How we keep your personal information secure
We take our security obligations seriously and we take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
All our staff and third-party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. You are responsible for keeping any passwords you use to access our platforms safe.
Disclosure of your personal information
Inside the BBA group
The BBA Group includes companies and operations around the world. Therefore, we may share your personal data with other entities in the BBA Group for our general recruitment analysis and workforce management purposes.
Access rights between the BBA Group companies are limited and granted only on a need to know basis, depending on job functions and roles.
Where any BBA Group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to protect your personal data. In addition, we will enter into a written contract imposing appropriate security standards on them and, if your personal data is transferred to a BBA Group company outside the EEA, we will put in place appropriate safeguards to ensure the protection of such data.
Outside the BBA group
From time to time we may ask third parties to carry out certain business functions for us. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to other people, we will make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them. Examples of these third-party service providers include service providers and/or sub-contractors, such as HR and marketing service providers, background checking agencies, drug and alcohol testing providers, IT support, back up and server hosting providers.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, in particular:
- if we transfer, purchase, reorganise, merge or sell any part of our business or the business of a third party, and we disclose or transfer your personal data to the prospective seller, buyer or other third party involved in a business transfer, reorganisation or merger arrangement (and their advisors); and
- if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
- consultants and professional advisors including legal advisors and accountants;
- recruitment agencies appointed by us or you;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- trade associations and professional bodies;
- insurers; and
- governmental departments, statutory and regulatory bodies.
Where we transfer your personal information
If you are based in the European Union or you are applying for a position with an BBA entity based in the European Union and disclosures of personal data referred to above require us to transfer your personal data from within the European Economic Area (“EEA”) to a destination outside the EEA, we will only make that transfer if:
- the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
- the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States
- we have put in place appropriate safeguards to protect your personal data, such as an appropriate approved form of contract with the recipient which incorporates specific provisions as directed by the European Commission;
- the transfer is necessary for one of the reasons specified in data protection legislation; or
- you explicitly consent to the transfer.
Personal data shared between the BBA Group will be subject to the contractual obligations imposed by EU standard contract clauses. A copy of the European Commission approved standard contractual clauses are available here.
If you would like to see a copy of any of the other relevant safeguards used by us to protect the transfer of your personal data, please contact email@example.com.
How long we keep your personal information
If you are our employee we will keep your personal data during the period of your employment and then, after your employment with us ends, for as long as is necessary in connection with both our and your legal rights and obligations. This may mean that we keep some types of personal data for longer than others.
We will only retain your personal data for a limited period of time. This will depend on a number of factors, including:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
If BBA use your personal data as a Controller and UK or European Union law applies to that use:
You have certain legal rights, which are summarised in the table below, in relation to any personal data held by BBA about you. Your ability to exercise these rights will naturally be limited where we incidentally use limited business-related personal data in business records and business communications which we need to retain.
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.
Where our processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
You can exercise these rights at any time by contacting us at firstname.lastname@example.org.