This Privacy Policy was last changed 25th August 2020
Using the The Bach Project website, mobile website and Apps, means you agree to our Privacy and Cookie policies 1 – Who we are We are The Bach Project (we/our/us). Our office address is John Holloway, The Bach Project, Alpenstrasse 30, CH3006 Bern, Switzerland. This policy describes how we use personal information. Since the original 1984 UK Data Protection Act, the law has changed significantly attempting to compensate for leaps in technology especially “Big Data”. While the 1984 act did little to enforce, it did establish principles or ethics that have higher standards than todays legislation. We respect personal data according to both the older principles and our contemporary legal obligations. In modern computing systems and data including personal information needs to be shared to deliver modern expectations. Modern information privacy law is now more about declaration of use and consent by the individual. There may be conflicts between what someone believes is principled use of their personal information and what the rights that this document establishes over personal information. This policy sets out, practically, how we, as a Data Controller, collect, process, use and disclose your personal information, why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information. If an individual feels that their personal data has been misused, despite consent, we will actively change or delete information that has been recorded above and beyond our legal commitments in an attempt to undo perceived harm. This policy covers use of personal information arising from use of our online systems as well as buying / using our products and services. If you have any questions or need any further clarity please get in touch via email to info@the-bach-project.com or via post to John Holloway, The Bach Project, Alpenstrasse 30, CH3006 Bern, Switzerland. 2 – Your information Data Collection and Usage Personal Data includes any data that can identify a person, or could be used in conjunction with other information to identify a person and personal qualities. We comply with all applicable laws in relation to data protection and privacy, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
What we collect Lawful basis for Processing How we use it
Information provided during a purchase:
• Contact details possibly including: name, address, email address and phone number;
• Bank account or credit/debit card details;
• The product or service purchased
Performance of contract. Personal information may be required to deliver a sale.
This information is used to:
Provide products and services;
Manage and administer services;
Process orders;
Take payment or refund monies;
Help to check that customers are genuine and to prevent fraud Information provided for subscription to newsletters, receive information or mailings: • Name and email address Consent. Consent must be given to sign up to mailing lists. This Consent can be withdrawn at any time. See section 4 below for more information. Provide products and services; Help to check that customers are genuine and to prevent fraud . Deliver news about and offers on products and services.
Information provided to enter a prize draw or competition:
• Contact details including: Name, address, email address and phone number. This may include a social media account or accounts.
Legitimate Interest. Required to administer any prize draw or competitions.
Competitions and prize draws are constrained by other legislation and
Provide products and services;
Manage and administer prize draws, competitions and our services;
Take payment or refund monies;
may have supplementary Terms and Conditions.
Help to check that customers are genuine and to prevent fraud Information about the way products and services are used including: • The things provided or purchased; • When and where the provisions or the purchases were; • What was paid and how; • Whether electronic communications from us have been opened; • Whether links in electronic communications from us have been clicked on. Legitimate Interest. We use this information to deliver quality of service and tailor experiences to individuals. We use this information to: • Develop new products and services; • Improve our products and services; • Personalise our products and services; • Identify products and marketing that may be of interest to individuals; Statistical analysis and research.
Information exchanged in communications with us whether in person, through our website or via email, over the phone, through social media or any other medium which maybe recorded in minutiae.
• This information may include contact details, name, address, email address and phone number, social media account.
• .
Legitimate Interest. We cannot communicate without this information.
We use this information, including to: Answer questions and respond to concerns; Monitor customer communications for quality and training purposes; Develop new products and services;
• Improve our products and services including personalisation.
Regulatory compliance; Information that collected through use of our website including: • Device information such as operating system, unique device identifiers, the mobile network system; • Hardware and browser settings; • Date and time of requests; • The requests you make; • The pages you visit and search engine terms you use; • IP address. • Recordings of screen interactions and heatmaps. Legitimate Interest. We use this information to deliver quality of service and tailor experience to individuals. We use this information to: • Provide our products and services; • Develop new products and services; • Improve our products and services; • Personalise our products and services; • Identify issues with the website and user’s experience of it; • Make improvements to the user experience; • Manage and administer our systems;
• Monitor the way our website is used.
Information collected incidentally from public or other sources, including:
• Information available in the media;
• Information presented on our social media timelines;
• Information collected by security systems;
Legitimate Interest. We use this information to deliver quality of service.
We use this information, including to:
• Maintain market awareness;
• Build and maintain social media branding;
• Provide security to our sites;
• Fraud prevention and confirming identity. Information from credit reference agencies. Performance of contract. To make a credit sale
Fraud prevention and confirming identity. The Bach Project does not knowingly collect data from any unsupervised person under the age of 18. Individuals under the age of 18 must not use The Bach Project online services including websites and apps or submit any Personal Data to us without the consent of, and are supervised by, a parent or guardian. Legal requirements Personal information may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of legal claims. The Bach Project will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved. How long we keep personal information We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you have any outstanding purchases or have interacted with recent offers.
Information we share There are certain circumstances where we may transfer your Personal Data to contractors, service providers, and to other parties. • We may share personal information with other partners or members (if we are one) of our group of companies so we can provide the best service across our group. Any group company is obligated to keep personal information in accordance with this privacy policy but partner organisations especially social media organisations will use data we need to share according to their own principles, corresponding guidelines and interpretation of legislation. • We may also share personal information with certain contractors or service providers who assist us in the provision of products and services we supply, are involved in prize draws and competitions we run or provide other services to assist with our day to day operations. They may process Personal Data for us, for example, if we use a marketing agency. Other recipient’s/service providers include manufacturers, logistics/delivery providers, advertising agencies, IT specialists, database providers, backup and disaster recovery specialists or email providers.
Our suppliers and service providers will be required to meet our standards on processing information and security. Personal information we provide them, will only be provided in connection with the performance of their function. • We may also share information with third parties. We will do this either when we receive Consent or because we need them to see information to provide products or services. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with. Personal information may be transferred to other third party organisations in certain scenarios: • If we’re discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality; • If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services previously provided by us; • If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police; • If we are defending a legal claim your information may be transferred as required in connection with defending such claim. Personal Data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data. Where personal information will be held Our offices are based in Switzerland and your data will be held on systems accessible by this office. We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place. 3 – Individual’s rights Data Subject Rights We’ve listed the rights an individual has over their information and how they can be used below. These rights only apply in some circumstances. Not all of these rights will be available if there are outstanding contracts between us, if we are required by law to keep the information or if the information is relevant to a legal dispute. We will normally respond to or action (as applicable) requests within one month from receipt of a request. This period may be extended by 2 further months if necessary taking into account the complexity or number of requests. If this is the case, we aim to let the enquirer know within one month of the original request. Usually the information or action requested will be provided free of charge. However, if we decide that requests are unfounded or excessive or repetitive we may charge a fee or refuse to deal with the request. It is important that we establish that the individual right is being exercised by the correct person. Therefore, we may need to ask for information in order to verify identity prior to processing a request. This may include requiring personal details we have recorded for example a phone number or date of birth to be correlated by the enquirer. Individuals have the right to make the following types of request regarding the Personal Data The Bach Project stores: • Right of access (subject access requests) is the individuals’ right to request a copy of the Personal Data (if any) that we have concerning them and supporting information explaining how it is used. • Right of rectification is the individuals’ right to request that we correct inaccurate, incomplete or misleading Personal Data concerning the individual. • Right of erasure (right to be forgotten) is the right, in some situations, for the individual to have their Personal Data.
• Right to restrict processing is the right, in some situations, to request that Personal Data provided especially if it believed to be inaccurate is not used. This is a temporary right. • Right to data portability is the right, in some situations, to request that we transmit personal data to the individual owner or another entity. • Right to object is the right to object to certain processing of Personal Data unless we believe we have compelling grounds to continue processing and the right to object to direct marketing/profiling. Sometimes we will be exempted from responding to certain requests. • The authority responsible for ensuring Data Protection in the UK is the Information Commissioner’s Office. They can provide information about an individual’s rights, how to enforce them, processes for complaints and have the power to fine organisations deemed to be in breach of some aspects of the Act. Their website is here https://ico.org.uk/ 4 – Contact us How to contact us For answers to questions about this policy contact our Legal team at info@the-bach-project.com, or by writing to John Holloway, The Bach Project, Alpenstrasse 30, CH3006 Bern, Switzerland. Want to be removed from The Bach Project direct marketing list? An email address can be removed from our mailing list by clicking unsubscribe at the bottom of any circular email we have sent. This will open a web page that takes the user through the process of unsubscribing. 5 – Changes to the policy This policy may be changed. Updates will be posted here. 6 – Other policies Cookies Our websites use cookies. These are files which contain small amounts of information that a website can send to, and store on, your computer or device through a browser. Cookies may be used by us to provide, for example, customised information from our website to make our website more user-friendly. This may include, for example, remembering a user’s postcode so it doesn’t have to be re-entered every time that page is visited. Cookies can perform other functions including helping us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. We are required to provide clear and comprehensive information about the cookies we use and to obtain your Consent to the use of cookies. In order to comply with these requirements, we have prepared a cookie policy setting out information about cookies, detailing the cookies we use and providing information on how to manage cookies on your computer. Using The Bach Project website and mobile website means agreeing to our cookie policy and Consent to the use of cookies and similar technologies by us and our carefully selected third party partners as described in our cookie policy. If an individual does not agree to such use, they should investigate how to restrict cookies operation in their browser. Security We are committed to keeping your personal information safe. We’ve got appropriate physical, technical and administrative measures in place to protect your information against accidental or unauthorised destruction, loss, access or alteration.