Policy Statement
Business Matching UK (BMUK) is committed to protecting personal data and ensuring compliance with applicable privacy regulations, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy outlines how we collect, use, store, and safeguard personal information to ensure transparency, accountability, and trust in our data handling practices.
BMUK operates as a business-to-business and business-to-individual service, offering professional matching services, networking events, and optional support programmes. As part of our activities, we collect and process personal data provided by members, service users, and professional partners.
Policy Objectives
The objectives of this policy are:
- Ensure compliance with legal obligations related to data protection and privacy
- Protect the privacy of individuals and secure their personal data
- Maintain transparency in the collection, use, and processing of personal data
- Define roles and responsibilities for privacy management within the organisation
- Provide a framework for addressing data breaches, user rights, and data retention
- Explain the types of personal data we collect, how we collect and process your data, your rights regarding personal data, and the security measures in place to protect your information
Scope
This policy applies to all personal data processed by Business Matching UK, including data collected through websites, registration platforms, communications, events, and digital service tools. It covers all employees, contractors, members, and third-party processors who handle personal data on behalf of the organisation.
Roles and Responsibilities
| Senior Management: |
|
| Data Protection Officer (DPO): |
|
| IT Department: |
|
Definitions
| All Staff: |
All staff are those under full/part time or casual worker employment as well as any Sub-contractor that is undertaking works for or on behalf of the organisation that have signed up to this Policy. |
| Data Breach |
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. |
| Data Controller |
The person or organisation that determines the purposes and means of processing personal data. |
| Data Processor |
A third party that processes personal data on behalf of the data controller. |
| Data Protection Officer (DPO): |
The designated individual within the organisation responsible for overseeing data protection strategy and implementation, ensuring compliance with UK GDPR, and serving as the point of contact for data subjects and regulatory authorities. |
| Data Subject |
The individual whose personal data is collected and processed. |
| Cookies |
Small files stored on a user’s device that collect data about website usage and preferences. |
| Consent |
Freely given, specific, informed, and unambiguous indication of a data subject’s wishes by which they signify agreement to the processing of their personal data. |
| Employee (includes Volunteers): |
Any individual employed by the organisation on a full-time, part-time, or voluntary basis. |
| IT Department |
The designated team or personnel responsible for maintaining technical safeguards, system security, and monitoring IT infrastructure for vulnerabilities and threats. |
| IT Department |
The designated team or personnel responsible for maintaining technical safeguards, system security, and monitoring IT infrastructure for vulnerabilities and threats. |
| Personal Data |
Any information relating to an identified or identifiable individual, such as names, identification numbers, location data, or online identifiers. |
| Processing |
Any operation performed on personal data, whether automated or not, including collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, erasure, or destruction. |
| Senior Leadership: |
Leader in an organisation who holds a position of authority and responsibility for strategic planning, decision-making, and overall management of a specific department or the entire organisation. |
| Sensitive Data |
Special categories of personal data including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health information, or data concerning a person’s sex life or sexual orientation. |
Data We Collect
We may collect the following types of personal data depending on your interaction with BMUK:
- Identity Information: Name, title, and date of birth
- Contact Information: Email address, phone number, and postal address
- Professional Information: Sector, business focus, services sought or offered
- Service Usage Data: Membership tier, event attendance history, session notes, and progress tracking data for clients receiving support
- Technical Data: IP address, browser type, and operating system, and device information
- Usage Data: Information on how you use our website or services
- Marketing Preferences: Opt-in/out status for communications
- Visual Media: Optional headshots or event participation images (with consent)
- Special Category Data: Occasionally collected as part of support programmes (e.g. health/disability info), with explicit consent
How We Collect Your Data
We collect your data through:
- Direct Interactions: When you register as a member, attend events, fill in forms, submit applications, participate in support sessions, or contact us via email or website
- Automated Technologies: Via cookies and analytics tools when you use our website
- Third Parties: From referral partners or service platforms (e.g. coaching session bookings, event registration services, or digital collaboration tools like MS Teams and Monday.com)
Purpose of Data Processing
Your data may be used for:
- Providing and improving our services
- Processing transactions or fulfilling contractual obligations
- Sending promotional or informational communications (with your consent)
- Ensuring website functionality and security
- Complying with legal obligations or resolving disputes
Data Sharing
We may share your personal data with:
- Trusted service providers who assist with event management, digital collaboration tools, cloud data storage, payment processing, and coaching delivery (e.g. iCloud, MS Teams, Monday.com)
- Referral partners or sponsoring organisations where service is delivered under contract (only where necessary and lawful)
- Regulatory authorities or legal bodies, if required by law or safeguarding protocols
- Other members, but only with your explicit consent (e.g. contact introduction via matching service)
Data Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. This includes:
- Role-based access controls
- Secure cloud storage systems
- Use of encryption and password protection
- Regular audits and data minimisation practices
- Staff training and clear data handling protocols
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, comply with legal obligations, or resolve disputes. Specific retention periods depend on the type of data and processing requirements.
Data Type |
Retention Period |
Member contact details |
Retained for the duration of the membership and up to 6 years after termination for legal or auditing purposes. |
Marketing consent records |
Retained for up to 2 years from the date of the last update or consent renewal. |
Event registration data |
Retained for 1 year following the event for reporting and feedback purposes. |
Cookie and analytics data |
Retained for up to 26 months in accordance with analytics platform configuration. |
Subject access request records |
Retained for 2 years following closure of the request, for record-keeping and dispute resolution. |
Payment and invoicing records |
Retained for up to 6 years after the end of the financial year in which the transaction occurred, for tax and accounting compliance. |
Internal communications |
Retained for up to 2 years for internal reference, auditing, or dispute management. |
Recruitment records (unsuccessful) |
Retained for up to 6 months after the recruitment process concludes. |
Supplier/vendor contact details |
Retained for the duration of the supplier relationship and up to 6 years after contract termination for legal or contractual reference. |
Retention periods may vary depending on specific legal requirements or operational needs. Personal data that is no longer required will be securely deleted or anonymised.
Your Rights
You have the following rights regarding your personal data:
- Right to Access: Request a copy of the data we hold about you
- Right to Rectification: Request corrections to inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data, subject to legal exceptions
- Right to Restrict Processing: Request limits on how we process your data
- Right to Data Portability: Request transfer of your data to another organisation
- Right to Object: Object to processing based on legitimate interests or for marketing purposes
To exercise your rights, please contact us using the details provided below.
Cookies
Our website uses cookies to improve user experience and analyse website traffic. Cookies collect information about browsing habits and help us deliver a better service. For more information, please refer to our Cookie Policy.
Contact Information
For questions, concerns, or to exercise your rights, contact us:
DPO: Carol Ann Pugh
Email: [email protected]
Website Contact Form: https://business-matching.co.uk/contact.
Communication of the Policy
This policy will be communicated to all employees during induction and made available to stakeholders as required. Updates or critical alerts related to this policy will be shared via official communication channels such as emails, internal notices, or company bulletins.
Review and Update
This policy will be reviewed annually or following significant changes in operational activities or legislative requirements. Updates will be documented and communicated to all relevant stakeholders.