Everyone has rights regarding how their personal data is processed. As part of its activities, BCA will collect, store, and process personal information about its customers, suppliers, and other third parties. BCA recognizes that the correct and lawful processing of this data will maintain trust in the organization and enable it to successfully conduct its business operations.
This policy defines the basis on which BCA processes any personal information that you collect from us, or that you provide to us. Please read the following clauses carefully to understand our practices and positions regarding your personal data and how we process it.
Any reference to "we" or "our" in this document constitutes a reference to the relevant BCA Group company responsible for processing your data. For this website www.bca.com, SPLA, SA acts as the data controller and entity responsible for this website.
We have appointed a Data Protection Officer (DPO) and the email address of the DPO's office is DPO-Office@bca.com .
The DPO's office can also be contacted by post (sent to the attention of the DPO), by sending a letter to BCA, Form 2, 18 Bartley Wood Business Park, Bartley Way, Hook - Hampshire, RG27 9XA, United Kingdom
DATA PROTECTION PRINCIPLES
When processing user information, BCA is required to comply with six legal principles of good practice. These principles require that your personal information be:
Treated in a legitimate, fair and transparent manner,
Treated for specified, explicit and lawful purposes,
Adequate, relevant and limited to needs,
Accurate and up to date,
Kept only for as long as necessary, and
Handled in a manner that ensures appropriate security.
INFORMATION PROVIDED BY THE USER TO BCA
BCA may collect, use, store and transfer different types of personal information about you, including:
Identification Data , such as your name, marital status, position, date of birth, gender,
Contact Details , such as your home address, email address and telephone numbers,
Financial Data , such as bank account details,
Documentary Data , such as your vehicle registration document, and copies of your driver's license, passport, utility bill, and other documents proving your identity,
Transaction Data , including details of payments made and received by you, and other details of products and services you purchase from BCA,
Company Data , including the name of the organization you represent, and the Contact Data, Financial Data and Transaction Data of that organization,
User: role; ssid (key customer account id); username; email , including IP addresses, MAC addresses or other device name/identifier, user login data (including usernames and identification number), browser type and version, time zone settings and location, browser add-on types and versions, operating system and platform, and other technology on the devices you use to access the BCA website and network information related to security logs or alerts (such as malicious files, network fragments, process details, domain name and network connections),
Profile Data , such as your username, password, purchases and orders made by you, your interests, preferences, feedback and survey responses,
Usage Data , including information about how you use the BCA website and App, products and services, and
Marketing Data , such as your preferences in receiving marketing information from BCA and its third parties, and your communication preferences.
For the app technical Data including
Device identifiers (IDFA/GAID, device:- ID)
IP address (for geolocation)
Device type, OS, app version, time zone, and locale (Language/region of the device)
Network type and performance metrics
App usage events (screens viewed, feature interactions, session length)
"SPECIAL CATEGORIES" OF DATA
"Special categories" of data include the user's racial or ethnic origin, political, religious or philosophical views, membership of workers' unions, health information, criminal record, sexual orientation or sex life, or certain types of genetic or biometric data.
BCA does not plan to collect any "special category" data about you during your interactions with us.
HOW WE COLLECT YOUR PERSONAL INFORMATION
BCA may obtain personal information in its direct interactions with the user, such as:
creating an account on our website or app,
entering into a product or service agreement with BCA,
subscription to our services or publications, or request that we send marketing material to you, or
communications exchanged with BCA via telephone, email, letter or otherwise.
BCA may obtain personal information through automated technology when the user interacts with the BCA website and app, using connection witnesses (cookies), server logs and other similar technologies.
BCA may also collect personal information about you from third parties or publicly available sources, such as:
public entities and regulatory authorities,
analytics service providers (such as Google),
advertising networks,
information research service providers, and
technical, payment and delivery service providers.
LAWFULNESS OF BCA'S USE OF USER'S PERSONAL INFORMATION
BCA will only use your personal information if permitted by law. In most cases, we use your personal information in the following circumstances:
With the consent given by the user,
The need to comply with a contract that BCA will enter into, or has already entered into, with the user,
Where it is necessary for BCA’s legitimate interests (or the interests of a third party), and the interests and rights of the user do not override those interests, or
When BCA is required to comply with a legal or regulatory obligation.
The specific purposes for which BCA will use the user's personal information, and applicable lawfulness, are as follows:
Purposes for which we will use the information provided by the user
Lawfulness
Whenever you act as a representative of an organization, to register that organization as a new customer
This will be necessary for our legitimate business interests, in particular in order to provide services and products to your organization.
Where you act as a representative of an organization, to process your instructions and, if accepted, to provide services and products to your organization (including managing payments, fees and charges)
To obtain more information about you and/or your organization
This will be necessary for our legitimate business interests, in particular to ensure that BCA is fully aware of all matters relating to the products and services we supply and provide.
Monitor the endpoints of all public interfaces to our systems and networks to detect, investigate, and proactively respond to potential threats.
It will be necessary for our legitimate business interests, in particular to optimize the security of our assets, systems and networks
We will only use your personal information for the purpose(s) for which it was collected, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we have to use your personal information for a different purpose, we will communicate this intention to the customer, explaining the lawfulness that allows us to do so.
BCA may process the user's personal information without the user's knowledge or consent, in accordance with the rules above, whenever permitted or required by law.
IF THE USER IS UNABLE OR DOES NOT WISH TO PROVIDE HIS/HER PERSONAL INFORMATION TO BCA
Without your personal information, BCA cannot register you or your organization (as applicable) as a new customer. This means that BCA will not be able to provide you or your organization with any products or services.
DISCLOSURE OF USER INFORMATION
BCA may share your personal information with the parties listed below:
other companies of the BCA Group,
other staff of the user organization, or any other organization that is a party to the agreement concluded between BCA and the user organization, or that otherwise has a legitimate interest in it,
IT service providers and systems administration to our business,
BCA professional consultants,
analytics and search engine service providers that help BCA improve and optimize its website, app and
Third parties to whom BCA decides to sell, transfer, or merge parts of its business or assets. Alternatively, BCA may choose to acquire or merge other businesses. If there is a change in BCA's business, the new owners may use your personal information as set forth in this policy.
BCA requires that all third parties respect the security of your personal information and that it be treated in accordance with the law.
To support user protection, we work with carefully selected third-party service providers that provide cybersecurity products and services to monitor the endpoints of all public interfaces with our systems and networks to detect, investigate, and proactively respond to potential threats. As part of this activity, Technical Data is:
collected, stored, used, transferred and processed by our chosen cybersecurity partners to help keep our assets, systems and networks secure;
Used by our selected cybersecurity partners to develop, improve, and enhance their security products and services for our benefit and that of their broader customer bases. The transfer (and retention) of data related to the latest security threats is critical to ensuring that the cybersecurity protections offered by our partners remain up-to-date and effective in keeping personal information secure. When a cybersecurity partner uses personal information in this way, it is a data controller.
Please see:
the section above entitled “Information you provide to us” for an explanation of what constitutes Technical Data;
the section below titled “Your Rights” for more information about the processing of personal information for cybersecurity purposes.
KEEP USER PERSONAL INFORMATION SECURE
Although BCA operates in the United Kingdom and the European Union, your personal data may be transferred to (or stored by) carefully selected third-party service providers with whom BCA works, located in countries outside the United Kingdom or the European Union. Where this is the case, BCA ensures that appropriate safeguards are in place for such transfer and storage, as required by applicable data protection laws.
If you require further information about the storage of your data, or the safeguards implemented to protect your data, please see the section below entitled “Your rights”.
We have implemented appropriate security measures to prevent accidental loss, unauthorized use or access, alteration, or disclosure of your personal information. Additionally, we limit access to your personal data to employees, agents, contractors, and other third parties who need access for business reasons. They will only process your personal information in accordance with our instructions and are subject to a duty of confidentiality.
We have implemented procedures to deal with any suspected personal data security breach and BCA will inform you and any applicable regulator of any breach where we are required to do so by law.
HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION?
The period of time during which BCA will store user data depends on the underlying lawfulness of its use, as described below:
Term
Whenever BCA uses/stores user data because it is necessary for the fulfilment of a contract concluded between the two parties
BCA will use/store user data for as long as necessary to fulfil a contract concluded between the two parties.
Whenever BCA uses/stores user data because it is necessary for it to comply with a legal obligation to which it is subject
BCA will use/store user data for as long as necessary to comply with a legal obligation to which it is subject.
Whenever BCA uses/stores user data because it is necessary for our legitimate business interests
BCA will use/store user data for as long as necessary to perform the contract between the two parties or until BCA no longer has a legitimate interest in using/storing user data.
Whenever BCA uses/stores user data, it is because the user has given specific, informed and unequivocal consent.
BCA will use/store user data until the user requests the end of this activity.
To determine the appropriate retention period for personal information, BCA takes into account the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized disclosure or use of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where our cybersecurity partners use Technical Data to develop, improve, or enhance their security products and services for our benefit and that of their broader customer bases, separate retention periods will apply (determined by the relevant cybersecurity partner itself as data controller). You can obtain more information on this by contacting us below.
YOUR RIGHTS
The user has several legal rights regarding the information he provides to BCA, or that BCA collects about the user, namely:
You have the right to access the information we hold about you, along with various information about why and how we use that information, to whom we may disclose it, the source from which it was obtained and for how long we will use that information.
The user has the right to request that BCA rectify any information it holds about him/her that is inaccurate or incomplete.
You have the right to request that BCA erase the information it holds about you ("right to be forgotten"). This right can only be exercised in certain circumstances. If you request that BCA erase your information and BCA is unable to do so, BCA will explain the reasons for this inability.
You have the right to ask BCA to stop using your information if: (i) the information it holds about you is inaccurate; (ii) it is using that information unlawfully; (iii) it no longer needs to use the information; or (iv) it has no legitimate reason to use it. BCA may, however, continue to store your information or use that information for legal proceedings or to protect another person's rights.
You have the right to request that BCA transmit the information it holds about you to another individual or legal entity in a structured, commonly used, and machine-readable format. This right may only be exercised in certain circumstances. If you request that BCA transmit your information and BCA is unable to do so, BCA will explain the reasons for this inability.
Whenever BCA uses/stores your information because it is necessary for its legitimate business interests, you have the right to object to such use/storage of your information by BCA . BCA will stop using/storing your information unless it can demonstrate why, in its sole discretion, it has a legitimate business interest that overrides your interests, rights, and freedoms.
Whenever BCA uses/stores user data because the user has given specific, informed and unequivocal consent, the user has the right to withdraw that consent at any time.
The user has the right to object to the use/storage of his/her information by BCA for direct marketing purposes .
If you wish to exercise any of your legal rights, you should contact the BCA DPO Office by writing to the address above or by sending an email to DPO-Office@bca.com
You do not have to pay a fee to access the personal data BCA holds about you (or to exercise any of your other rights). However, BCA may charge a reasonable fee if your request for access is clearly unfounded, repetitive, or excessive. Alternatively, in these circumstances, BCA may refuse to comply with your request.
We may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. BCA may also contact you to request additional information related to your request to expedite our response.
BCA will attempt to respond to all legitimate requests within one month. Occasionally, BCA may take longer than a month if your request is particularly complex or you have submitted multiple requests. In this case, BCA will inform you and keep you updated.
You can also contact us if you would like more information about:
the storage of your data;
the security measures implemented to protect your data;
our cybersecurity partner and how it uses your data.
To do so, please contact our DPO office using the details provided in the section of this notice entitled “Introduction”.
WHAT ARE COOKIES AND HOW ARE THEY USED?
What are Cookies?
A cookie (or cookie token) is a small text file that stores Internet or app settings. Your Internet browser or app downloads a cookie when you visit a website or app for the first time.
Some cookies are extremely useful, as they can improve the user experience when returning to a website previously visited. The cookie assumes the user is using the same device and browser as previously; if applicable, cookies remember your preferences, understanding how you use the website, and adapt the content displayed to make it more relevant to the user's personal interests and needs.
Types of Cookies
There are four categories of cookies: strictly necessary cookies, performance cookies, functional cookies, and marketing cookies.
Strictly necessary cookies are essential for enabling users to navigate the website and use its features. Some services cannot be provided without these cookies. For example, remembering previous actions when returning to a page within the same session.
Performance cookies collect information about how a website is used, for example, which pages are frequently visited. These cookies do not store personal information or information that allows the user to be identified. These cookies are used exclusively to improve website performance and, consequently, the user experience.
Functional cookies allow a website to save information previously entered (such as usernames, language choices, and the user's location) so that it can offer improved and more personalized features. These cookies collect anonymous information and cannot track the user's actions on other websites.
Marketing cookies are used to deliver ads and other communications that are more relevant to you and your interests. They are also used to limit the number of times an ad is shown and help measure the effectiveness of advertising campaigns.
Managing the use of cookie settings on this website and app
Although you can completely disable some cookies in your browser or app at any time, it is important to remember that if you change your settings and block certain cookies, you will not be able to take full advantage of some features of the BCA website or app.
Essential cookies, also known as "strictly essential," enable features that prevent the user from using the website or app as intended. These cookies are stored on the user's computer or device only while the user is actually on the website or app, and only for the duration of the session. Strictly necessary cookies cannot be disabled.
OPTING OUT OF RECEIVING COMMUNICATIONS
You may at any time request that BCA stop sending you communications by logging into the website and checking or unchecking the applicable boxes to adjust your marketing preferences, or by clicking on the unsubscribe links provided in any marketing message sent to you.
AUTOMATED INDIVIDUAL DECISIONS
BCA does not use automated individual decision-making processes.
LINKS TO OTHER WEBSITES & APPs
The BCA website may include links to third-party websites, add-ons, and applications. Clicking on these links or activating them may allow third parties to collect or share user data. BCA does not control these third-party websites and is not responsible for their privacy statements. We encourage users to read the privacy notice of every website they visit after leaving the BCA website or app.
HOW TO COMPLAIN
If you have any concerns about our use of your personal information, you can file a complaint at DPO-Office@bca.com .
You can also lodge a complaint with the ICO if you are not satisfied with how we have used your data.
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ICO Helpline Number: 0303 123 1113
ICO website: https://www.ico.org.uk
CHANGES TO BCA POLICY
Any changes made to this policy in the future will be published on our website.
BCA Italia s.r.l. Ripa di Porta Ticinese, 7 20143 Milano. P.IVA/Codice Fiscale IT02557550346