Privacy Notice

1.1 We collect personal data about you for a number of reasons, including communicating with you, responding to requests for information, and to provide you with access to our resources and events. Where we refer to personal information in this notice, it might include any/all of:

(a) Identity information including your name, gender, date of birth, username, and social media ID’s or similar identifier.

(b) Contact information including your billing address, delivery address, business email address and telephone numbers.

(c) Your business information, including your business name, unique company number, job role, number of employees, turnover, business region, business sector, business size, and incorporation date.

(d) Technical information including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. We use this information for the operation of the service, to maintain and improve the quality of the service, and to provide general statistics regarding use of the Website.

(e) Profile information including your username and password, your interests, preferences, feedback and survey responses.

(f) Usage information including information about how you use our website, products and services.

(g) Marketing and Communications information including your preferences for receiving marketing from us and our third parties and your communication preferences.

(h) If you’re applying for a job at Be the Business we will collect details of your qualifications, skills, experience and employment history; information about your current salary; whether you have a disability for which we need to make reasonable adjustments during the recruitment process; information about your entitlement to work in the UK; and equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief – we will only collect this sensitive information with your explicit consent, which can be withdrawn at any time.

1.2 We also collect, use and share aggregated information. This includes statistical or demographic data. Aggregated information may be derived from your personal information but is not usually considered personal information as this data does not directly or indirectly reveal your identity. For example, we may aggregate usage information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated information with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.

1.3 On occasion we also collect sensitive personal data about individuals, for example, health information. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law. For example, we may make a record that a person has particular access requirements to ensure he or she may attend an event.

1.4 We also collect information about the use of our website using cookies (see the Cookies Notice more information).

2.1 We collect personal information in the following ways:

(a) Directly from you – this includes where you sign up to one of our events or take part in one of our programmes or training courses, sign up to become a mentor or mentee, or communicate with us. Also, if you have filled in a job application form or submitted a CV or resume.

(b) From third parties – this includes members of our Partner Leadership Group, trustees and Non-Executive Directors; also references from former employers.

(c) Social media – we may receive information through your use of social media (for example, LinkedIn, Facebook, Twitter and YouTube), depending on your settings or the privacy policy of these social media sites. Please refer to the privacy policies that these sites use for details of how to change your settings.

(d) To understand supporters –we work hard to ensure our work is effective. This includes us developing an understanding of our supporters by research through publicly available sources. We may obtain personal data from publicly available information and combine this with personal information to understand more about the interests and motivations of supporters. We may do this to enable us to tailor and target our communication and engagement (including in relation to the level at which you could support us). We will only use publicly available information from reputable sources (for example, from newspapers, postings on LinkedIn, information held on Companies House or information otherwise in the public domain).

(e) Cookies (and automated technologies or interactions) – we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see below for more information on cookies.

(f) Third Party Websites – When you use our website or otherwise engage with us, you may receive links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we would please encourage you to read the privacy notice of every website you visit as that will govern how that website will process your personal information.

3.1 We will process your data for the following reasons:

(a) Deliver services, literature and/or other materials and information you have requested from us;

(b) To provide you with access to our resources, including the Benchmark your Business tool;

(c) To help you be an Ambassador for us;

(d) To send you updates about our work, along with information future programmes and events.

(e) For our own internal administrative purposes and keep a record of your relationship with us;

(f) To manage your communication preferences;

(g) To conduct surveys, research and gather feedback;

(h) To produce reports and studies based upon our activities (only anonymised data to be included in the publication);

(i) To comply with applicable laws and regulations, and requests from statutory agencies;

(j) To enter into a working agreement with you.

4.1 UK data protection law (the General Data Protection Regulation) requires us to have a “legal basis” for processing (using) your personal data. The legal basis we rely on are:

(a) Where we have your specific consent to use your personal information for a specific purpose. Please see “How we use your personal information” below.

(b) Where we process your personal information for our legitimate interests. Please see “Legitimate Interests” – below.

(c) Where the processing of personal information is necessary to perform a contract with you (for example, where you have accepted a job from us).

(d) Where the processing of personal information is necessary to comply with a legal or regulatory obligation that applies to us (for example, in some instances, we may be required to share your information with the Charity Commission, Information Commissioners Office or other regulators) or to use your information for due diligence or ethical screening purposes

5.1 We will not sell your personal information. We only wish to contact you in a way that are is consistent with our relationship (how you would expect to be contacted and with materials you would expect to receive from us).

5.2 Our communications may include information about our objective and activities, the projects we’re involved with and the impact of your support as well as requests for financial support at a corporate level. We will use your personal information to tailor and target our communications to you.

5.3 We will use your personal information:

(a) Where we have your consent to do so, eg. when you sign up to receive marketing communications from us to your business email address, SMS or phone.

(b) To send you marketing communications by post or your business email address based on our legitimate interests or otherwise where we process your personal information based on our legitimate interests. For more information on this, please see “Legitimate Interests” below.

(c) To manage our work effectively and provide you with the best experience by analysing and segmenting our supporter base, to enable us to tailor and target our approach and provide the best service and experience according to your interests as well as in relation to the level of support you may be able to provide.

(d) Profiling your personal data: An important component in Be the Business being able to match mentees with suitable mentors is by profiling your personal data. We use elements of your personal data such as business type, the kind of help you need, age band, location, email, ethnicity and gender and use this to find a suitable match, and in some cases we use an algorithm to help us. You will be informed that we are using an algorithm to match you before you sign up to any mentoring scheme and you will be asked for your explicit consent for us to use automated profiling on your personal data

(e) For research and analysis purposes – this may include inviting you to participate in surveys or research or analysing usage data from our website to improve our content or user experience.

(f) For the provision of services or “administration” – this may include:
 i. Dealing with gifts in kind or corporate sponsorship, including communications to confirm and say thank you, or for other administrative reasons relating to your gift.
 ii. Dealing with any transaction you enter into with us and for us to fulfil any contract with you (for example, where you sign up to an event).
 iii. Preparing reports about our work, services and events.
 iv. When you contact us to ask questions.
 v. If you provide any content to us.
 vi. Monitoring website use (to enable us to improve user experience).
 vii. Responding to your enquiries, contacts or requests about your personal information.
 viii. Notifying you about changes to the website or our services.
 ix. For internal record keeping (we will keep a record of our relationship).
 x. Carrying out fraud prevention (and money laundering checks), undertaking credit risk activities and in relation to legal claims we take or defend.
 xi. To safeguard those who work for or with us (or we otherwise engage with).
 xii. To process and administer your application for a job.

(g) When we enter into a working agreement with you, in some cases we may need to process your data in the following ways:
 xiii. To ensure we are complying with our legal obligations, eg, checking your right to work in the UK.
 xiv. To manage the process of recruitment and assess and confirm your suitability for the role and decide who to offer a role to. We have a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process.
 xv. We may also need to process data from job applicants to respond to, and defend against, legal claims. Where we are relying on legitimate interest as a reason for processing data, we have considered whether or not those interests override the rights and freedoms of the applicant and have concluded that they do not.
 xvi. We process health information if we need to make a reasonable adjustment to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
 xvii. For some roles Be the Business is obliged to seek information about criminal convictions and offences. This is necessary to carry out our obligations and exercise specific rights in relation to employment.
 xviii. Be the Business will not use your personal information for any purpose other than the recruitment exercise for which you have applied.

6.1 Under the UK Privacy and Electronic Communications (EC Directive) Regulations 2003, legitimate interest can be used for business to business email marketing if:

(a) It only applies to ‘corporate subscribers’ (employees of incorporated/limited companies, limited liability partnerships and government/local authority institutions);

(b) It is based on a relevant and appropriate relationship (for example, with an employee of a business who would benefit from your product or service); and

(c) It does not conflict with opt-outs or unsubscribes.

6.2 Be the Business has conducted a Legitimate Interest Impact Assessment and has concluded we can rely on Legitimate Interest when processing Business to Business (B2B) data for email direct marketing because it’s permitted under the ePrivacy Directive, you have a reasonable expectation that we will process your personal data in this way because of what we told you when you gave us your business email address; and we believe we have a relevant and appropriate relationship with you.  In addition, you can unsubscribe from our emails at any time, or contact us at dpo@bethebusiness.com

6.3 When we use legitimate interest as the legal basis for processing, we always consider and balance any potential impact on you and your rights before we process your personal information for our legitimate interests and will only proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the interests of our organisation in conducting and managing our operations to enable us to give you the best service and the best and most secure experience. Specific examples of this include:

(a) Sending you information and marketing materials to your postal address and business email address.

(b) Analysis and profiling of our supporters.

(c) Using third party sources to keep your postal address up to date.

(d) Use of personal information to monitor use of our website (and apps) for technical purposes.

(e) Sending marketing messages to your phone, business email address & social media.

7.1 We do not share, sell or rent your information to third parties for their marketing purposes, unless we have your explicit consent to do so. We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law.

7.2 We may allow our staff, consultants and/or external providers (data processors) acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to analyse data and to process payments). (See Disclosures of your personal information below.) We only provide them with the information they need to deliver the relevant service, and ensure that we take steps to ensure that they process personal data in a secure manner.

8.1 We may share your personal information with the following third parties set out below:

Third Party: Analytics, tracking and search engine providers

Description: We may share data with analytics and search engine providers who assist in the optimisation of our site and our services.

Third Party: Professional advisors

Description: Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

Third Party: HMRC / Other Regulators

Description: Where we are under a legal duty to disclose of share your personal information in order to comply with legal obligations, including to HM Revenue & Customs, regulators and other authorities
(who require reporting of processing activities in certain circumstances).

Third Party: Partners

Description: We work with various partners, including business partners, suppliers and subcontractors who will process data on our behalf.  These suppliers include those who provide us with IT, system
administration and other services and the providers of other services (including market research).

8.2 We may share your personal information to enforce or protect our legal rights, or the safety of those who work for us, or with us, our beneficiaries, donors or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

8.3 If we merge (or if we were to sell any part of our operations), including where Be the Business or its assets are acquired by another charity or other third party, personal data will be one of the transferred assets.

8.4 We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. Some of our partners run their operations outside of the EEA (European Economic Area) and this may include countries who have different data protection laws. We will always take steps to make sure appropriate protections are in place (in accordance with UK data protection law) and that information is safeguarded.

9.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

9.2 While we will use all reasonable efforts to safeguard your personal data, the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us.

9.3 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

10.1 Be the Business has a Records Management Policy and a retention schedule for all information and data, please contact dpo@bethebusiness.com if you would like a copy. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

10.2 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you no longer have a relationship with us, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

10.3  If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

11.1 You have a number of rights under data protection legislation. These include:

(a) Right of access
You have the right know what information we hold about you and to ask, in writing, to see your records. We will provide you with details of the records we hold as soon as possible and at latest within one month, unless the request is complex. We may require proof of identity before we are able to release the data. Please use the details in the “Contact us” section below if you would like to exercise this right.

(b) Right to be informed
You have the right to be informed how your personal data will be used. This policy as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.

(c) Right to withdraw consent
Where we process your data on the basis of your consent (for example, to send you certain marketing texts or e-mails) you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section below or unsubscribe in the method outlined in the communication.

(d) Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the “Contact us” section below.

(e) Right to restrict processing
In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.

(f) Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials we will need to keep some limited information in order to ensure that you are not contacted in the future.

(g) Right of rectification
If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using the details in the “Contact us” section below.

(h) Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.

11.2 Complaints
If you are unhappy with the way in which we have handled your personal please contact us at dpo@bethebusiness.com. You are also entitled to make a complaint to the Information Commissioner’s Office – https://ico.org.uk/.

We may update this policy from time to time without notice to you, so please check it regularly. We will however aim to bring any significant changes to your attention. The privacy policy was last updated on 14 June 2023.

Please contact us if you have any questions about our privacy policy or information we hold about you by emailing dpo@bethebusiness.com.