BMI Group Holdings UK Limited and its affiliated legal entities (together, “BMI Group”, “we” or “us”) respect your privacy.
This privacy notice describes how BMI Group collects, uses, shares and retains the personal data you provide during and after your engagement or relationship with us. We are committed to ensuring that any personal data we receive is protected and handled in accordance with applicable data protection laws.
This privacy notice applies to all external parties who share personal data with BMI Group including but not limited to contractors, building owners, job applicants, customers and suppliers, and their respective personnel, and end-users (collectively, “you”).
If you are a building owner and one of our contractors completed work for you we may store certain information about you in our contractor portal. This privacy notice does not apply in these circumstances, please see our contractor portal privacy notice available from your contractor, for more information on how we process your personal data through this portal. Alternatively, please contact us and we can provide you with a copy.
Additional information regarding BMI Group can be found at https://www.bmigroup.com/our-company
We will collect, store, and use personal data which is relevant to our engagement or relationship with you. This may include your name, email address, personal and professional contact details, credit card information, your communication preferences, details about products which you have enquired about or purchased from us, and details about any projects you have worked on as a BMI Group contractor. It may also include personal data you provide as part of your participation in a BMI Group competition, market research request or survey (such as testimonials, ratings and other feedback processes), and information about the content you access on our website.
We will collect personal data either directly from you, your employer or from a third party intermediary in our sales process. From time to time, we may also receive personal data about you from other third party sources (such as regulators, third party reference agencies etc.).
You may apply for employment or training positions offered by BMI Group or sign up to job alerts online via our website or by email. For such online alerts and applications, this privacy notice applies in addition to other legal requirements.
When applying to BMI Group online or via email you provide BMI Group with personal data such as name, postal and email address as well as information regarding your education and professional qualifications, certificates and other information and documents commonly used when applying for a job. We may also collect other information about your employment history such as previous job titles and experience, training records, professional memberships and criminal conviction data.
You should only disclose special categories of personal data (such as ethnic background, political opinion, membership in a trade union, physical and mental health, or religious or philosophical belief) that you expressly consent to us receiving. We do not expect you to submit, nor require you to send such data unless we need this information to facilitate your access requirements.
On the basis of an online application initiated by you, we process the personal data you provide to BMI Group electronically for the purpose of the application and criminal background checks.
In most cases, our use of your personal data is necessary:
for us to carry out a contract with you, such as a contract to purchase a product or a service;
so that we can comply with our legal obligations, and/or cooperate with regulators and other authorities; or
for the purposes of pursuing our legitimate interests and these are not overridden by your interests or fundamental rights or freedoms which require protection of personal data, such as to manage and improve our business and customer engagements and relationships, for business development and analysis purposes, to monitor and evaluate the use of our products, to provide our contractor locator tool, and to conduct market research or surveys.
We will process your personal data only for purposes permitted by law. This includes processing where necessary for the following purposes:
to comply with a request or order from a competent court, law enforcement authority or other government agency;
to protect the vital interests of any person; and
to enforce, exercise or defend legal claims.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data. If you have any questions or need more information regarding the legal basis and purpose for processing your personal data, please contact us at email@example.com.
How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary to fulfil the relevant purposes set out in this privacy notice and during the period required or permitted by law. The retention period will primarily be determined by relevant legal and regulatory obligation and/or duration of our business relationship with you. We will securely delete or erase your personal data if there is no valid business reason for retaining your data.
How do we keep your personal data secure?
We use appropriate technical and organisational measures to protect the personal data we process from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access. BMI Group stores your personal data in controlled-access, centralized databases, and secure paper and electronic files. The access is limited to authorized users subject to a confidentiality duty, such as the accounting department or the human resources department, on a need to know basis.
Transfers to third parties
We may share your personal data with the following categories of third parties:
Where you have provided consent, we may share your personal data with the third parties to whom you have consented, such as when you authorise a third party to contact you in relation to a service.
To our service providers, business partners and contractors who provide services on our behalf or who we use to support our business.
We may also share your personal data with other third parties in the context of the possible sale or restructuring of the business, and will instruct those recipients that they must use the personal data only for the purposes described in this notice.
If your company or employer is a member of a BMI Group certified contractor programme, including BMI RoofPro, we may publish your installers’ contact details on our website, as part of the BMI Group contractor locator.
We may need to share your personal data with a regulator, competent law enforcement body, government agency, court or other third party to (i) comply with the law; (ii) enforce the terms of a contract; and (iii) protect the rights, property, or safety of BMI Group or others.
We may also share your personal data with other entities in the BMI Group, who will use the personal data for the purposes described in this privacy notice.
Transferring information outside the EEA (EEA residents only)
We may transfer personal data we collect about you to the third parties described above who are located outside of the country or region in which you are resident. In such cases, we will take appropriate measures to ensure your personal data remains protected to the standards described in this privacy notice. For example, by entering into contractual agreements based on the EU Commission’s standard contractual clauses or relying on the third party recipient's certification under the EU-US Privacy Shield. If you have any questions or need more information regarding international transfers of your personal data, please contact us at firstname.lastname@example.org.
You have specific legal rights related to BMI Group’s processing of your personal data. These include a right to request access to, correction of and deletion of personal data we process about you. You can also opt-out of marketing, withdraw consent to processing (where our processing is based on your consent) and raise your concerns with regulators.
Some jurisdictions (including the European Economic Area) provide their residents with additional rights under applicable law and we will process your request to exercise your rights in accordance with these laws where applicable. These rights may include a right to object to processing, as well as to request us to restrict processing or to portability of your personal data.
Exercising your rights
If you would like to opt-out of email marketing, you can do this by clicking the ‘opt-out’ link in the marketing e-mails where provided, or by emailing DSAR@bmigroup.com.
To opt-out of other types of marketing, if you need help with opt-outs or would like to exercise any of your rights, please contact us at DSAR@bmigroup.com.
Our privacy notice does not apply to information processed by our business partners or other third parties. Our website may contain links to websites which we do not own or control. This privacy notice does not apply to these third-party websites or applications that are accessible from, or referenced on, our website.
This privacy notice does not form part of any contract with you and we reserve the right to update this privacy notice at any time. We will take appropriate measures to inform you of updates to our privacy notice (for example, by posting the updated privacy notice on our website or, in appropriate cases, using more direct measures to inform you, such as notification by email).
You can view when we last updated by viewing the ‘Effective as of’ date displayed at the top of this privacy notice.
If you have any questions regarding this privacy notice or the way we handle or process your personal data, you can contact us at email@example.com.
BMI Group is responsible for your personal data. For the purposes of applicable data protection laws, your data will be independently controlled by the BMI Group legal entity that is providing services to you or communicating with you. BMI Group Management UK Limited operates this website and is the data controller.