7. With whom will we share your personal data?
We may share your personal data in the following circumstances:
- We may share your personal data between the Biffa Entities on a confidential basis where required for the purpose of providing services and for administrative, billing and other business purposes.
- If we have collected your personal data in the course of providing services to your business, we may disclose it to that business or others in that business, and where permitted by law to others for the purpose of providing those services;
- We may disclose your contact details on a confidential basis to third parties for the purposes of collecting your feedback on the Biffa’s services, to help us measure our performance and to improve and promote our services;
- We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention and detection purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
- We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
- We may share your personal data with courts, law enforcement authorities, regulators or legal advisers or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- We may also instruct service providers within or outside of Biffa, domestically or abroad, e.g. shared service or data centres, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Biffa will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
- We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
8. Personal data about other people which you provide to us
If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Statement. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Statement, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our personal data disclosure practices (including disclosure to overseas recipients), the individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided (such as our inability to provide services).
9. Keeping personal data about you secure
We will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal data. Personal data may be kept on our personal data technology systems, those of our contractors or in paper files.
10. Transferring your personal data abroad
Biffa provide services to its customers exclusively in the United Kingdom. However we may transfer your personal data abroad if required for the Permitted Purposes as described above. This may include countries which do not provide the same level of protection as the laws within the European Economic Area. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the General Data Protection Regulation (EU) 2016/679. This includes entering into the EU Standard Contractual Clauses which are available here. You may contact us anytime using the contact details below if you would like further information on such safeguards.
When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data.
11. Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to SAR@biffa.co.uk
We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
12. For how long do we keep your personal data?
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will, in particular, retain your personal data where required for Biffa to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
13. Your rights
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which we hold, to have any inaccurate personal data corrected and to object to or restrict our using your personal data. You may also make a complaint if you have a concern about our handling of your personal data.
If you wish to do any of the above please send an email to SAR@biffa.co.uk . We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal data you request from us.
14. Review of this Statement
This Privacy Statement was last updated in May 2018. We reserve the right to update and change this Privacy Statement from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the changed Privacy Statement on our website or publish it otherwise. The changes will take effect as soon as they are posted on this website.
15. How to get in touch with Biffa
If you would like to contact us with any queries or comments regarding this Privacy Statement please send an email to GDPR@biffa.co.uk or send a letter to The Company Secretary, Biffa plc, Coronation Road, Cressex, High Wycombe, Buckinghamshire HP12 3TZ
17. Data Protection Policy
You can view our Data Protection Policy here