British Chemicals Association (BCA or the Association) has produced this privacy notice as required by the UK General Data Protection Regulation (UK GDPR), which means Regulation (EU) 2016/679 (EU GDPR, implemented in the UK prior to the UK leaving the EU by the Data Protection Act 2018) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.
This privacy notice aims to give you information on how BCA collects and processes your personal data in compliance with GDPR.
BCA is a not-for-profit trade association whose members, currently totalling around 120, operate in the chemical industry supply chain. BCA provides members with access to timely, targeted and relevant information on industry and regulatory developments and aims to provide a collective voice for members to represent their interests at the UK and international levels by working to shape and mitigate the impact of legislation on their businesses. BCA also runs seminars, conferences and training courses which are open to non-members as well as to members.
Personal data, or personal information, means any information about an individual from which that person can be identified.
BCA collects personal data relating to contacts within its member companies, as well as data relating to those individuals who are members in their own right. Personal data which BCA collects includes first name(s) and surnames, telephone numbers, job titles, email addresses, membership of BCA sector groups, special dietary requirements, whether a contact is the main contact for the BCA member or not, and, occasionally, home and website addresses. BCA also generates and holds BCA website members’ area access user names and passwords.
In addition, BCA collects personal data when that data is necessary for compliance with legal obligations, such as the data required by Companies House relating to the appointment of directors of the Association.
Personal data which BCA collects relating to non-members includes first name(s) and surnames, telephone numbers, job titles, email addresses, special dietary requirements and whether contacts are members of BCA sector groups on a guest basis.
BCA does not collect any sensitive “special category”, children’s or criminal offences or convictions data.
Personal data is generally collected directly in a variety of ways, including from membership application forms, booking and feedback forms for BCA members’ meetings, seminars, conferences and training courses and through contact via telephone and email. However, when website cookies are used data is collected automatically.
Personal data is used by BCA for the general administration of the Association; to provide information, predominantly by email, on industry and regulatory developments and on members’ meetings, seminars, conferences and training courses; for work with contacts in Government, other trade associations and other organisations; and for reviews of the use of its services.
In addition to sharing data when necessary for compliance with legal obligations, BCA may share personal data with service providers such as those who provide IT and system administration services and with professional advisors such as its lawyers and accountants.
BCA may share personal data with other third parties in the course of organising events such as members’ meetings, seminars, conferences and training courses insofar as the names and affiliation of those who have registered to attend events may be shared with other delegates and speakers and with event organisers at event venues. Event venue event organisers are also notified of special dietary requirements.
BCA asks all third parties to maintain the security of personal data shared with them and authorises them to use the data only for the purposes for which it has been provided.
Personal data may also be shared with Government, other trade associations and other organisations to facilitate input on the basis of consent by representatives from BCA members to the development of policy or other project work.
BCA does not make available to any other third parties, nor does it sell, nor does it transfer outside the UK except for the EU, any personal data it holds.
The GDPR requires organisations to identify the lawful basis for their processing of personal data. Six lawful bases are available for processing, namely “consent”, “contract”, “legal obligation”, “vital interests”, “public task” and “legitimate interests”.
“Legitimate interests” applies when processing is necessary for the legitimate interests of an organisation or the legitimate interests of a third party, unless there is a good reason to protect an individual’s personal data which overrides those legitimate interests.
BCA considers that, of the various lawful bases available, “legitimate interests” is the appropriate legal basis for its processing of personal data for the administration of the Association and for the provision of its services, except when the processing is necessary for compliance with legal obligations when the lawful basis is “legal obligation”, and except in specific cases where consent is sought when the lawful basis is “consent”. BCA has reviewed whether the processing it carries out is necessary for these purposes and is satisfied that there is no other reasonable alternative.
The GDPR applies to data “controllers” and to data “processors”.
For the purposes of the GDPR, the Association is the data controller in that it determines the purposes and means of processing personal data. The Association’s contact details may be found at the foot of this page.
The data processors for the purposes of the GDPR are members of the BCA secretariat, including the Company Secretary and the BCA office administrator and accountant, who are responsible for processing personal data on behalf of the controller. Data is held securely on the BCA database and on the BCA website.
In the event that contacts cease to be employed by BCA members or cease to be contacts, their personal data is removed by the BCA office administrator from the BCA database and BCA website. In addition, their email addresses are removed from any relevant email lists.
Cookies are small files that with user consent, unless they are “essential” to the website when they do not need user consent, are downloaded to a user’s computer on accessing a website. They are used to store information that may be read and used by that website on that and on subsequent occasions.
Under the GDPR, individuals have the right to be informed about the collection and use of their personal data, a key transparency requirement of the Regulation, as well as the purposes for which their personal data is processed, retention periods for that personal data and with whom it will be shared, this “privacy information” being communicated via a privacy notice.
Under the GDPR, in the context of the collection and processing of personal data by BCA, individuals have additional rights, namely the right to have access to their personal information; the right to the rectification of inaccurate information; the right to have it deleted; and the right in some circumstances to object to or restrict processing, all of which may be exercised by contacting the BCA office administrator.
Equally BCA contacts who do not wish to continue to be included in emailing lists can ask the BCA office administrator to remove their email addresses from such lists. Similarly, BCA members who no longer wish to receive information via the website information menu system may themselves de-select the information they no longer wish to receive or can ask the BCA office administrator to do this for them.
If you would like more information regarding this privacy notice and the GDPR, please contact the BCA office administrator at firstname.lastname@example.org More information on the GDPR may be found on the Information Commissioner’s Office (ICO) website.
What we do