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning health, and information concerning a person's sex life or sexual orientation. 

These special categories are considered particularly sensitive and so we will only collect and use this information where you have given us your explicit consent or where we consider it necessary to do so.  For example, you may choose to tell us about your health condition before attending one of our events, or your political opinions as part of a campaign.  We will only use this information for the particular event or campaign and not for any other purposes.

Security and storage of your personal information

The information about you that we collect will not be transferred outside the European Economic Area (EEA). 

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

We will generally keep personal information about you no longer than is needed for us to carry out the functions described in section 2 of this notice. For example:

  • We will usually delete personal information that we collect related to our events after 18 months – to cover the annual event cycle. However, we may retain some information (such as attendance records) for longer where it is in our legitimate interests to do so.
  • We will keep personal information held as part of our membership records for the duration of that organisation's membership. At the end of the membership, we will delete the majority of records and only retain the minimum information necessary to deal with any future issues.

Your rights

You have the right to request from us access to your own personal information. This is sometimes known as a 'subject access request'.

You also have the right to ask us not to process your personal data for direct marketing purposes.

You can exercise this right by contacting GDPR@brc.org.uk,

From 25 May 2018, you will have additional rights to request from us:

  • That any inaccurate information we hold about you is corrected
  • That your information is deleted
  • That we stop using your personal information for certain purposes
  • That your information is provided to you in a portable format
  • That decisions about you are not made by wholly automated means

Many of the rights listed above are limited to certain defined circumstances and we may not be able to comply with your request.  We will tell you if this is the case.

If you choose to make a request to us, we will aim to respond to you within one month.  We will not charge a fee for dealing with your request.

If you are dissatisfied with how we are using your personal information or if you wish to complain about how we have handled a request, then please contact our Compliance Officer and we will try to resolve any issues you may have.

You also have the right to complain to the Information Commissioner's Office, which is the statutory regulator for data protection law.  Find details of how to complain to the ICO.insert this hyperlink https://ico.org.uk/concerns/