Privacy Policy
Blackpool Business Improvement Districts Ltd (Blackpool BIDs) takes your privacy and the security of your personal information extremely seriously. Please read this privacy notice to learn more about how we collect, store and use your personal data.
Data Controller: Blackpool BIDs Ltd, Empress Buildings, 97 Church Street, Blackpool, FY1 1HU
Email address: admin@blackpoolbid.org
Tel: 01253 476204.
Blackpool BIDs pays a fee to the Information Commissioner (ICO) as required by the Data Protection (Charges and Information) Regulations 2018.
Data Protection Officer (DPO), Jonathan Pickup, Blackpool Council, PO Box 4, Blackpool, FY1 1NA
Email address: dataprotectionofficer@blackpool.gov.uk
Purposes of Processing
Blackpool BIDs has a mission to work on behalf of its members to make the town centre a better place to do business. Blackpool BIDs facilitates Blackpool & Fylde Pubwatch Scheme and Blackpool Shopwatch Scheme. Both distinct schemes also have individual privacy notices which are published on their respective websites and disseminated to relevant stakeholders; this notice is intended to act as the Company’s overarching notice.
Blackpool Tourism BID has a role to play in helping to stimulate and support future growth and the management of both the retail and tourism offer in partnership with the Council, VisitBlackpool, Business in the Community and other relevant organisations and business interests.
To enable us to deliver all the schemes we need to collect members data to provide them with services, to issue invoices and to support them in using our services. As part of the delivery of schemes we may collect the personal data of members of the public and we are also required to process the personal data of offenders; these are individuals that have been reported to us as being actively involved in incidents which have presented a threat or damage to the property or safety of stakeholders.
Lawful Bases for Processing
The UK General Data Protection Regulation (GDPR) states Blackpool BIDs must have a valid lawful basis to enable them to process personal data.
Member’s personal data is processed in accordance with the ‘performance of a contract’ lawful basis, which enables us to provide services, issue invoices and support members’ in using our service.
Members of the public and offenders personal data is processed in accordance with the ‘legitimate interests’ lawful basis, as it’s in the legitimate interests of its members and the public to process personal data. The Company has conducted a legitimate interests assessment to determine the impact of its processing on data subject’s rights and freedoms, with the interest favouring processing.
Legitimate Interests for the Processing
This Balance of Interests Assessment confirms that Blackpool BIDs has balanced the impact of processing members of the public and offenders’ personal data, with all relevant parties’ right and freedoms.
Rights
Offenders have no right to enter property from which they have been excluded unless they can show that they have been excluded because of a characteristic defined in the Equality Act 2010. Therefore, excluding offenders for the reasons defined in the scheme’s Privacy Notice (Offenders) does not impact the rights of offenders.
Freedoms
Offenders who are excluded from Members’ premises experience a reduction in their freedom in the area of activity of the scheme as defined in the scheme’s Rules & Protocols; this reduction is mitigated by the fact that the offender will continue to be able to access premises in the area of activity of the scheme who are not Members of the scheme as well as premises which are outside the area of activity of the scheme.
Distress
Offenders may suffer distress because of:
- being reported for a first time and their data being shared among Members of the scheme; however, this data is strictly controlled and shared only by Members of the scheme and not with a wider public; therefore, any harm to offenders will be minimal.
- being reported for a second time and excluded from Members premises; however, this fact will only become known beyond the scheme’s Members and among a wider public if the offender attempts to access a property from which he/she is excluded and is physically restrained, or an audible/verbal confrontation ensures between the Member and the offender. In such a case this distress is brought about by the offender’s own actions.
Conclusion
It is the conclusion of the relevant scheme’s Board of Management that the impact of processing the personal data of offenders is justified and that the Legitimate Interest of the schemes prevails over the rights and freedoms of offenders.
Categories of Personal Data
Blackpool BIDs processes the following categories of offenders’ personal data:
- Offender’s name and facial image and any relevant data about the nature of his/her activities; the purpose of this processing is to enable members to identify offenders in order to submit reports about them, to include them in a list or gallery of excluded persons (if appropriate and in line with the scheme’s rules & protocols), and to provide information about them which may be necessary to protect the personal safety of members and their staff, customers etc. This data may be shared with members.
- Offenders’ postal and email addresses, telephone number(s) and other contact details; the purpose of this processing is to enable the scheme to communicate with offenders from time to time, for example to send confirmation of exclusions, rules of the exclusion scheme, or confirmation that exclusions have expired. Such data will not be shared with members.
- Data and evidence about incidents in which an offender has been involved; the purpose of this processing is to enable the scheme to defend its legal rights against any claim or suit by an offender or other party. Such data will not be shared with members but only with the scheme’s Board of Management as necessary in the course of any legal proceedings.
Blackpool BIDs processes the following categories of members’ personal data:
- Name, name and place of employment, financial, postal and email addresses, telephone and other contact details will be processed;
No sensitive or ‘special category’ personal data (ethnicity, sexuality, religious beliefs etc.) is routinely processed, but may be inadvertently captured.
Recipients of Personal Data
Blackpool BIDs provides the following recipients with offenders’ personal data:
- Members who are property owners, agents or their employees working within the operational area of the scheme who share the same legitimate interests;
- Employees and officers of public agencies involved in the prevention and detection of crime, such as Police, Council and NHS. Their lawful basis for processing offenders’ data is their public task;
- Other organisations, like schemes, in neighbouring areas if there is evidence that an offender has participated, or is likely to participate, in any threat or damage to property, staff and customers in areas outside the scheme’s area of operation.
Blackpool BIDs provides the following recipients with members’ personal data:
- The Company’s Board of Management and formally contracted Data Processors may access members’ personal data;
- Members’ personal data will not ordinarily be passed to any other third party unless required to do so by law or with the consent of the member.
Blackpool BIDs will not transfer personal data outside the UK.
Retention of Personal Data
Blackpool BIDs will retain members’ personal data for as long as each member remains a member of a scheme and financial records are retained for six years as required by tax law; when a member ceases to be a member of a scheme he/she must confirm this with the scheme’s Coordinators at which time all relevant personal data will be irrevocably deleted.
In the case of submitted incident reports, the submitting member’s name, premises, email address, landline and mobile numbers will continue to be associated with such reports for as long as the report is retained by the scheme; this is required where a report may be used for evidential purposes in legal proceedings.
Blackpool BIDs will retain offenders’ personal data
- If a person has received five or more incident report(s) submitted by a member participating in the scheme, the Shopwatch may exclude him/her from the premises of all members participating in this scheme. All members participating in the scheme must thereafter refuse entrance to their premises to such a person for the duration of the exclusion.
- The length of exclusion is six months and will become effective from the date of the latest relevant incident reported. In exceptional circumstances the schemes may issue exclusions up to five years, ie for acts of violence and use of weapons etc.
- If an excluded person is subject to an incident report submitted by a member during the period of his/her exclusion, that period of exclusion is extended by one month for each breach of the exclusion order.
- As soon as an excluded person completes his/her period of exclusion, all personal data will be removed from the website, unless the administrator believes there is justification for retaining it, in which case the person becomes a targeted person and his/her data will be managed accordingly.
Individual Rights
You have a number of rights relating to the processing of your data, including the right to access the data we hold about you (via a Subject Access Request), the right to erasure (the right to be forgotten) and the right to have inaccurate data amended. Please note these are not automatic rights and they will be considered on a case by case basis by the Data Protection Officer in accordance with the legislation.
Complaints
If you are not happy with how Blackpool BIDs has handled your personal data, you can complain to us to give us the opportunity to resolve this with you. You should contact the Data Protection Officer if you have a complaint.
Alternatively, you can complain to the Information Commissioner. Their contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 113 or by email to casework@ico.org.uk
Security of Personal Data
We take the security of data extremely seriously and employ appropriate technical and organisational security measures to protect the personal data we hold from unauthorised access, disclosure or alteration and from destruction, loss or misuse. Regrettably no system or process can guarantee perfect security and there is always a very small risk of unauthorised access or disclosure, or of hardware or software failure, or other factors that could compromise the integrity and/or security of the data we hold.
Changes to this Privacy Notice
This notice is kept under review and may be updated from time to time. You can find out when this notice was last updated at the foot of each page. If there are any changes to the way your data is processed, the purpose for which we process it or our legal basis for doing so, we will contact you to let you know.