BGRS EU Privacy Notice
Last Modified: November 2018
As a talent mobility/relocation management business (BGRS), we are entrusted everyday with collecting and managing person-identifiable information of client assignees and transferees. In doing so, we observe the appropriate EU/UK data protection laws.
Additionally, our data protection and privacy obligations extend to each of our service partners (supply chain) and other service providers with whom we share personal information as they work on your behalf. That is one of the reasons why we carefully screen our service partners – the companies and specialists that handle specific relocation and mobility services from household goods management to immigration to compensation support. We not only ensure they are taking good care of your data; we also verify that they have proper systems in place to protect confidential personal information.
In order that you are reliably informed about how we operate, we have developed this EU Privacy Notice, which describes the ways in which we collect, manage, process, store and share information about you as a result of you visiting this site and engaging with BGRS. The EU Privacy Notice also provides you with information about how you can have control over the use of your data.
If you have any comments or queries regarding our use of your data, please contact our Global Data Protection Officer at firstname.lastname@example.org
Alternatively, you can write to our Global Data Protection Officer at BGRS, 6th Floor, 20 Canada Square, London, UK E14 5NN
2. What information do we collect about you?
In general terms, we seek to collect information about you so that we can:
- administer our relationship with you, provide services and respond to enquiries;
- implement the services that the client has authorized in accordance with the client policy;
- enable business development including sending invitations to meetings and events and sending out newsletters;
- deliver information to you about our services;
- ensure the billing of any procured services and obtain payment;
- process and respond to any complaints;
- enable us to meet our legal and other regulatory obligations imposed on us;
- audit usage of our services.
The information that we need for these purposes is known as your “personal data”. This includes your name, home address, email address, telephone and other contact numbers and financial information. We collect this in a number of different ways, for example, you may provide this data to us directly online, via email or over the telephone, or when corresponding with us by letter.
We may be in receipt of sensitive categories of information during your engagement with us that includes:
- racial or ethnic origin;
- health data (physical or mental health).
Where appropriate we voice record some of our client interactions, therefore any information captured via this medium will automatically be stored, for training and monitoring purposes.
3. How will we use the information?
We use the data collected from you for the specific purposes listed in the table below. Please note that this table also explains:
- the legal basis for processing your data, linked to each processing purpose; and
- in what circumstances your data will be shared with a third party organization.
Note: BGRS works with a global network of relocation partners (supply chain partners) who provide services such as:
- destination services;
- visa and immigration assistance;
- household goods transportation;
- language training
- temporary accommodations;
- education assistance.
|Purpose for processing data||Legal basis for processing data||Third party organisation with whom data is shared|
|To administer our relationship with you, provide services and respond to enquiries.||To fulfil contractual obligations.||Supply Chain Partners, Insurance Providers, Healthcare Providers.|
|To provide you with accurate advice and recommend the right services for your relocation experience in line with the client policy||To fulfil contractual obligations.||Clients.|
|To enable business development including sending invitations to meetings and events and sending out newsletters.||To fulfil a legitimate interest.||Clients.|
|To deliver information to you about our services.||To fulfil a legitimate interest.||Clients.|
|To ensure the billing of any procured services and obtain payment.||To fulfil contractual obligations.||Clients.|
|To process and respond to any complaints.||To fulfil a legitimate interest.||Clients, Supply Chain Partners, Insurance Providers.|
|To enable us to meet our legal and other regulatory obligations imposed on us.||To fulfil a legal obligation.||Appropriate Government Departments, Regulators, Auditors.|
|To audit usage of our services.||To fulfil a legitimate interest.||None.|
4. Your rights?
Right to access to personal information
You have the right to obtain written confirmation from us whether your personal information is being processed by us or by a third party.
You have the right to access any personal information we hold about you.
You can make a request to access your information by contacting us at:
Global Data Protection Officer
20 Canada Square
London E14 5NN
Or by email at email@example.com
Upon receipt of your subject access request, we will ask you to provide sufficient information to prove your identity and address before any personal information is released to you.
If you make a subject access request through a third party, such as a solicitor, it will be the responsibility of the third party to provide evidence to demonstrate that they are entitled to act on your behalf. This can take a form of a power of attorney or an appropriate written authority.
Although there is no fee for meeting your request we reserve the right to charge a reasonable fee if, in our reasonable judgement the request is manifestly unfounded, excessive or repetitive.
Any fee charged will be based upon the administrative cost of providing the information.
We have one month from the date of receipt of your request to comply.
If you request large amounts of information, we may ask you to specify in more detail the information you require.
Right to rectification
You have the right to request that we rectify personal information which is inaccurate or incomplete. In the first instance contact your Relocation Consultant in writing, specifying the inaccurate or incomplete personal information. Provide them with the correct personal information and ask them to rectify it.
We are required to rectify the information within one month. This can be extended to two months if the request for rectification is complex.
If you feel that your request for rectification is not being dealt with, you can escalate your request to the Global Data Protection Officer at the address given above.
Right to erasure (to be forgotten)
You have the right to request the deletion or removal of personal information where there is no compelling reason for its continued processing. Individuals have a right to have personal information erased and to prevent further processing in the following circumstances:
- Where the personal information is no longer necessary in relation to the purpose for which is was originally collected of processed;
- When you withdraw your consent for your personal information to be processed;
- When the individual objects to the processing and there is no legitimate interest for the personal information to be processed;
- Personal information has unlawfully been processed;
- Personal information must be erased on the order of the courts.
We may refuse to comply with your request for erasure if we are required to comply with a legal or statutory obligation or if the personal information will be required for the purpose of resolving a claim, complaint or in the defence of a claim or complaint.
Right to restrict processing
You have the right to restrict the processing of your personal information in the following circumstances:
- Where you contest the accuracy of the personal information which is being processed. You can ask for the restriction to be put in place until you are satisfied that the inaccuracies have been rectified;
- The processing of the information is deemed to be unlawful but you do not want your personal information to be erased;
- The personal information is no longer required by us but you would like us to retain it to establish, exercise or defend a legal claim.
Right to object
You have the right to object to the processing of your personal information related to direct marketing even if you have previously consented to your personal information being processed for that purpose.
If you object we will cease processing your personal information for marketing purposes as soon as we receive your written objection.
You can raise your objection at any time by contacting the Global Data Protection Officer at the above address.
5. Is the processing of information likely to cause individuals to object or complain?
BGRS is not aware of any justifiable reasons that would constitute a legitimate reason for objecting or complaining about the way we process or control information.
6. How long will we retain information for?
We will retain your personal information for no longer than is necessary for the maintenance of our contract with the client and while we are providing on-going services to you. We will also retain your personal information to meet legal or regulatory requirements. We will not typically retain your personal information for longer than seven years.
7. Accreditations and memberships
Our accreditations and membership of key leading standards organisations ensure that we are in a position to represent our clients and lobby for change if it is needed. BGRS holds the following certifications:
|Accreditations and memberships||Legal Basis||Purpose for sharing personal data|
|ISO 9001 – The quality standard for business processes (management systems) – UK Office||Legitimate Interest||External audit to ensure standards are maintained. Training records and expertise of staff disclosed to the Accreditation Body.|
|ISO27001 – The information security standard for businesses||Legitimate Interest||External audit to ensure standards are maintained. Training records and expertise of staff disclosed to the Accreditation Body.|
|ERC – the Worldwide Employee Relocation Council||Legitimate Interest||Professional membership information collected, trend identification data, training and education records are disclosed.|
|IAM – International Association of Movers||Legitimate Interest||Professional membership information collected, external audit to ensure standards are maintained.|
|EuRA – Professional body for European employee relocation||Legitimate Interest||Professional membership information collected, external audit to ensure standards are maintained.|
8. Privacy Shield Framework
We participate in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and have self-certified to the U.S. Department of Commerce our adherence to the Privacy Shield Principles for all personal information received from countries in the European Economic Area and Switzerland in reliance on the Privacy Shield.
To learn more about Privacy Shield, visit the Privacy Shield website. Under Privacy Shield, we are responsible for the processing of personal information we receive and subsequently transfer to a third party supplier acting for or on our behalf. We are liable for ensuring that the third parties we engage support our Privacy Shield commitments. The U.S. Federal Trade Commission has regulatory enforcement authority over our processing of personal information received or transferred pursuant to Privacy Shield. BGRS commits to cooperate and comply with the advice of the regulatory authorities to whom you may raise a concern about our processing of personal information about you pursuant to Privacy Shield, including to the panel established by the EU authorities and the Swiss FDPIC. This is provided at no cost to you. For more information, see the Privacy Shield Complaints section below.
Privacy Shield Complaints
In compliance with the Privacy Shield Principles, BGRS commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact BGRS at the address below:
150 Harvester Drive,
BGRS has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.jamsadr.com for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Additionally, if personal information about you is transferred by BGRS from the EEA to the U.S. pursuant to Privacy Shield, and you have an unresolved concern regarding personal information processing about you that we have not addressed to your satisfaction, please contact the EU authorities at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
And, if personal information about you is transferred by BGRS from Switzerland to the U.S. pursuant to Privacy Shield, and you have an unresolved concern regarding personal information processing about you that we have not addressed to your satisfaction, please contact the Swiss FDPIC at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Under certain conditions, described more fully on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Disclosures for National Security or Law Enforcement.
Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
9. Overseas transfers
Information that we collect about you is shared within the BGRS family globally as appropriate, and with approved third party suppliers and business partners. Our data sharing and access is conducted under agreed contract in line with EU standard contractual clauses.
10. Data privacy and security
At BGRS, we maintain a comprehensive data privacy and security work program, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work program which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
- Protect against potential breaches of confidentiality;
- Ensure all IT facilities are protected against damage, loss or misuse;
- Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that we handle, and
- Ensure the optimum security of this website.
11. Location tracking via our website
Geo-location tracking, which shows us where you are in the UK or EU, is not used on this website.
12. Changes to our Privacy Notice
Our Privacy Notice has been updated and is effective as of the date indicated at the beginning of this Privacy Notice, and remains in effect until amended. BGRS reserves the right to amend this Privacy Notice at its sole discretion. Any alterations to this Privacy Notice will be posted on our websites in a timely manner. By accessing these websites or using the Services after we make any such changes to this Privacy Notice, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of your personal data is governed by the Notice in effect at the time we collect such data. Please refer back to this Privacy Notice on a regular basis.
Questions and comments regarding this Privacy Notice are welcomed, and should be sent to our Global Data Protection Officer at firstname.lastname@example.org
Alternatively, you can write to our Global Data Protection Officer at BGRS, 6th Floor, 20 Canada Square, London, UK E14 5NN
You can also contact our Global Data Protection Officer if you have any concerns or complaints about the way in which your personal data has been handled as a result of you using our website.
Alternatively, you have the right to lodge a complaint with our Main Establishment Supervisory Authority in the UK, namely The Information Commissioner, who may be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire UK SK9 5AF or https://ICO.org.uk