GDPR STATEMENT
General Data Protection Regulation (GDPR) became law on 25th May 2018 and covers how processing, storing & controlling data about individuals is carried.
As a membership organisation which provides data & information provider as part of its services to its members/customers for legitimate business interests since 1935, we take our responsibilities under the GDPR extremely seriously and ensure our processes and practices are compliant, and that our members & customers can make use of our data & information in confidence.
WHAT IS GDPR?
It’s a set of laws governing how personal data must be processed and stored, with a view to giving individuals greater control over how their data is used. Even after leaving the EU, the UK will continue to adopt GDPR as part of its own legislation. GDPR guarantees that data & information is treated with respect, kept protected, used honestly, responsibly and ina clear & transparent way.
HOW DOES BUILDERS’ CONFERENCE VIA OUR PLATFORM COLLECT AND MANAGE PERSONAL DATA?
We collect contact data from publicly-available, public-sector sources, local planning authorities, public tendering websites, publicly available spending plans, as well as publications & social media.
All this information is comprehensively and frequently researched to identify individuals involved in construction projects. Many of these contacts are corporate individuals. Whilst this is still categorised under GDPR as personal data, it can be used within current legislative framework for business-to-business sales and marketing purposes, assuming the Privacy and Electronic Communications Regulations (PECR) are followed.
To confirm personal data held on our platform, including their involvement on construction projects (where and if applicable), our team of researchers contact identified people either new or existing. A follow-up confirms their inclusion on our platform, including directions to our privacy policy (contained on the front of Builders’ Conference website www.buildersconference.co.uk) – At all points, individuals can exercise their rights and opt-out from being included. Only then is their data made available on the platform, which is updated in real-time, ensuring an individual’s most up-to-date status is available. We are registered with the Information Commissioner as a data controller, and we have appointed a dedicated Data Protection Officer to ensure our organisation continues to be compliant.
ARE BUILDERS’ CONFERENCE PERMITTED TO COLLECT AND PROCESS PERSONAL DATA?
Yes – the data & information is provided to our members/customers is based on the legitimate interest of improving marketing efficiencies for buyers and sellers within construction and connected markets. Legitimate interest is one of the six lawful grounds for processing data under the GDPR.
DO BUILDERS’ CONFERENCE REQUIRE CONSENT TO SHARE THIS DATA & INFORMATION WITH CLIENTS VIA ITS PLATFORM?
No. In a business-to-business setting an opt-in consent is not required for Builders’ Conference to share this data & information with third-party customers. In the setting of our business, properly informed opt-in consent is not realistic or practical.
TO ANSWER THE QUESTION OF – WHY ISN’T IT REALISTIC OR PRACTICAL TO OBTAIN CONSENT?
Defined under the GDPR, consent requests must include the name of any third-party controllers (i.e. Builders’ Conference members/customers) who will rely on the consent.
Information Commissioner’s Office (ICO): Make your consent request prominent, concise, separate from other terms and conditions, and easy to understand. Include: the name of your organisation; the name of any third-party controllers who will rely on the consent; why you want the data; what you will do with it; and that individuals can withdraw consent at any time.
This would mean in Builders’ Conference situation, listing the company names of thousands of companies, which cannot accurately be done in a succinct and easy to review manner. Merely informing platform contacts their details may be shared with a generic group of third- parties, for example members/customers, does not constitute opt-in consent.
Builders’ Conference would then need to re-contact all contacts each time a new third-party controller (i.e. a new Builders’ Conference member/customer) gained access to the Platform to ensure their consent remained in place, which is impractical and unrealistic.
Also, the GDPR requires consent must be informed, and that the individual must be fully-aware of what they are giving their consent for. To satisfy this condition, our researchers would need to dictate a lengthy script and privacy policy containing an irreducible amount of information. As stated before, this cannot realistically be carried out in a succinct and easy to understand manner.
By using legitimate interest as a ground for processing, Builders’ Conference members/customers can be assured that they are not at risk of relying on consent that is not legally robust in the eyes of the ICO, and that they will have access to our platform of industry contacts with no data & information being withheld due to lack of consent.
ARE YOU AS A MEMBER/CUSTOMERS ALSO GDPR COMPLIANT BECAUSE YOU ARE USING OUR DATA?
No. Once our data & information has been exported/downloaded from our platform, your business becomes the data controller thereby you must ensure its storage, collection, use and retention complies with the GDPR. No matter where you receive sales and marketing data & information this is the case. We advise all members/customers to seek independent advice to recognise what can and cannot be done with data & information obtained from external sources to your own business. This could include the completion of a legitimate interest assessment, through which members/customers can demonstrate their GDPR compliance if required. In addition to the GDPR, members/customers must also consider electronic marketing communications are also covered by PECR.
FAQ’S
- What is legitimate interest?
Legitimate interest is one of the grounds for processing data & information as specified by the GDPR. The ICO states, “It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there isa compelling justification for the processing”. For business-to-business purposes, where members/customers are utilising our data & information to recognise companies and individuals who are likely to have a requirement for their products and services, this is appropriate.
- What is a legitimate interest assessment?
Legitimate interest assessment (LIA) is a risk-assessment based on our member/customer’s specific context and circumstances for processing data & information.
- What is PECR?
Privacy and Electronic Communications Regulations (PECR) are a set of rules acting in conjunction with the GDPR giving people specific privacy rights in relation to electronic communications. PECR sets out different rules for marketing to companies and marketing to private individuals (i.e. not business contacts). In general, the rules on marketing to companies are not as strict. PECR states that private individuals can only be contacted via email or by text message with informed and specific consent. Accordingly, in order to safeguard our members/customers, email addresses and telephone numbers are removed from this data if it is collected.
- Can I make telephone sales calls to contacts using the data?
Yes. You must identify the grounds for this under the GDPR via a legitimate interest assessment and you must also comply with the Telephone Preference Service (TPS).
- Can I email/mail contacts using the data?
Yes. You must identify the grounds for this under the GDPR via a legitimate interest assessment and comply with PECR.
- Ifa contact unsubscribes from our marketing do they also unsubscribe from Builders’ Conference platform?
No. members/customer’s own their mailing lists and therefore are your own responsibility.
- How do I know that someone who unsubscribed from our marketing will not be identified on Builders’ Conference platform in the future?
It is incumbent upon members/customers to maintain their own suppression lists internally.
- How are requests to be removed from your platform carried out?
Our privacy policy sets out how an individual can file a request to be removed from the platform. An individual can also make this request via telephone to our main office in Sutton Surrey. As previously stated our platform is updated in real-time therefore any requests for removal received will be actioned and updated within hours.
- How do I know if someone has opted-out of your database?
All requests to be removed from our platform are carried out quickly, It is essential all members/customers refer back to our website for the most recently updated information.
- How long can I keep data & information before contravention of the GDPR rules?
The GDPR stipulates personal data must not be held for longer than you need it. Members/customers must study what this means to them as a data controller and therefore justify if required to. As above, member/customers must be aware, if they retain and use out-of-date data for marketing purposes, they may contact individuals who have opted-out of inclusion which could lead toa complaint.
- How secure is Builders’ Conference data?
Our processes are secure and in line with industry best practise. All data & information is stored using market-leading technology.
If you have any questions regarding our data & information please contact us.