1 – This notice is intended to inform you about the information that we hold in relation to you, why we hold it, for how long and your rights in respect of the information that we hold. Changes in data protection laws in 2018 will mean that you will have the right to ask us what information we hold, and you will also have the right in certain circumstances to ask us to delete information or to anonymise any papers that we hold on your files. The law regarding this is contained in Regulation (EU) 2016/679 of The European Parliament and of The Council. The regulations are known as the EU General Data Protection Regulation (GDPR).

2 – The responsible entity: BADU and its officers are responsible to you for the privacy of your data and the safe and proper handling of it.

3 – Compliance: Any clients, customers or suppliers are Data Controllers under GDPR and BADU is the Data Processor. Both Data Controllers and Data Processors are obliged to comply with the GDPR and we rely on your attention and observance where required.

4 – Employees: BADU ensures that all of its employees are aware of the confidential nature of Personal Data, have adequate training in relation to the data protection legislation and that they are bound by relevant obligations and restrictions when processing Personal Data.

5 – Any use that we make of your data must be fair and lawful. We will hold all confidential and personally identifiable information and data concerning our clients, customers, suppliers and partners securely and in confidence using appropriate technical and organisational measures.

6 – We will only use your data for the purposes for which it was provided under the applicable terms of business and to comply with any statutory requirements upon us.

7 – Except as set out in paragraphs 8 and 14 below, your information and data will NEVER be passed on to another organisation under any circumstances.

8 – When required we may provide relevant data to other parties such as to our accountants for the purposes of providing our accounting services to us and to enable us to comply with any audit requirements generally. All such parties have stringent data processing obligations and they are not authorised to use your data other than for the purposes of the reference/accounts/audit as above mentioned.

9 – On occasion, we may use your data to contact you to find out if you have been satisfied with the work carried out on your behalf or to let you know of any events or offers that we may wish you to be aware of. Please notify us if you do not wish to be contacted in this way.

10 – We may on occasion place marketing materials on our website or Social Media sites. If you do not wish us to place anything incorporating your photograph (e.g. as part of a group photo at an event) please let us know. We will always respect your wishes.

11 – SAR Requests: We will handle subject access requests (SAR) promptly, however when we consider SAR’s to be manifestly unfounded, excessive or adversely affect the rights and freedoms of others, we will refuse the request.

12 – Article 28: If an audit or inspection is required to evidence that BADU is meeting its obligations under Article 28, BADU will assist appropriately but will inform the Client if it is asked to do something infringing the GDPR or the other UK, EU or member state data protection law.

13 – ICO: BADU proposes to co-operate with supervisory authorities (such as the ICO) in accordance with Article 31.

14 – Sub-contractors: The Client has been informed that BADU may transfer data to a sub-processor or data controller to fulfil some, or all, of the contract. In these cases, BADU will put in place a contract with the processor to adequately protect personal data. The Client consents to this processing.

15 – Data breach: In the event of any personal data breach we will notify our Clients in accordance with Article 33.

16 – Client Instructions: The Client acknowledges that BADU is reliant on the Client for direction as to the extent to which it is entitled to use and process Personal Data. No liability is accepted by BADU for any claim arising from any act or omission by it, to the extent that such act or omission resulted directly from the Clients instructions.

17 – Consent and revocation: After reading this notice you are asked to indicate your consent to us continuing to hold your data in the manner and for the purposes above mentioned. Subject as set out below, you are entitled to revoke your consent at any time and if so we will keep a record of when you asked us to cease processing your data and we will advise you of what continues to be held by us and when we are legally able to delete it.

18 – If you revoke your consent it may affect the relationship between us and we will not be liable for any consequential issues arising. In certain circumstances, we may be obliged to cease to supply goods or services.

19 – We are legally obliged to hold your information and our files in relation to work carried out for you for up to [6 years] in most cases. You cannot ask us to erase this information.

20 – Contact Us: If you wish to contact us about the use being made of your data, you should send any communication to the BADU team; the electronic email address is [email protected]