Privacy NOTICE and Statement
This Privacy Notice explains how we at BRC Global Standards obtain, use and disclose your personal data and how you can contact us if you have any questions or want to exercise any of your privacy rights.
BRC Trading Limited (trading as BRC Global Standards), is the controller of your data. BRC Global Standards takes its privacy responsibilities seriously and has implemented measures designed to protect your personal data and ensure compliance with applicable laws. For information about how to contact us, please go to Section 14.
1. Personal data BRC Global Standards may collect about you
We collect personal data about you when you visit our website(s), sign up to receive communications from us, purchase our products or services, or otherwise interact with us. The personal data we may collect about you may include any of the following:
̶ contact details – such as your name, physical address, email address, telephone/mobile phone (personal and/or business), company you work for, company address, job title
̶ customer details and history – such as username, password, customer ID, details of products or services purchased, billing details, shipping details, order details
̶ marketing preferences – such as whether or not you have asked to receive marketing communications from us and what type of information you are interested in receiving
We will indicate on the relevant collection form where the provision of specific personal data is mandatory in order for you to receive the product or service you are requesting. If you do not provide this mandatory information (e.g. your name and address when purchasing a product, or your email address when signing up for our newsletter) we will not be able to complete your request.
2. Purposes for which BRC Global Standards may use your personal data
We may use your personal data for any of the following purposes:
̶ providing products and services to you – including processing your personal data for the purpose of account administration and management, order fulfilment, delivery, managing customer relations, billing and payment administration, fraud detection and prevention, providing customer support services, notifying you of [important] developments in procedures or products which we believe will assist you in the use of the product or service you have purchased, and handling complaints and enquiries
̶ direct marketing, including profiling and analytics – including processing your personal data to send you direct marketing communications, profiling and analysing customer interests, behaviour and preferences (to help us better understand our customers, improve our products and services and provide more tailored marketing communications and enhance customer satisfaction), marketing research
̶ administration and management – including administering and managing our business, website(s), contractual relationships, data subject requests and giving effect to customer marketing preferences
̶ online tracking and analysis – including using cookies and similar technologies to track visitors to our sites and measure and analyse their use of our sites – see further Section 10.
3. Disclosures of your personal data
We will never sell your personal data. We will only disclose your data to:
other companies within the BRC Global Standards group in connection with the purposes described in Section 2; and/or
our third party service providers in connection with the services they are providing on our behalf, which may include hosting, software as a service, delivery and logistics, electronic payments systems, IT support services, and marketing related services. If we disclose your data to our providers we will ensure it is protected under an appropriate contract and only used by our providers in connection with the services.
4. How long BRC Global Standards keeps your personal data
We will keep your personal data for as long as necessary in connection with the purpose for which we have obtained it (see Section 2) and in line with our internal retention policy.
5. Legal basis for processing
As the controller of your personal data, BRC Global Standards is responsible for complying with applicable data protection laws. When we collect, use and otherwise process your personal data (for the purposes described in Section 2) we do so based on the following legal grounds:
where you purchase products or services from us, we process your personal data on the legal basis that it is necessary for the performance of the contract for the sale of those products and services, including taking payment, delivery and related after sales activities
where we process your personal data for direct marketing, including profiling and analytics, we do so on the legal basis that you have either given us your consent (e.g. by ticking an opt in box) or it is in our legitimate interests to do so provided that our interests do not override your interests that require protection of your personal data
where we process your personal data for administration and management, we do so on the legal basis that it is in our legitimate interests to do so provided that our interests do not override your interests that require protection of your personal data
Where you have consented to the processing of your data, you may withdraw that consent at any time by contacting us – see Section 14.
6. Managing your marketing preferences
When we process your personal data for marketing purposes as described in Section 2 and Section 5 we may contact you by email, telephone, SMS and/or post (if you have provided us with your telephone number). You can unsubscribe from marketing communications at any time by:
contacting us using the details in Section 14
clicking on the unsubscribe link in any marketing message you receive from us
managing your marketing preferences via the preference centre accessible here – this will enable you to unsubscribe from all communications, or select the ones you would prefer to receive (including the means by which we may contact you).
Please note it can take up to 30 Days for your unsubscribe request to be implemented and for future communications to cease, in that time you may receive messages that have already been scheduled for sending.
7. Your privacy rights
Under EU data protection laws, you have the right to:
̶ access your personal data – you have the right to receive a copy of the personal data we hold about you. We may require the request to be in writing, accompanied by proof of identity (to ensure we only provide the data to the right person)
̶ withdraw your consent to direct marketing – you can exercise your right to withdraw consent to marketing at any time – please see Section 6 for details of how to do this
̶ rectification – if you think any of the personal data we hold about you is inaccurate, you can ask us to correct it. Simply contact us and include your name, address and/or email address to help us ensure we accept amendments only from the correct person
̶ restriction – in limited circumstances you may be able to require us to restrict our processing of your personal data. For example, if you consider the data we hold is inaccurate and we disagree with you, the processing of that data may be restricted until the accuracy has been verified
̶ erasure – where we have no lawful basis for holding onto your personal data, or you withdraw your consent to our use, then you may ask us to delete it
̶ portability – in limited circumstances you may be entitled to have the personal data you have provided to us sent electronically to you for you to provide to another organisation
̶ complain to the Information Commissioner’s Office – you have the right to lodge a complaint with the Information Commissioner’s Officer if you think our processing of your personal data infringes applicable law. You can find information on how to do this at www.ico.org.uk.
To exercise any of your rights, please contact us using the details set out in Section 14.
We take the security of personal data very seriously. We employ security technology, including firewalls and encryption to safeguard personal data and have procedures in place to ensure that our systems and databases are protected against unauthorised disclosure, use, loss and damage.
Personal data on our systems is only accessible by appropriately trained staff and approved third party service providers who need to access your personal data as part of their job. All access is tracked through individual login credentials and audit trails.
We only use third party service providers where we are satisfied that the security they provide for your personal data is at least as protective as the security we use ourselves.
9. Transfers of your data out of the EU
We may sometimes make transfers of personal data to countries outside the European Union, for example, to our group companies and/or third-party service providers (see Section 3) who may be located in countries such as the United States, Canada and India. If we transfer personal data out of the European Union, we will take appropriate measures to ensure that such data is protected in accordance with this Privacy Notice and applicable privacy laws.
10. How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies, including how to disable them, please go to AboutCookies.org.
11. Links to other websites
Please note, this website may contain links to other websites that are not controlled by us. These links are provided for your convenience. We are only responsible for our privacy practices and our security. We recommend you check the privacy policies for any other websites that you visit.
12. Changes to this Privacy Notice
Privacy laws and practice are constantly developing and we aim to meet industry standards. Our policies and procedures are, therefore, under regular review. We may, from time to time, update our security and privacy policies. We will ensure our website has our most up to date Privacy Notice and suggest check this page periodically to review our latest version.
13. Contact BRC Global Standards
For any queries or requests to exercise your privacy rights, please contact us at:
By email - TellUS@BRCGlobalStandards.com
By post BRC Global Standards Customer Service, 2nd floor, 7 Harp Lane, London, EC3R 6DP