BMF Privacy Policy


BMF Privacy Policy 

Thank you for trusting us with some information about you. We take that trust seriously and we want you to know how we use your information and why. 

Who is holding your information? 

We are the Builders Merchants Federation (BMF), a company registered under the Co-operative and Communities Benefits Societies Act 2014 No. 31516R, and our registered office is at BMF, 1180 Elliott Court, Coventry Business Park, Coventry, CV5 6UB. 

Our values about personal information 

We guarantee respectful treatment of the personal information of everyone we have contact with. We want it to be simple and clear. 

This Policy explains how we do that – when and why we collect information, how we use it, the situations when other people can see or use it, and how we keep it secure. 

We intend to use your information to make things work smoothly for you in your experience of dealing with us. If that’s not how it turns out for you, please contact us so we can resolve the problem. 

It’s best to put things in writing, which you can do by email to marketing@bmf.org.uk – but if it’s urgent you can call us on 02476 854980. 

You can also write to us at: 

The Data Controller BMF 1180 Elliott Court Coventry Business Park Coventry CV5 6UB 

This Privacy Policy is up to date to August 2024. We keep this Policy under regular review, and we may revise it as time goes on. Please check back here from time to time to make sure you’ve got the latest information. 

Words or phrases with special meaning 

In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are: 

“personal data” any information about an identifiable living human being. 

“process” we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it. 

“special category data” this is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data. 

Our general approach to personal data 

We’re committed to protecting your privacy, and honouring your legal rights to control how we use your personal data. 

We only collect and use personal data when we need to 

• because you have asked us to do something 

• so that we can reply to your requests 

• to develop and manage our business relationships 

• to help grow our business and fulfil our contracts 

• to provide services to clients 

• to meet our legal obligations. 

We try to make sure the information we hold is accurate and up to date and is no more than we need to have. 

If you have any questions or concerns about our use of your information, or how we have responded to any request about your personal data, please take it up in the first instance by emailing marketing@bmf.org.uk. 

If we can’t sort it out, the official authority here in the UK is the Information Commissioner, and you can raise your concerns with them here. 

Marketing 

If you contact us and ask us to send you information or download, subscribe to a review or purchase a product or service we will put your details on our sales and marketing database and send you what you asked for. (We use Mailchimp, and their privacy policy is here.) 

Chatting to us on our business Facebook/LinkedIn/X pages or via the BMF website will be managed separately and will not normally result in any data sharing beyond what may be necessary to resolve any query, and we will not normally retain your data from any such social media interaction. 

If you asked to be subscribed to a particular newsletter or sequence of updates (or subscribe yourself) you will be added to that list. You may need to reconfirm your subscription before anything is sent. Any automated email sent to you will have an unsubscribe option on it that can be triggered at any time. 

We hold your information for our newsletter lists in Mailchimp. We gather statistics around email opening and clicks using industry-standard technologies to help us monitor and improve our e-newsletter. 

We use automation sequences of emails that start when you ask for something in particular to send you the information you asked for or to send you documents you have requested or to administer services you have subscribed to. 

We monitor who reads our emails, how many times, and which links you choose to use and read. We use this information to increase the content’s level of interest and help us improve what we send. You can remove your information from this monitoring by disabling cookies on your website browser before opening emails from us. From time to time, we contact individual email newsletter subscribers but it is extremely rare. 

We track your movements on the website to analyse trends and public interest in our products and services, administer the site and gather information for aggregate use. The information we gather in this way is anonymous and is not linked to personal information from which you can be identified. 

We use anonymised data about you from time to time to target advertising campaigns based on profiling the sort of person who wants to receive information from us. 

We ask our own sales and marketing people (both internal and external) to contact potential clients from time to time. This is normally because you have requested a call, or because we are actively trying to let you know about something you may benefit from. Sometimes the law changes and you need to know what happens next. 

Our services are designed to be business to business. We are not a hard sell or cold calling based organisation but prefer to build long-term relationships with clients. 

Social media 

We have an active presence on social media, including Facebook, Instagram, and LinkedIn.

https://www.facebook.com/privacy/policy/
https://privacycenter.instagram.com/policy
https://www.linkedin.com/legal/privacy-policy

Click the name of the platform above for a link to their privacy policy.

If you ‘like’ any of our posts or ‘follow’ us, we can make ourselves aware of who you are from the information that you publish in your profile on the relevant platform. Your information is held by the platform and is subject to their data policy – we don’t control those. You can find a link to the privacy policy for each of the social media platforms by clicking on their name above. 

Your replies to us, messages you send us, and your other activity linked to our posts may be seen by members of our staff and by our associates. Our contracts with them hold them to high standards of protecting your information. 

Who can see or use your data? 

We share information within the BMF companies to offer you the full range of our services. 

When you subscribe to our Careers platform your personal profile is searchable by BMF Members who may have suitable opportunities, open days or other information to share with you based on interests indicated by you in your profile. 

As well as our own employees, we also have external suppliers who may have access to your personal data where strictly necessary. 

These suppliers are carefully vetted and only access personal data where strictly necessary to provide support to BMF companies. 

Data location and platforms 

We use mainstream software packages for everything from our client records to email, to accounting. 

This means that some of our data may be held outside the UK and EU. We carefully select suppliers with appropriate security standards. 

We ensure all software providers adhere to globally recognised safeguards and standards required to protect data. 

Children’s Data 

Our services are not designed for children under 16 years of age. Children over 16 years of age may register with our Careers Service by creating a profile on the platform. 

We recognise the importance of protecting the privacy of children aged between 16 and 18. BMF will process and share data for individuals in this age group only under the following conditions: 

1. Parental or Guardian Consent: For children aged 16 to 18, BMF will obtain explicit consent from a parent or legal guardian before processing any personal data unless the child is legally deemed capable of providing their own consent. 

2. Data Collection: Personal data collected from children aged 16 to 18 will be limited to what is necessary for the purposes outlined in this privacy policy. This may include name, contact details, and any other information necessary to provide our services. 

3. Purpose of Data Use: The data collected will be used solely for the purposes of providing our services, including booking training, events, forums, and regional meetings, and for ensuring the safety and compliance of our operations. 

4. Data Sharing: BMF will not share the personal data of children aged 16 to 18 with third parties outside of the BMF group without explicit consent unless required to do so by law. Within the BMF group, data will only be shared to the extent necessary to provide our services. 

5. Data Security: BMF will implement appropriate technical and organisational measures to ensure the security of personal data collected from children aged 16 to 18. This includes secure storage and restricted access to authorised personnel only. 

6. Rights of the Data Subject: Children aged 16 to 18, or their parents or legal guardians, have the same rights to access, rectify, or delete the personal data held by BMF. 

How long do we keep your data for? 

If you unsubscribe from our newsletter list, your unsubscribe is recorded so that we do not continue to send newsletters to your email address. 

We adhere to legal requirements regarding data retention and as a result some personal data is retained for up to 7 years after the end of our working relationship. 

What are your rights? 

You have a number of rights regarding your personal data as listed below: 

  • Right to be informed – we must keep you informed about using your personal data and how we protect it. 
  • Right of access – following a secure process we must provide details regarding your personal data that we process 
  • Right of rectification – we must put right any errors in the data we hold about you 
  • Right of erasure – in some circumstances we must remove your personal data form our systems 
  • Right to restrict processing – you can, in some situations restrict our processing of your personal data 
  • Right of data portability – if you opt to use a different provider for the same services we must, if requested, provide your data to the new provider 
  • Right to object – you can object to your data being used for direct marketing 
  • Rights related to automated profiling – BMF do not use automatic profiling but if we did you would have explicit rights regarding this type of processing 

If you have concerns that we have information we should not be keeping, is out of date or otherwise wrong, or you wish to see what data we process about you please contact us on the details provide above. 

Our legal basis of processing 

When you subscribe to our careers platform or newsletter you give your consent for us to process your data as described in the terms and conditions. You can unsubscribe from email marketing at any point and will be able to delete your account on the careers platform. 

We process personal data as part of our business operation to enable us to provide our services – either so we can perform our contract with you, or because we have a legitimate business interest in processing your data. 

We are under a legal obligation to process personal data that relates to our business, accounting and tax records. 

Third party data 

As well as your own personal data, we understand that you may need to provide us with personal data relating to your employees, your workers, or other third parties – depending on the services we are providing to you. We hold all such information under strict confidentiality obligations, as set out in our terms of business. 

Third party information 

When we are processing data about you because it is necessary for us to do so to provide services to a client, depending on the circumstances we may be acting as ‘data processor’ (and operating under the banner of our client’s data privacy policy), or we may be ‘data controller’ (and operating under our own privacy policy). 

If our client is the data controller, we will act as directed by them. 

If we are the data controller, we will act in accordance with your statutory rights, subject to the exclusions and exemptions that may well apply in the circumstances of our processing of your data because we will be giving advice and providing legal services to our client. 

However, please be reassured that we operate under strict confidentiality obligations and maintain strict security protocols with respect to data we hold. 

Suppliers, Associates and Affiliates 

We collect information on potential and actual suppliers and associates. This is mostly provided by you. 

If you become a supplier or associate we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes. 

We keep record of the work you undertook for us along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution. 

This information is all needed to manage the contract between us, support our client relationships, and manage our supply chain. 

Data Security 

BMF considers data security to be very important. We achieved the Cyber Essentials accreditation to demonstrate our commitment to security. 

BMF has taken appropriate technical and organisational measures to ensure the security of data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. These measures may include but are not limited to: 

1. Implementing robust information security policies and procedures to ensure that personal data is protected throughout its lifecycle, from collection through to destruction. 

2. Using encryption technologies to safeguard data during transmission over the internet and ensuring secure storage of data at rest. 

3. Ensuring regular security assessments and audits are conducted to identify and rectify potential vulnerabilities within BMF’s systems and networks. 

4. Providing training to employees and contractors on data protection and information security principles to ensure they understand their responsibilities in safeguarding personal data. 

5. BMF uses industry-standard security protocols and technologies, including firewalls, encryption, to ensure the secure transmission and storage of personal data. 

6. Employing access control measures to ensure that only authorised staff have access to personal information, based on their role and necessity to access the data. 

7. Establishing incident response plans to promptly address any data breaches or security incidents, minimizing potential impact on data subjects and taking appropriate corrective action. 

BMF regularly review and update its data security measures to combat new threats and challenges, ensuring the ongoing confidentiality, integrity, and availability of personal information. 

Data Incidents and Breaches 

BMF will promptly inform both authorities and affected people if we become aware of any data breach that might risk people’s rights and freedoms where required by law to do so. The mandatory period for this is within 72 hours of discovering the breach, unless it’s unlikely to cause harm. 

If there’s a breach, we’ll quickly assess the risk. If needed, we’ll tell impacted people: 

– What happened 

– Who and what information was affected 

– Likely results of the breach 

– What we’re doing to fix it and reduce harm 

We’ll give you our contact details for more information. 

We’ll keep records of all breaches, including what happened, the effects, and our response. We’ll share these with regulators if asked.