Data Protection Policy

Data Protection Policy

The British Copyright Council (“BCC”) is committed to the lawful and correct treatment of
personal data. Accordingly, we fully endorse and adhere to the principles of data protection, as
set out in General Data Protection Regulation 2016 (“GDPR”) and other relevant privacy
legislation.
Specifically, personal information shall be:
(a) processed lawfully, fairly and in a transparent manner,
(b) collected for specified, explicit and legitimate purposes,
(c) adequate, relevant and limited to what is necessary,
(d) accurate and where necessary kept up to date,
(e) kept in a form which permits identification of data subjects for no longer than is necessary for
the purposes for which those data are processed, and
(f) processed in a manner that ensures appropriate security of the personal data.
This policy applies to all personal information collected and/or processed by the BCC. Our
personnel, including directors and contractors, who have access to personal data agree to
handle that data in full accordance with the principles set out in this policy and in line with data
protection laws.
Personal information we may collect from you
The BCC collects and uses personal data primarily to conduct dealings with its members,
professional stakeholders, independent contractors, suppliers and, on occasion, with the general
public. The type of personal data we collect includes: names and contact details of members and
those who support or are interested in our work; financial information relating to contractors and
suppliers (eg bank account details); details of participants in BCC courses and events;
biographical information about speakers at our events and information that is submitted to us by
members of the public.
How we use personal information
The BCC uses personal information you submit in the following ways:
• to administer membership and the general business of the BCC
• to correspond (by email, phone, text or post) with our members, eg to provide or
exchange information;
• to liaise with professional stakeholders, such as academics, policy experts, peer
organisations and legislative bodies;
• to fulfil our obligations arising from any contracts between the BCC and contractors or
suppliers;
• to deal with enquiries and requests from members of the public;
• to organise events
• to maintain information as a reference tool or general resource;
• to produce anonymised data for research and strategic development purposes
We will only use personal data for the reason it was originally collected and in ways you would
expect. We never sell any personal data nor do we share it with third parties unless we have your
prior permission or are required by law to do so. We will not retain personal data longer than
necessary for the purpose for which it was collected, except where a retention period is required
by law.
Storage of personal data
Personal data contained in electronic files is stored and transmitted securely using highgrade
encryption designed to ensure that no outside sources can read the data contained within
the files. All file transfers through the system are likewise encrypted.
People who email us
Where enquiries are submitted to us from members of the public, we will only use the information
supplied to us to deal with the enquiry. We will keep personal information contained in such
emails and letters in line with our retention policy. This means that information relating to an
enquiry will be held for only as long as necessary to deal with the enquiry and in any event longer
than one year; such information will be retained in a secure environment and not shared with
third parties without the sender’s permission. We occasionally compile statistics for internal BCC
purposes on the number and type of contacts we receive, but not in a form that identifies anyone
personally or contains details of the enquiry beyond the general subject matter.
If you are aged 16 or under, please get your parent/guardian’s permission before you send us
any personal information, otherwise we cannot accept such information and will take steps to
remove it from our records.
Legal basis for processing data
Under the GDPR, there are a number of legal grounds on which personal data can be used, or
“processed”. One of these is called “legitimate interests”, and this is the basis on which BCC
processes most personal data. An exception is where the legal basis is the fulfilment of a
contract or where a particular use of personal information expressly relies on consent (eg, the
distribution of our weekly e-newsletter, see below).
Legitimate interests:
The British Copyright Council is a membership organisation founded to protect and promote the
principles of copyright and to encourage a greater understanding of copyright in the UK and
around the world. We do this by monitoring changes in law, social practices and technology that
may affect copyright and related rights, consulting with our members and working closely with the
British Government and international groups on current issues and policies.
When you provide personal information to us, we use it to support the objectives described
above and to manage the affairs of the BCC. We believe this processing is in our legitimate
interests and is necessary (a) for the administration of the BCC and its membership; and/or (b) to
fulfil our function as a consultative body; and/or (c) to manage our relationships with other
organisations and individuals.
We also believe that members, as well as others whom we consult and those who consult us,
have a legitimate interest in the processing of their personal data as described above, because it
supports their membership and/or adds value to their own organisation, work or activities.
Where we use your personal data for the BCC’s legitimate interests, we will carefully consider
any potential impact such use may have on your own interests, rights and freedoms. If we
believe your interests override our legitimate interests then we won’t use your personal data on
this basis and may seek your specific consent. You are likewise entitled to ask us to stop
processing your personal data if you believe that doing so negatively impacts your own interests
or that our legitimate interests are not valid.
E-Newsletter
We use a third-party provider, Mail Chimp, to deliver the BCC’s weekly newsletter. Our legal
basis for this communication is based on consent and recipients are provided at all times with the
opportunity to opt-out. The MailChimp platform enables us to view statistics around Newsletter
opening and clicks using industry standard technologies. We view this information to help us
monitor and improve the service but do not store it in a way that identifies users personally. For
more information, please see MailChimp’s privacy policy here.
BCC website
The BCC’s privacy policy in respect of visitors to its website is set out separately and is publicly
available on the website. A copy is provided here at Annex 1.
Individuals applying for/participating in the annual WIPO-BCC advanced training course
on copyright and related rights
The British Copyright Council may collect and/or process personal data from applications for the
annual WIPO-BCC Advanced Training Course on Copyright and Related Rights, as jointly
organised with the Academy of the World Intellectual Property Organisation. All personal
information held by the BCC will be stored and transmitted securely using high-grade encryption
and will be used only in connection with the application process and the ongoing administration
and management of the training course. It will not be shared with third parties, beyond those
organisations involved in arranging the course and, where relevant, in connection with assisting
candidates with visa applications. Personal information will be retained no longer than necessary
for the purpose for which it was collected, except where we seek consent to retain contact details
for the purpose of continued communication with course participants. Individuals who consent to
remain on the BCC database after the course has ended will have the opportunity to opt-out at
any time.
Where we publish personal information about training course participants on our website and/or
in printed material, we do so on the basis of the individual’s prior consent.
The WIPO Academy has its own privacy policy which can be read here.
Data Breaches
In the event of any breach of BCC systems affecting the security of an individual’s personal data,
we undertake to inform the individual(s) concerned at the earliest opportunity, explaining the
nature of the breach and the actions being taken to remedy the situation in line with BCC
procedures and the law.
Access to personal information
Individuals can find out if we hold any personal information by making a “subject access request”
under the General Data Protection Regulation. An administration fee of £15 will be payable. To
make a request to the BCC for any personal information we may hold about you, please write to:
The Data Controller
British Copyright Council
2 Pancras Square
London N1C 4AG
Or email [email protected] with “subject access request” in the subject field.
Your rights
Under the General Data Protection Regulation 2016, you have rights as an individual which you
can exercise in relation to the information we hold about you. You can read more about these
rights on the website of the Information Commissioner’s Office here.
Changes to this Data Protection Policy
The BCC keeps its Data Protection Policy under regular review. It was last updated on 24 May
2018
Annex 1
British Copyright Council — Website Privacy Policy
This privacy policy applies between users of the British Copyright Council (BCC) website and the
BCC, which owns and provides the website. It does not extend to any other website that can be
accessed from the BCC website. For the purposes of the General Data Protection Regulation
(GDPR), the data controller is the British Copyright Council.
Cookies
A cookie is a small file that is placed on your computer’s hard drive when you visit a website. There
are different types of cookies, for example some collect behavioural information to understand how
visitors are using the site and to remember someone has visited the site before.
The BCC website uses only one type of cookie, which is necessary strictly for your smooth interaction
with the site, e.g. to ensure pages load quickly and effectively. This cookie does not collect
behavioural information or capture any personal details about you, and it expires at the end of your
session.
Most web browsers automatically accept cookies but you can usually modify your browser settings to
decline cookies if you prefer. In the case of the BCC website, refusing the cookie may mean some or
all parts of the site do not operate efficiently.
A number of websites provide detailed information on cookies, such as AboutCookies.org and
AllAboutCookies.org.
Links to other websites
We provide links to other websites only for your convenience in finding further information. We do not
control these websites and are not responsible for their content or their privacy policies.
Changes to this privacy policy
The British Copyright Council reserves the right to change this policy from time to time as deemed
necessary or to comply with the law. Any changes will be posted on the website.
If you have any questions about this policy, please contact the British Copyright Council secretariat at
[email protected] or telephone +44 (0)20 3290 1444.
Further information regarding the GDPR can be found on the website of the Information
Commissioner’s Office at http://www.ico.gov.uk/.