This policy pertains to the website(s) by Baachu Works Limited (“Baachu”), a company headquartered in Croydon, Surrey, UK. This includes www.Baachu.com, www.baachu.co.uk, www.baachurain.com. www.mybidbuddy.com and additional Baachu & Company produced and managed websites (together, the “Site”).
Baachu is responsible for the processing of personal data and is a data controller for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation (‘GDPR’)).
General Data Protection (GDPR)
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. It becomes enforceable on 25 May 2018.
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life.
A lawful basis for data processing
Data will not be processed unless there is at least one lawful basis to do so. Mainly this will be when the data subject has given consent to the processing of personal data for one or more specific purposes.
Consent will be assumed if the data subject has made their personal details available through a recognised business community and has volunteered to join on of Baachu’s networking groups. For example they may have agreed to join Baachu’s LinkedIn Network, have ‘friended’ on Facebook or has provided a business card at a face-to-face meeting. In these circumstances the data subject is taken to represent their company and has joined Baachu’s network in order to receive information from Baachu. In addition it will be assumed that the details given are the data subject’s business contact details
Baachu offers a community for bidding professionals as well as other commercial services. Activities for which consent has been assumed includes but is not limited to;
- Receiving community based notifications such as daily up-dates and newsletters,
- Email marketing
- Order processing
Processing may also be necessary under certain other conditions such as but not limited to:
- for the performance of a contract,
- for compliance with a legal obligation,
- to protect the vital interests of the data subject or of another natural person.
Records of Processing Activities
Records of processing activities will be maintained that include purposes of the processing, categories involved and envisaged time limits
Data protection by design and by default (Article 25) requires data protection to be designed into the development of business processes for products and services. Privacy settings will therefore be set at a high level by default, and technical and procedural measures will be taken by the controller to make sure that the processing, throughout the whole processing lifecycle, complies with the regulation.
GDPR makes special provision for special categories of persona data (Article 9). Baachu does not process any of these categories.
The web hosts and social media providers that we use also all conform to GDPR standards.
In all circumstances where we collect personal data from you, we will only collect the minimum amount of data required for us to perform the defined processing purpose/s.
Right of access: citizens have the right to access their personal data and information about how this personal data is being processed. These include information on the data subject, details about the processing if data, such as the purposes of the processing, with whom the data is shared, and how it acquired the data.
Right to erasure: Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of a number of grounds.