• Search BSI
  • Verify a Certificate
BSI Homepage
Contact Us
Search Icon
Back to menu Choose a country/region

No countries/regions found

Suggested region and language based on your location

    Your current region and language

    Submit

    Privacy Notice

    Privacy Notice - General users and clients
    Privacy Notice – Committee Members (BSI Documents)
    Privacy Notice – Job Applicants

    Privacy Notice - General users and clients

    Introduction

    The British Standards Institution (ICO registration Z7888292) (“BSI”) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact: privacyteam@bsigroup.com

    If you have entered into a contract with one of our subsidiaries or group companies, the controller of your data will be the BSI company or companies stated in your contract (BSI Standards Limited (ICO registration ZA342039), BSI Assurance UK Limited (ICO registration ZA341951) and/or BSI Digital Trust (UK) Limited (ICO registration Z1767162)) and/or the BSI company to which you provide any additional consent. In all other circumstances, the controller of your data will be The British Standards Institution.

    Our personal data handling policy and procedures have been developed in line with the data protection laws that apply to us in the countries in which we offer our goods and services, in particular the EU General Data Protection Regulation ((EU) 2016/679) (the “EU GDPR”) and the UK General Data Protection Regulation which reflects the retained and amended provisions of the EU GDPR that are incorporated into UK law under the UK European Union (Withdrawal) Act 2018 as amended (the “UK GDPR”), as these laws establish the most expansive data protection obligations.

    1. What personal data do we collect?

    We collect and process personal data about you when you interact with us and our products and when you purchase goods and services from us. The personal data we process includes:

    • name;
    • username and password;
    • home or work address, email address and/or phone number;
    • job title;
    • payment and delivery details, including billing and delivery addresses and credit card details, where you make purchases from us;
    • personal data related to the browser or device you use to access our website;
    • internet browser and operating system;
    • recordings of calls you make to our customer service team; and
    • any other personal data you provide.

    2. How do we use this personal data and what is the legal basis for this use?

    We process the personal data listed in paragraph 1 above for the following purposes:

    • to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
    • to comply with applicable laws and regulations;
    • in accordance with our legitimate interests in protecting BSI's legitimate business interests, role as the National Standards Body, and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
    • with your express consent to respond to any comments or complaints we may receive from you, or to investigate any complaints received from you or from others, about our website or our products or services;
    • we may use the information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
    • to monitor use of our websites and online services. We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;
    • if you provide a credit or debit card, we may also use third parties (such as POS payment providers) to check the validity of the sort code, account number and card number you submit in order to prevent fraud, in accordance with our legitimate interests and those of third parties;
    • we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;
    • in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and
    • we may use your information to invite you to take part in market research or surveys.

    We may also send you direct marketing in relation to BSI’s relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt out. We will not send you direct marketing of third-party products or services although our own products or services may on occasion include cooperation with third parties. You will continue to be able to opt out of electronic direct marketing at any time by following the instructions in the relevant communication.

    3. With whom and where will we share your personal data?

    We may share your personal data with our subsidiaries to process it for the purposes of inter-group administration and to deliver products or services where elements of these are provided by BSI group companies other than those with which you have directly contracted.

    We may also share your personal data with the below third parties:

    • our professional advisors such as our auditors and external legal and financial advisors;
    • marketing and communications agencies where they have agreed to process your personal data in line with this privacy notice;
    • market research companies;
    • our suppliers, business partners and sub-contractors; and/or
    • search engine and web analytics.

    Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third-party service providers who will process it on behalf of BSI for the purposes above. Such third parties include but are not limited to, providers of website hosting, maintenance, call centre operation and identity checking.

    In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.

    4. How long will you keep my personal data?

    We will not keep your personal data for any purpose longer than necessary to fulfil the original or a compatible purpose. In some instances, we are required to retain certain information by law or due to our role as the National Standards Body, and for as long as reasonably necessary to meet regulatory or accreditation requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions. Where this is the case, your personal data will only be processed for the relevant legitimate purpose and not used for marketing.

    Where you are a customer, we will keep your personal data for the length of any contractual relationship you have with us and after that for a period of up to 3 years unless you are a customer purchasing Standards in which event we will keep your information for up to 5 years in line with the Standards lifecycle.

    Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your personal data for this purpose (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 2 years from when you last interacted with us or our content.

    In the case of any contact you may have with our customer services team, we will retain your details for as long as is necessary to resolve your query and for two weeks after the query is closed.

    We may retain your personal data for a time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. After it is no longer necessary for us to retain your personal data, we dispose of it securely according to our Document & Information Retention Policy.

    5. Where is my data stored?

    The personal data that we collect from you may be transferred to, and stored outside, the United Kingdom or the European Economic Area (“EEA”). It may also be processed by staff operating outside the United Kingdom or EEA who work for us or for one of our suppliers, in which case the third country's data protection laws will have been approved as adequate by the European Commission, the UK’s Information Commissioner's Office, or other applicable safeguards will be in place. Further information may be obtained from our Privacy Team.

    6. What are my rights in relation to my personal data?

    You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you or by contacting us.

    Where you have consented to us using your personal data, you can withdraw that consent at any time.

    If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

    You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.

    Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine-readable format.

    If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.

    7. Where can I find more information about BSI’s handling of my data?

    Should you have any queries regarding this Privacy Notice, about BSI's processing of your personal data or wish to exercise your rights you can contact BSI’s Privacy Team using this email address: privacyteam@bsigroup.com.

    If you are not happy with our response, if you are based:

    in the United Kingdom, you can contact the Information Commissioner's Office https://ico.org.uk/;

    in the EEA, you can contact the Dutch Data Protection Authority, which is our lead supervisory authority in the European Union https://autoriteitpersoonsgegevens.nl/en;

    anywhere else, you have the right to lodge your complaint with the relevant data protection regulator in the country where you are located.

    BSI Privacy Notice - Committees

    Introduction

    The British Standards Institution (ICO registration Z7888292) (“BSI”) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact: PrivacyTeam@bsigroup.com.

    The controller of your data will be The British Standards Institution. In addition to BSI, the International Organization for Standardization (the “ISO”) will also be a controller of your personal data to facilitate your use of our Committee Member communication and document distribution system (BSI Documents).

    Our personal information handling policy and procedures have been developed in line with the data protection laws that apply to us in the countries in which we offer our goods and services, in particular the EU General Data Protection Regulation ((EU) 2016/679) (the “EU GDPR”) and the UK General Data Protection Regulation which reflects the retained and amended provisions of the EU GDPR that are incorporated into UK law under the UK European Union (Withdrawal) Act 2018 as amended (the “UK GDPR”), as these laws establish the most expansive data protection obligations.

    ISO’s data protection policy that describes how it collects, uses, stores, and shares your data will be communicated to you when you register to use BSI Documents. If you do not agree with the ISO’s policies, you should not access or use BSI Documents. We are not responsible for the ISO’s policies or actions.

    1. What information do we collect?

    We collect and process personal data about you when (a) you and/or your nominating organization contacts us to add you as a member of a Committee; (b) you register with BSI Documents; and (c) you attend Committee meetings. The personal data we process includes:

    • your name;
    • your home or work address, email address and/or phone number; and
    • where you are a BSS Member, your region and areas of interest.

    2. How do we use this information and what is the legal basis for this use?

    We process the personal data listed in paragraph 1 above for the following purposes:

    • to enable us to generate standards, administer standards development, validate your involvement in a Committee and enable you to liaise with other committee members including through BSI Documents;
    • to administer the standards process, including running committees and maintenance and monitoring of committee membership in order to ensure compliance with BS 0;
    • in connection with legal claims, compliance, regulatory and investigative purposes;
    • to invite you to take part in market research or to send you Committee Member newsletters;
    • to respond to your comments or complaints, including to investigate any complaints received from you or from others;
    • to generate statistics (which will not identify you) regarding the composition of committees and their sector diversity as part of our role as a National Standards Body;
    • to monitor use of our websites and online services and use your information to help us check, improve and protect our products, content, services and websites, both online and offline;
    • to monitor use of BSI documents to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime and unauthorised downloading of standards documentation all in accordance with applicable law; and
    • with your consent where required, to send you direct marketing in relation to our products and services.

    We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your express consent to receive it, or (where this is allowed) you have been given an opportunity to opt out. You will continue to be able to opt out of electronic direct marketing at any time by following the instructions in the relevant communication.

    3. With whom and where will we share your personal data?

    As described above, as the host and systems provider of BSI Documents, your personal data is shared with the ISO to facilitate your use of BSI Documents and associated features and functions such as the ISO Global Directory.

    We may share your personal data with our subsidiaries to process it for the purposes of inter-group administration and to deliver products or services where elements of these are provided by group companies other than those with which you have directly contracted.

    We may also share your personal data with the below third parties:

    • your employer or nominating organisation to validate your involvement in Committees; and/or
    • other providers of services to us, including website hosting, maintenance, call centre operation and identity-checking services.

    Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third-party service providers and business partners who will process it on behalf of BSI for the purposes above. Such third parties include but are not limited to, providers of website hosting, maintenance, call centre operation and identity checking.

    In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.

    4. How long will you keep my personal data?

    We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

    Where you are a Committee Member, we will keep your personal data for the lifecycle of the Committee. Beyond that, we will retain your name (though not your other details) indefinitely for the purpose of evidencing the constitution of the Committee and the transparency of the Standards development process.

    Where you are a Consumer & Public Interest Network Representative, we will retain your data for the period that you hold that function.

    We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require BSI to hold certain information for specific periods other than those listed above.

    5. Where is my data stored?

    The personal data that we collect from you may be transferred to and stored outside the United Kingdom or the European Economic Area (“EEA”). It may also be processed by staff operating outside the United Kingdom or the EEA who work for us or for one of our suppliers, in which case the third country's data protection laws will have been approved as adequate by the European Commission, the UK’s Information Commissioner’s Office or other applicable safeguards are in place. Further information may be obtained from our Privacy Team.

    6. What are my rights in relation to my personal data?

    You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you or by contacting us.

    Where you have consented to us using your personal data, you can withdraw that consent at any time. If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you.

    Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine-readable format.

    If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.

    7. Where can I find more information about BSI’s handling of my data?

    Should you have any queries regarding this Privacy Notice, about BSI's processing of your personal data or wish to exercise your rights you can contact BSI’s Privacy Team using this email address: PrivacyTeam@bsigroup.com.

    If you are not happy with our response, if you are based:

    in the United Kingdom, you can contact the Information Commissioner's Office https://ico.org.uk/;

    in the EEA, you can contact the Dutch Data Protection Authority, which is our lead supervisory authority in the European Union https://autoriteitpersoonsgegevens.nl/en; anywhere else, you have the right to lodge your complaint with the relevant data protection regulator in the country where you are located.

    Applicant Privacy Policy

    1. Introduction

    The British Standards Institution (ICO registration Z7888292) (“BSI”) takes its data protection obligations seriously and is committed to protecting the personal data we process, respecting the privacy of all individuals who provide us with their personal data. This Privacy Notice explains our data processing operations and your data protection rights granted under the data protection laws. Our data protection and privacy policies and procedures have been developed in line with the requirements of the EU and UK General Data Protection Regulations, the UK Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, with consideration for all applicable international data protection laws.

    2. What information do we collect and process?

    We collect and process your personal data when you apply for a vacancy. The personal data we process in relation to your application includes:

    • Your name
    • Phone number
    • Email address
    • Home address
    • Employment history
    • Educational history and qualifications, including other personal data which is included in your resume
    • Psychometric testing results - capabilities and behaviours in relation to the position applied for e.g. leadership and client facing roles.
    • Public profiles available online

    3. What is the source of this information?

    In most cases, we receive your personal data directly from yourself via our internal recruitment systems. There are occasions when we receive your personal data indirectly through other sources, such as such as external recruitment partners. We may also obtain it from your public profiles available online.

    4. How do we use this information and what is the legal basis for this use?

    We process your personal data listed in Section 2 for the purpose of managing your application to our vacancies. The lawful basis for processing is based on legitimate and mutual interests of both parties, in accordance with the recruitment and application process.

    5. With whom and where will we share your personal data?

    We share your personal data internally with hiring managers, hiring teams and Human Resources personnel, who have an active involvement in the candidate selection and hiring process.

    6. How long will you keep my personal data?

    In the event you are unsuccessful with your application, we will retain your personal data relating to your job application (including any interview records) for 12 months from the date of your application. This is to consider you for future vacancies we believe you are suitable for and could be of interest to you. You can request deletion of personal data at any time by contacting privacyteam@bsigroup.com

    7. Data Storage and Transfers

    BSI IT systems are hosted in Ireland, either on our business premises or in cloud environments. During the recruitment process, depending on the location of the role you have applied for, it is possible that your personal data is transferred to or accessed by our staff outside the UK or EEA. BSI adheres to its data transfer obligations and ensures adequate agreements and data transfer safeguards are implemented.

    8. What are my rights in relation to my personal data?

    The GDPR grants you the following rights, which you can exercise by contacting the Privacy Team email: privacyteam@bsigroup.com

    • Right of access
    • Right of rectification
    • Right to be forgotten
    • Right to restriction of processing
    • Right to object
    • Right to object to automated processing, including profiling

    9. For more information on BSI data processing

    If you have any questions, requests or concerns related to our processing activities or would like to exercise any of the rights described herein, you should contact: privacyteam@bsigroup.com

    10. Right to lodge a complaint

    If you are dissatisfied with the manner in which BSI process your personal data or manages your requests, you have the right to lodge a complaint with your local supervisory authority. The lead supervisory authority for BSI in the UK is the UK Information Commissioner's Office: https://ico.org.uk/ Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.Telephone: 0303 123 1113

    Alternatively, in the EEA, you can contact Autoriteit Persoonsgegevens, the Dutch Data Protection authority, and lead supervisory authority for BSI in the European Union: https://autoriteitpersoonsgegevens.nl/en;

    For more information on our data processing activities, please refer to our Group Privacy Policy.

     

    Contact Us

    Let's shape your organization's future together

    Reach out and see how we can help guide you on your path to sustainable operational success.

    Get in touch
    Get in touch