Privacy Policy

The British Antique Dealers’ Association
Privacy Notice

The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.  

We will keep this page updated to show you all the things we do with your personal data. 

We will never sell your personal data and will only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured. 

Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘BADA’, it refers to The British Antique Dealers’ Association (Reg. Co. number 491364).

1.    This policy applies to:  

Existing BADA members

As part of the membership process we collected various types of information about you such as your name, business details, publicly available address, your specialism and business hours. Following an application, we carry out a full review of a potential members’ business practice. Following a successful application, we collect personal data relating such as your home address, personal telephone numbers and email addresses

This information is maintained as part of our operations as a membership organisation, for example: to send communications that are essential to fulfil our promises to you as a member.
This information is kept on the lawful basis of legitimate interest.

Prospective BADA members

As part of the membership process we collect various types of information about prospective members such as your name, business details, publicly available address, your specialism and business hours. As part of the process of prospecting members, we carry out a full review of a potential members’ business practices.

This information is maintained as part of our operations as a membership organisation, for example: to process applications for membership

This information is kept on the lawful basis of legitimate interest.

Visitors to our website

We use specific tools to profile how you interact with us online, for example Google Analytics. All of the information we collect is aggregated.

We may send a small file to your computer when you visit our website, this file stores your session identifier. This will enable us to identify your computer and to allow our systems to tailor their response to your requests.

Save for the use of cookies, we do not automatically log data or collect data save for information you specifically provide to us. You can set your computer browser to reject cookies, but this may preclude your use of certain parts of this website.

We use Google Analytics to help analyse use of our website. This analytical tool uses 'cookies', which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for this website. To find out more about cookies, including how to control and delete them, visit www.allaboutcookies.org, or to opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout

We will not (and will not allow any third party) to use the statistical analytics tool to track or to collect any personally identifiable information of visitors to our site. We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google statistical analytics tool. Google will not associate your IP address with any other data held by Google. Neither ourselves nor Google will link, or seek to link, an IP address with the identity of a computer user.

No lawful basis is required, as information is aggregated and does not constitute personal data.

People who use our services

If you make use of services offered by BADA such as our Customs Assessment or Arbitration services we will collect personal data such as your name, business details, public and private addresses, telephone numbers and email addresses. We will also collect information relating to the items which you are having assessed.

This information is maintained as part of our operations as a membership organisation, for example: to keep important records on the provenance of an item.

This information is kept on the lawful basis of legitimate interest.

Attendees to BADA Events

We process customer data to fulfil event bookings. Your data will be used to communicate with you throughout the process, including to confirm we’ve received your order and payment, to confirm dispatch, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your order or booking. We may also hold dietary information for event catering.

This information is maintained as part of our operations as a membership organisation, for example: to allow us to successfully hold events that benefit our members and the wider trade.

This information is kept on the lawful basis of legitimate interest.

People who purchase BADA products

We process customer data to fulfil our retail activities. Your data will be used to communicate with you throughout the process, including to confirm we’ve received your order and payment, to confirm dispatch, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your order or booking.

This information is maintained as part of our operations as a membership organisation, for example: to fulfil purchases of products that we offer for sale to our members and the general public.

People who make enquiries to BADA

If you make an enquiry by telephone, email or by writing to BADA we collect personal data relating to your enquiry. This can include name, personal address, telephone numbers and email addresses.

This information is used for the sole purpose of carrying out your enquiry.

This information is kept on the lawful basis of contract.

BADA Employees

To comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.  

Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it is processed is given below.

Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.

Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number. 

Sensitive personal data
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. 

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.

(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

(c) Data about an employee’s criminal convictions will be held as necessary.

Disclosure of personal data to other bodies
To carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier. 

To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

To fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.

This information is kept on the lawful basis of contract.

2.    Retention Policy

We will only keep the information for as long as we need to use it, for the purposes it was given to us and for our business needs in line with our retention policy (a copy is available on request), or as required by law or regulation.

3.    Updating your data and marketing preferences

We want you to remain in control of your personal data. If, at any time, you want to update or delete your personal data please contact us in one of the following ways: 

Website
If you are a BADA member you can amend your details by logging into the member area on www.bada.org

Email
Email: info@bada.org

Call
+44 (0)20-7589 4128. Open 9.30am - 5.00pm weekdays
 
Write
The British Antique Dealers’ Association, 21 John Street, London WC1N 2BF

4.    Subject access rights

If you would like further information on your rights or wish to exercise them, please write to us at The British Antique Dealers’ Association, 21 John Street, London WC1N 2BF or email info@bada.org.
You will be asked to provide the following details:

The personal information you wish to access;
Where it is likely to be held;
The date range of the information you wish to access
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.

Once we have all the information necessary to respond to your request we will provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex. 

What to do if you are not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.

5.   Links to other websites

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we don’t accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. This privacy policy applies solely to the personal data collected by The British Antique Dealers’ Association.

6.    Securing your data

Information system and data security is imperative to us to ensure that we are keeping our customers, members, volunteers, employees and contractors safe.

We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever-changing threat landscape. 

Our staff complete mandatory information security and data protection training on employment and annually thereafter to reinforce responsibilities and requirements set out in our information security policies.

When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure

7.    Disclosing and sharing information

When we allow third parties acting on behalf of The British Antique Dealers’ Association
to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information for other organisations to use.

Personal data collected and processed by us may be shared with the following groups where necessary:

The British Antique Dealers’ Association employees 
BADA Ltd
BADA Friends
Third party cloud hosting and IT infrastructure providers who host the CRM / website and provide IT support in respect of the website;

Also, under strictly controlled conditions:

Contractors
Service Providers providing services to us
Advisors
Agents

We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of The British Antique Dealers’ Association, our members, supporters and visitors. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

8.    Storage of information

The British Antique Dealers’ Association operations are based in the UK and we store most of our data within the European Union (EU). Some organisations which provide services to us may transfer data outside the European Economic Area, but we will only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA. However, we only allow this when we are certain it will be adequately protected. (e.g. US Privacy Shield or Standard EU contractual clauses).  

9.    Payment card Security

The British Antique Dealers’ Association has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. All card transactions are carried out manually and merchant copy receipts are stored securely.

10.    CCTV

Some of our events have Closed Circuit Television (CCTV) and you may be recorded when you visit them.

CCTV is used to provide security and protect both our members and visitors and The British Antique Dealers’ Association. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for a set period after which it is recorded over.  The British Antique Dealers’ Association complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices, so you know when CCTV is used. 

11.    Changes to this privacy policy

We’ll amend this privacy policy from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website. 

This privacy policy was last updated on 23rd May 2018.