The British Independent Retailers Association (bira) is a Trade Association and is committed to protecting the data it collects and using it fairly to contact existing members, potential members and customers with relevant information and applies the current laws, which are known as the General Data Protection Regulation (GDPR).
bira will be what’s known as the ‘controller’ of the personal data you provide to us. Our registered address is 225 Bristol Road, Edgbaston, Birmingham, B5 7UB. Our Data Compliance Officer is David Wilson and can be contacted via email at firstname.lastname@example.org
Wholly owned subsidiaries of bira will be adhering to this privacy notice including; bira bank Ltd, bira direct Ltd, bira Publishing Ltd and Oxford Summer School Ltd. Data obtained through any of the above entities of the Trade Association can share data with each other as per the “How we process your data” section of this notice.
Click on each of the sections below to view more information on how bira handles your data.
How the law protects you+
Your privacy is protected by law. This section explains how this works.
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside bira.
The law says we must have one or more of these reasons:
• To fulfil a contract we have with you, or
• When it is our legal duty, or
• When it is in our legitimate interest, or
• When you consent to it
A legitimate interest is when we have a business or commercial reason to use your information although even then it must not unfairly go against what is right and best for you.
Information we collect about you+
We may collect personal data about you, including for example your name, address, telephone/mobile number(s) and email address.
If we are running an event or training course that you are personally attending, then we may collect more sensitive data such as dietary requirements or access needs if applicable. If you are using any of our financial or personal services, then we will collect more data of a financial or personal nature to ascertain the level of service we can offer you. This data could come from internal or third party services that we may utilise in determining your credit worthiness.
Examples of the sources of data we collect about you or your company:
• Membership application form
• Other application forms for loans, savings accounts, events, training courses
• When you talk to us on the telephone, personally or communicate with us via social media or website
• In emails and letters
• When you use our website
• When you interact on social media
• Email tracking facilities
• In surveys
• In financial reviews where a form of credit is offered
• Payment and transactional data
• The internet
• Publicly available information
• Bought in accredited third party marketing lists for recruitment purposes (B2B)
If you are applying for a service through bira bank Ltd then they will collect data about you from third parties to ascertain the level of credit to give you. These third parties will have their own privacy notices and data sharing policies. The companies we use for this purpose are:
• Dunn and Bradstreet (credit reference agency) – https://www.dnb. co.uk/
• Equifax (credit reference agency) – https://www.equifax.co.uk/
• Experian (credit reference agency) – https://www.experian.co.uk
• HPI – https://hpicheck.com
• Other Trade Associations you may be a member of and have applied through
• Zoopla – https://www.zoopla.co.uk/
• Insurers (Towergate) – https://www.towergateinsurance.co.uk
• Fraud prevention agencies
• Public information and Companies House
How we process your data+
GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties.
We may process your personal data for the following purposes, if relevant;
• Administer your membership with bira
• Responding to your enquiries
• Process applications for banking services
• Extend credit to you or your company
• Credit checking
• Allow you to use service providers and preferred suppliers, although we do not provide contact names or email addresses to such providers, except where the service is personal
• Provide you with information about other goods and services we are offering as a Trade Association
• Permit selected third parties to contact your business with service offerings that may be of interest to you. These third parties will be members of the Association
• Notify you about changes to our terms and conditions
• For research and statistical analysis
• Communicate with you about industry news and events, updates to your membership and other activities we are involved in as a Trade Association and believe you would be interested in
• Provide advice or guidance about using our services
• Carry out marketing activities
• Collect and recover money that is owed to us
• Tailor your experience on our website
• Communicate with you via social media
• Respond to complaints and seek to resolve them
• Information about your use of products with third party business partners such as Insurance, Mortgage, and other financial services and products
We process this data on the basis of our legitimate interest to run bira in an efficient and proper way for the benefit of our members. This includes managing our financial position, planning, audit, communications, business capability and to exercise our rights set out in agreements and contracts. We also process your personal data where required to comply with laws and regulations that apply to us.
How we will use the information about you +
Data is stored securely within bira’s systems to prevent unauthorised access. No data held by bira will be supplied outside the European Economic Area (EEA) other than to companies that are signed up to the Privacy Shield.https://www.privacyshield.gov
bira has various data and security policies that it complies with to ensure the safe keeping of the data that we collect.Staff are trained and regularly updated to ensure they are treating your data within the guidelines of this notice.
The Government requires us to screen banking service applications that are made to ensure we are complying with the international fight against terrorism and other criminal activities. As a result of this we may need to disclose your information to Government bodies.
There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn’t an over-riding legitimate business need.
Unless we explain otherwise to you, we’ll hold your personal information based on the following retention periods for personal data:
• Membership records – 12 months after leaving us
• Events – 18 months after the event you attended
• Training records – 12 months after the certification period ends
• Financial records – 7 years
• bira bank loan agreements and all related documentation– 6 years after completion of loan
• bira bank depositors and all related documentation– 5 years after account closure
• Credit reports and warning notices – 6 years
• Related company accounts to agreements – 3 years
When we may share your information+
We will treat your personal information as private and confidential, but may share it with each other and disclose it outside of the bira Group of companies if:
• Allowed by any agreement entered into by you
• You consent
• Needed by our agents, advisers or others involved in running accounts and services for you or collecting what you owe to other companies
• Needed by third parties to help manage your records (such as our IT suppliers who run our computer systems) – please note we will have appropriate separate service contracts in place with these firms
• HM Revenue and Customs or other statutory authorities who require it
• The Law, Regulatory Bodies, or the public interest permits and requires it
• Required by us or others to investigate or prevent crime
• Required as part of our duty to protect your accounts
What are your rights?+
You have the right to ask us to provide you with access to and rectification or erasure of your personal data. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.
You have the right to object to certain purposes for processing, in particular direct marketing.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Compliance Officer who will investigate the matter further.
If you wish to stop us from providing you with marketing materials then you can opt out at any time by ticking the appropriate boxes within an email or contacting our membership department directly.
For further information on which companies have been supplied with your details or how your information is used, how we maintain the security of your information and your rights to access/alter and change information we hold on you, please write to us at:
225 Bristol Road, Edgbaston, Birmingham, B5 7UB
Should you be unhappy with our processing of your personal data, you have a right to complain to the Information Commissioner’s Office, which is the regulator for data protection.
Changes to this policy+
Any changes we make to this policy in the future will be communicated to you via email, letter or the bira member magazine. The full notice (as it currently stands) will be available on our website here as well as available on request by contacting the Membership Department or Data Compliance Officer. This policy was last updated on 1st May 2018
Please take time to read the below privacy policies, outlining our processes for the website, website cookies, social media and bira bank.
Social media policy
bira bank privacy notice
As a financial services subsidiary which is separately regulated, bira bank Ltd, has its own privacy notice available here. This however is consistent with the principals set on this page.