Privacy
General information
JBA is committed to protecting your privacy and personal data. This Privacy Notice explains how and why we use your personal data.
JBA Group Limited (registered in England under company number 6396638)(‘JBA’) gathers and uses certain information about you.
JBA may share the information with our affiliated entities and companies, namely other JBA Group companies which are controlled by JBA Group Limited; a full list of which is available on the JBA Group website. In this notice, references to ‘we’ ‘ourselves/ourself’ or ‘us’ mean JBA and other JBA Group companies.
Data Controller
JBA is the data controller of the personal information which you provide or which we gather from you. To the extent other JBA Group companies process your information, they are data processors for JBA.
Our postal address is: JBA Group Limited, 1 Broughton Park, Old Lane North, Broughton, Skipton BD23 3FD, United Kingdom.
Data protection principles
We will comply with the data protection principles when gathering and using personal information. We comply with principles and requirements of the EU’s General Data Protection Regulation and with the UK Data Protection Act 2018 too.
We use (or ‘process’) your personal information only where we have a legal basis to do so. We collect and process your personal data for a variety of reasons which depend upon our relationship with you. You can read about these in How we use your information, below. We will keep your personal data secure.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How we use your information
This Privacy Notice tells you what to expect when we collect personal information about
- Visitors to our websites
- People who contact us via social media
- People who email us
- People who telephone us
- People who contact us about our services or products
- People who use our services or products
- Job applicants
- Current and former employees
- Suppliers
a. Visitors to our websites
When someone visits www.jbagroup.co.uk we use a third-party service, Google Analytics to collect details of visitor behaviour patterns and standard internet log information, such as IP (internet) address and browser type and version. We do this to find out things such as the number of visitors to various parts of the site and to help us to enhance the user experience by optimising the site for our audience. The information is only processed in a way which does not identify anyone. You can read Google’s overview of privacy and safeguarding data here: https://support.google.com/analytics/answer/6004245
To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout
If we want to collect information which identifies an individual, we will tell you. For instance, you will be given the opportunity to fill in your contact details and to ‘opt in’ if you want to receive more information about us, or about our services or products.
Use of Cookies on our website – you can read more about what cookies are and how we use cookies on our website, below, see Cookies.
b. People who contact us via social media
We manage our social media interactions ourselves.
You are responsible for setting your own privacy settings on the social media platforms which you use to communicate with us.
If you send us a private or direct message via social media, we may use this to respond to you; your message will be stored by us for, generally, up to three months.
But if your message gives your consent to us to provide marketing information to you, we will store it for twelve months after the last marketing information we send to you. If you tell us that you do not want to receive any more marketing information from us, we will stop but we will retain that information indefinitely so that we know not to send you information you have told us you do not want.
Your information will generally not be shared with other organisations, but if you have tweeted us, and it is not a private tweet, we may share it more widely by retweeting.
c. People who email us
If you give us your contact details by email, we will use those to contact you in connection with your email. Depending on the purpose of your email to us, we may use your personal information in the other ways we refer to below (see People who contact us about our services or products, People who use our services or products (our clients), Job applicants, Current and former employees, Suppliers).
We use Transport Layer Security (TLS) cryptographic protocol to encrypt and protect email traffic. If your email service does not support TLS cryptographic protocol, you should be aware that any emails you send or receive may not be protected in transit. We monitor emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
d. People who telephone us
If you give us your contact details over the phone, we will use those to contact you in connection with your call. Depending on the purpose of your call to us, we may use your personal information in the other ways we refer to below (see People who contact us about our services or products, People who use our services or products (our clients), Job applicants, Current and former employees, Suppliers).
e. People who contact us about our services or products
Most of our services and products are provided ‘business to business’. But if you are an individual (for example an employee in a business, a sole trader, or a consumer of our services in your own right) we will treat your personal data in accordance with data privacy principles.
If you ask us about our services or products (including training) we will use your personal data to send you that information.
We will use the personal data to help us understand your initial query and instructions and to determine what services or products are required from us.
If your enquiry becomes an order, instruction or contract, we will retain your information in accordance with our internal archiving policies and procedures (see People who use our services or products, below).
If you decide not to instruct us, we will retain your information for a period of approximately 12 months from the date of our last contact with you and then delete it.
If you have opted to receive marketing communications, we will retain and use your personal details to send those. We will usually send this information by email to the email address you have given us. You will be given the opportunity to opt out of further marketing emails each time we send you such an email.
If you do not wish to receive marketing material from us, please let us know: you can contact us by email on info@jbagroup.co.uk.
f. People who use our services or products (our clients)
Most of our services and products are provided ‘business to business’. But if you are an individual (for example an employee in a client business which buys our services or products, a sole trader client who buys our services or products, or a consumer of our services in your own right) we will treat your personal data in accordance with data privacy principles.
We will use your personal data to provide the services or products including training, as per the contract between JBA and you the client (or where you are an employee of the client, to your employer, our client).
We retain your information in line with our internal archiving policies and procedures; retention periods are up to 12 years (in line with insurance requirements).
If you have opted to receive marketing communications, we will retain and use your personal details to send those. We will usually send this information by email to the email address you have given us. You will be given the opportunity to opt out of further marketing emails each time we send you such an email.
Even if you have not opted in to receive marketing, we may still use your personal information to send you marketing emails relating to service or products which are similar to those which we have already supplied to you (or where you are an employee of a client, to your employer, our client). You will be given the opportunity to opt out of such material each time we send you such an email.
If you do not wish to receive marketing material from us, please let us know. You can contact us by email on info@jbagroup.co.uk.
g. Job applicants
We will use the details you provide us with to progress your application, and to assess your suitability for the role you have applied for.
We will use the information we collect to check your qualifications, employment history, to assess your suitability for the role you have applied, seek assurances as to your trustworthiness, integrity and reliability, and check your right to work in the country where the role is. We may check your criminal record. We may use the information you provide to contact referees whose details you have provided to us.
We do not collect more information than is necessary. We hold and process it securely. We do not retain it for longer than is necessary.
You do not have to provide information which we ask for, but it might affect your application if you do not.
You will be invited to provide equal opportunity and diversity information; this is NOT mandatory and your application will definitely NOT be affected if you don’t provide it. If you do provide it, it will be anonymised (so that it is not possible for us to ever link that information to you) and used only to produce and monitor equality, diversity and inclusivity statistics.
You may be invited to one of our assessment days; to complete tests or personality profile questionnaires; and /or to attend a telephone interview and then a first and perhaps a second face to face interview (or a combination of these). Information will be generated by you and by us. For example, we may ask you to complete a test and we will take interview notes.
If you are successful, we will make a conditional offer of employment, prior to carrying out our pre-employment checks (which must be completed satisfactorily in order to progress to final offer). The information you provide and which we collect during the application and recruitment process will be kept by us as part of your employee file for the duration of your employment with us plus 6 years following the end of your employment, and in accordance with our Privacy Notice (Employment).
If you are not successful, we retain the information for 12 months following the post you have applied for being filled. We generally do not keep speculative applications, though we may do if you ask us and tell us for how long we may keep that information, where it might be helpful to us to do so.
Equal opportunity and diversity information which you provide is retained for longer, but is anonymised, so that it is not possible for us to link that information to you.
If you provide any ‘special category data’ to us, about your race or ethnicity, political or religious beliefs / opinions, your health (physical or mental), or sexuality (and we link criminal offences or convictions into this category) we will keep this information confidential and only use it where there is a legal basis and it is lawful to do so.
If you have any queries about this process, please contact careers@jbagroup.co.uk
h. Current and former employees
While you are employed by us, we use your personal data to administer your employment. We have a separate Privacy Notice (Employment) which explains what data we process and why. This is accessible to all staff via our company intranet. Consultants and interns are provided with a copy prior to being engaged by us.
After you have left us, we still need to retain some of your personal information. This is because we have continuing obligations relating to the time you were employed by us. For example, we need to be able to make salary and benefits records available to tax authorities, or to your JBA pension provider; we retain records relating to health surveillance and any accidents which you had which were related to your employment with us; you may also ask us to act as a referee, so we need some personal information to be able to do that. If you are a former employee, please contact Group Data Privacy Manager at Data.Privacy@jbagroup.co.uk for a copy of our current Privacy Notice (Employment)for further details. This includes a Retention Schedule which sets out the time periods we keep employee data.
i. Suppliers
We use your personal data as part of our selection process for our Approved Suppliers; we will retain your details for the period during which you are an Approved Supplier (3 years) and then destroy your details unless you are re-approved. We may also use your personal data to administer the contract with you for the supply of products or services to us by you (or if you are an employee of a supplier, by your employer). In this case, we will store relevant personal data usually for not more than 12 years (or such other shorter period as we think is appropriate) after the end of the services contract period between you the supplier and us.
If you provide any ‘special category data’ to us, about your race or ethnicity, political or religious beliefs / opinions, your health (physical or mental), or sexuality (and we link criminal offences or convictions into this category), we will keep this information confidential and only process it where there is a legal basis and it is lawful to do so.
How we may share the information
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. For example, our email service is provided by Microsoft; we use Google Analytics to collect details of website visitor behaviour patterns and standard internet log information (see Visitors to our website, above).
We may also need to share some personal information with other parties, such as external contractors and our professional advisers, and with potential purchasers of some or all of our business. The recipient of the information will be bound by confidentiality obligations.
We may also be required to share some personal information (for example with the government departments, border security or law enforcement) to comply with the law.
Your rights
JBA tries to be as open as it can in terms of providing individuals with access to their personal information. Data protection laws in the UK, EU and many other jurisdictions give individuals certain rights.
In the UK and EU you have the right to know what personal data is held by JBA. You can ask for this in writing (by making a ‘data subject access request’); where we hold personal information about you, we will (unless exemptions apply)
- give you a description of it
- tell you why we are holding it;
- tell you who it is disclosed to; and
- let you have a copy of the information in an intelligible form (which may be redacted if it includes personal information relating to someone else).
If we hold information about you, you can ask us to correct any mistakes, by contacting us (see How to contact us, below). We will respond to a data subject access request and/or correct the information without undue delay.
You may also have the right to ask us to delete information which we hold about you; where you do so, we will treat your request seriously, though we may not always be in a position to delete that information. For example if we have to retain it to meet a legal obligation to tax authorities or if the relevant lawful basis makes it necessary to retain it for longer.
If you agree, we may provide the information orally (for example by telephone).
In order to process your request we will take reasonable steps to verify your identity, which may involve asking you for specific forms of photographic ID, such as your driver's licence or the page(s) in your passport which identify you. We will not disclose any information in response to your request until we are satisfied we have verified your identity.
You can get further information about your rights from ico.org.uk.
If you have any concerns or complaints about the way we process your personal data, please contact us (see How to contact us, below).
Links to other websites
This Privacy Notice does not cover links within this site linking to any other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this Privacy Notice
We keep our Privacy Notice under regular review. This Privacy Notice was last updated on 10 October 2018.
How to contact us:
Group Data Privacy Manager, JBA Group, 1 Broughton Park, Old Lane North, Broughton, Skipton, North Yorkshire, BD23 3FD. By email to Data.Privacy@jbagroup.co.uk.
How to complain about us
We hope that we can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
Cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies visit www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer's website.