Privacy Notice

  1. Who we are 
    1. This privacy notice is provided by Bistech plc. It explains what personal information we collect about you, how and why we collect, store, use and share your personal information, your rights in relation to your personal information, and how to contact us or make a complaint. By ‘personal information’, we mean information that relates to you as an individual and tells us something about you.  
    2. Your personal information is processed primarily by Bistech plc but it may also be shared with and processed by our group companies, Bistech Group plc, Bistech Property Services Ltd, and Bistech Managed Services Ltd. References to ‘we’, ‘us’, and ‘our’ in this privacy notice may refer to any company within the Bistech group.
  2. Data protection basics  
    1. This privacy notice applies to our processing of personal data relating to individuals located in the UK and elsewhere.
    2. When we process the personal data of these individuals, we are regulated under UK (and sometimes EU) data protection laws, and we are responsible as ‘controller’ of that personal data for any processing undertaken by us, our staff or other organisations that process your personal data on our instructions for the purposes of those laws.
    3. The personal data we collect, and the use we make of it, varies depending on our relationship with you. For that reason, this privacy notice distinguishes between our customers, suppliers, job applicants, and website users. Please be sure to read the sections of the privacy notice that relate to you.
    4. Under data protection law, we can only use your personal data if we have a permitted legal basis for doing so, for example:
      • Where you have given consent
      • For the performance of our contract with you or to take steps at your request before entering into a contract
      • To comply with our legal and regulatory obligations
      • For our legitimate interests or those of a third party
      • A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights.
      • We explain in section 4 below our legal basis for using your personal data.
  3. Personal data we collect about you
    The personal information we collect about you depends on who you are and will generally be provided by you, your employer, or through your use of our systems. If you are a job applicant, we may also collect your personal data from previous employers or other referees. We may also collect information about our customer or suppliers’ employees, job applicants, and individuals that we market to through publicly available sources, such as LinkedIn and Companies House.The information we collect may include:

    • For customers/customer staff
      • Your title, name, and work contact details (telephone number and email address)
      • Your current employer and job title and previous employers and job titles
      • Your position, date of birth, and contact address if you are a shareholder or officer
      • Your home address where this is provided for a site visit
      • Your login details for our customer portal
      • Any feedback you provide via our feedback forms
      • Your image in photographic/video form for case studies or where you visit our office
      • Details of your use of our systems including the customer portal, our customer service telephone line, email address, live chat service, and engagement with our newsletter
      • Your bank details and payment information where this is used to pay for our services
    • For suppliers/supplier staff
      • Your title, name, and work contact details (telephone number and email address)
      • Your employer and job title
      • Your image in video form where you attend our business review meetings or where you visit our office
      • Your bank details and payment information where this is used to pay for your services
      • Details of your criminal record where this is provided by your employer
    • For job applicants
      • Your title, name, and contact details (telephone number, address and email address)
      • Your qualifications, employment history, National Insurance number, and other information contained in your curriculum vitae and cover letter
      • Whether you have access to your own transport, hold a full UK driving licence, and have any driving endorsements
      • Whether you have any unspent criminal convictions
      • Any disabilities which may require us to make reasonable adjustments to either the interview process or the location of the interview
      • References
      • Other personal information provided by you
      • Your image in video form where you visit our office
      • Successful applicants will be subject to a DBS check
    • For website users
      • Information about how you use our website (from cookies)
      • Information contained in enquiries submitted to us via our website
    • For referees
      • Your title, name, and contact details (telephone number and email address)
      • Your employer and job title
      • The reference you provide
  4. How and why we use your personal information
    The table below explains what we use your personal information for and our legal basis for doing so:

    What we use your personal data for  Our legal basis 
    To contact and communicate with you 

    To provide you and others with our services 

    		 For the performance of our contract with you or to take steps at your request before entering into a contract 

    For our legitimate interests or those of a third party 
    To manage your account with us 

    To collect payments 

    To make payments to you or your employer for the provision of goods and services to us 

    To assess your suitability for a job and to contact you in relation to that job 

    		 For the performance of our contract with you or to take steps at your request before entering into a contract 
    To improve our services 

    To protect the physical security of our office 

    For operational reasons, such as maintaining and improving efficiency and training, management of our business, physical and information security, and maintenance of internal records 

    To contact you regarding our services 

    		 For our legitimate interests or those of a third party 
    To provide information required by or relating to audits, enquiries or investigations, or requested by law enforcement or regulatory bodies  To comply with our legal and regulatory obligations 
    To obtain or maintain quality checks, for example, ISO certification and the audit of our accounts  

    To protect the security of systems and data used to provide our services 

    To enforce legal rights or defend or undertake legal proceedings  

    		 To comply with our legal and regulatory obligations 

    For our legitimate interests or those of a third party 
    To market our services  For our legitimate interests and those of a third party 
  5. How and why we use your personal information – special category and criminal records information
    The table below explains what we use your special category and criminal records information for and our legal basis and condition for doing so:

    What we use your criminal records information for  Our legal basis and condition 
    To assess your suitability for a job  

    To protect the physical security of our office 

    		 For our legitimate interests or those of a third party 

    For the prevention and detection of unlawful acts 
  6. Who we share your personal information with
    We routinely share personal data with:

    • Third parties we use to help deliver our services to you including external engineers and equipment providers
    • Our service providers, including cloud-based storage providers, software providers, telecoms providers, payment service providers, our bank, marketing agencies, and website hosts
    • Our advisers including accountants, auditors, and lawyers
    • Where appropriate, with employment agencies, previous employers, educational establishments and referees
    • Your employer where you are employed by one of our customers or suppliers
    • Law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations
    • Potential buyers of some or all of our business during a restructuring. Usually, information will be anonymised, but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations
    • Any third parties to whom we assign or transfer our business
  7. Whether personal information has to be provided by you, and if so why
    1. If you are a customer or an employee of a customer, the provision of your personal information is necessary primarily to enable us to provide you or your employer with our services. We do not require you or your employer to provide us with your personal information but if you or they choose not to, it may have an impact on our ability to provide you or them with our services in part or at all.
    2. If you or your employer are a supplier, we need your personal information to contract with you or your employer for the supply of products or services and to facilitate payments between us. We cannot contract with you without that information.
    3. If you are applying for a job with us, we need your personal information to consider your job application. Without it, we cannot consider hiring you.
  8. How long we keep your personal information for
    1. We keep your personal data for no longer than necessary for the purposes for which it was collected.
    2. Generally, this will be seven years after the end of our relationship with you unless we are required by law to adopt a longer retention period (for example, we will retain billing information for 10 years) or we need the information for longer to respond to any question, complaints, or claims made by you or us.
    3. If you are a job applicant:
      • We will keep your personal information for a maximum of two years from the date when you first contact us in relation to a job.
      • If you are accepted for a job, your personal information will be kept in accordance with our privacy notice for staff.
      • If we process your personal information to send you marketing communications, we will keep it for as long as you are happy to hear from us or for as long as you are an employee of the company we are marketing to. If you object to receiving marketing communications from us, we will stop contacting you.
      • Where it is no longer necessary to retain your personal information, we will anonymise it or securely delete it.
  9. Transferring your personal data outside the UK
    1. To deliver our services to you, it is sometimes necessary for us to share your personal information outside the UK.
    2. To comply with UK data protection law, we will only make these transfers:
      • Where the UK government has decided the recipient country ensures an adequate level of protection for personal data (known as an ‘adequacy regulation’)
      • Where the recipient individual or organisation has entered into a contract containing terms approved by the EU/UK in which they agree to protect your privacy rights (known as the ‘International Data Transfer Agreement’)
      • Where this is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request
      • Where this is necessary for the performance of a contract entered into by us and a third party in your interests
      • With your explicit consent
  10. Your rights
    You have the following rights, which you can exercise free of charge:

    Access  The right to be provided with a copy of your personal information 
    Rectification  The right to require us to correct any mistakes in your personal information 
    To be forgotten  The right to require us to delete your personal information in certain situations 
    Restriction of processing  The right to require us to restrict processing of your personal information in certain circumstances, for example if you contest the accuracy of the data 
    Data portability  The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations 
    To object  The right to object: 

    • at any time to your personal information being processed for direct marketing (including profiling) 
    • in certain other situations to our continued processing of your personal information, for example processing carried out for the purpose of our legitimate interests 
    Not to be subject to automated individual decision making  The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you 
    The right to withdraw consents  If you have provided us with consent to use your personal information you have a right to withdraw that consent easily at any time 

    If you wish to withdraw your consent, please contact us (see How to contact us below)  

    Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn 

     

    For more information on each of those rights, including the circumstances in which they apply, please contact us (see How to contact us below) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.

    If you would like to exercise any of those rights, please:

    • email or call us, see How to contact us below
    • let us have enough information to identify you
    • tell us what right you want to exercise and the information to which your request relates
  11. Keeping your personal data secure
    We have robust security measures in place across all group company’s IT systems to protect your personal information from being accidentally lost, or used or accessed unlawfully. These include encryption protocols, access control policies, regular security audits, physical security measures, and staff training. Our staff are all also subject to a duty of confidentiality. We continually test our systems and are certified compliant with ISO 27001 Information Security Management and Cyber Essentials Plus, which are underpinned by our existing certifications to ISO 9001 Quality Management and ISO 2000 IT Service Management.
  12. How to complain
    We hope that we can resolve any query or concern you may raise about our use of your information. See How to contact us below. The UK GDPR gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113. If you live or work in the EU or EEA, you can also complain to your local supervisory authority.
  13. Changes to this privacy notice
    We may change this privacy notice from time to time so please check it periodically.
  14. How to contact us
    Please contact us by email or telephone if you have any questions about this privacy notice or the information we hold about you, to exercise a right under data protection law or to make a complaint.Our contact details are shown below: