Privacy Policy

This is the BTON privacy policy. This is how we process and protect your data and how we manage your privacy.

This policy is made for and applies to anyone who is a BTON customer or subscriber, or just anyone who is visiting our website.

Our Contact Details

If you have any questions about privacy at BTON, please contact BTON Financial Ltd, 71-75 Shelton Street Covent Garden, London, WC2H 9JQ or privacy@BTONFinancial.com.

This policy

This policy sets out what personal data we might collect, how we process and protect that data, the lawful grounds for that processing, and your related rights.  Essentially ‘personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly from that information alone or in conjunction with other information.

You are not required to provide any personal information on the public areas of this website. However, you may choose to do so by completing the forms on various pages of the site. We will only use the information you provide to us on these pages to process the relevant form.

If you no longer want to receive marketing related emails from us, you may opt-out by contacting your primary point of contact or email: unsubscribe@BTONFinancial.com

In most cases, the lawful ground will be that the processing:

  1. is necessary for our legitimate interests in carrying out our business, provided those interests are not outweighed by your rights and interests (‘Legitimate Interests’),
  2. is necessary to perform a contract with you (‘Contract’), or
  3. is necessary to comply with our legal obligations (‘Legal Obligation’).
  4. Where processing is based on your consent (‘Consent’), we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent.

As data protection law and practice are constantly developing, we’ll need to update this policy from time to time, which we will do by posting a new policy on the Website that takes effect from the date stated.  Where appropriate, we will send you an email to confirm the changes as well.

How Do We Obtain Personal Data?

We collect or are provided with personal data in the normal course of business, for example:

  • You may provide us with your details during discussions.
  • When you visit the Website, we may collect information about your visit such as your IP address and the pages you visited,
  • You may provide us with your details when you ask about our Services (through the Website, by email or otherwise) and we may obtain legally compliant lists of potential customers for our Services for our marketing purposes.

Information you give to us

Contact details – such as your name, address, email address, phone number.

Organization and Contacts Information, e.g.  your employer or organisations that you are a member of, information.

Identity Information, government-issued identification information, tax identifiers, social security numbers, and similar data.

Account Information, security-related information (including usernames and passwords, authentication methods), service-related information.

Categories of Data Subjects

Customers, Staff, Customer Suppliers’, Subcontractors and their staff.

Categories of Data

Basic identifiers (Account Names etc.)
Contact details
IP address
Device information
Identity Information

When you provide us with personal data about yourself or another person, you are confirming to us that you are authorised to provide us with that information and that any personal data you give us is accurate and up-to-date. 

Sensitive Personal Data

Given the nature of our business, we do not ask for ‘sensitive’ or ‘special categories of personal data’, such as information about your health, political opinions, racial origins or sexual life and we would ask you not to send any to us.  

How do we use personal data?

We use personal data in the normal course of our business, for example:

  • To respond to enquiries about the Services, to provide the Websites and Services, to provide advice and support.
  •  Lawful basis: Legitimate Interests or Contract.
  • To analyse and improve the Website, the Services, for example for technical or security purposes and to improve the customer experience. Lawful basis: Legitimate Interests, however where for example applicable law requires your consent to use certain cookies, we will ask for your Consent having provided you with relevant information.
  • To market our Services – if we do so, we will provide you with an easy and free way to opt-out of receiving such communications in the future. Lawful basis: Legitimate Interests (or Consent as above).
  • In certain circumstances, to share it with a limited number of third parties as described in this policy, for example for operational requirements and business continuity purposes.
  • Lawful basis: most processing will be based on Legitimate Interests, some processing is based on Contract and, where necessary (as above) some processing may be based on your prior Consent.
  • Verify your identity for security, anti-money laundering, or other statutory purposes.
  • Carry out credit checks and to obtain personal references.
  • Provide other parties with whom you have expressed interest to contract and their representatives with sufficient information to make a decision as to whether to enter into a contract with you, and then to enter into a contract with you;
  • Negotiate on your behalf.
  • Provide you with advice
  • Process transactions related to our Services and administer accounts or profiles related to you or your company.
  • Contact and communicate with you in connection with Services or other notifications, programs, events, updates you may have registered for
  • Detect, prevent fraud and abuse to ensure the security and protection of all customers and others, as well as to identify and authenticate access to our Service.
  • To identify and authenticate you before we provide you with certain information.
  • Comply with the law and our legal obligations

In order to fulfil the terms of our contact with you, your personal data may be shared with our business partners, product providers such as lenders and insurers, advisers, agents, sub-contractors, lawyers and by any of our or their subsidiary or associated companies.

In the Event of Merger, Sale, BTON may transfer this Privacy Statement and your personal information to a third party that acquires or is merged with us as part of a merger, acquisition, sale.

We may also share your personal data with credit reference agencies, with any agent that you have given us authority to communicate with and persons you ask us to share your data with, companies that we introduce you to, market researchers and customer service agencies for the purposes set out above.

We may also share your personal data without your permission with fraud prevention agencies, law enforcement agencies, regulators such as the Financial Conduct Authority, the Financial Ombudsman Service and the UK Financial Services Compensation Scheme or in response to a court order.

Automated Decision Making

BTON do not perform any automated decision making, profiling on personal data.

How we store your information

Your information is securely stored in the data centres of our service providers. We will use reasonable and necessary procedural and technical security features to prevent unauthorised access to your data.  If we become aware of a data breach, we will notify the Information Commissioner’s Office and notify you in accordance with our legal obligations.

How long your personal data will be kept

We will retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

After the retention period, if there is no other on-going client relationship your personal data will be securely deleted, or anonymised so that it can be used for research and statistical purposes but without any method of identifying you individually.

If you require further details on our data retention procedures, please contact us using the details above

Sharing Data & International Transfers

We will not give, sell, or rent your personal data to third parties so they can market their services to you.   Nor do we accept advertising from third parties on the Website.  We may share personal data in the following limited circumstances.

  • For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers, such as with our contractors and advisors to help us operate, secure and analyse our business. Lawful basis: Legitimate Interests or Contract.
  • We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. Lawful basis: Legal Obligation.
  • If we enter negotiations with a third party for the sale or purchase of all or part of our business, we will only disclose personal data to that third party to the extent it relates to that business and only under conditions of confidentiality requiring the third party to be bound by the privacy policy that applies to that data. Lawful basis: Legitimate Interests.

In each case, we share the minimum personal data necessary and we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question. 

Where possible, we keep personal data within the UK If data is held outside the UK, we  use SCC ,standard contractual clauses in our contracts.

However, to carry out the above purposes, we may use third parties and their facilities both inside and outside the EEA and /or the UK.

In all such cases we will ensure that appropriate security measures are in place to protect your personal data and a valid legal basis for the transfer applies.

Minors

We do not market to or enter into contracts with children nor do we collect personal data from any person under 18 years of age.  Please do not access or use the website or services if you are under 18 years of age.

Cookies

Our Website uses cookies and/or similar technologies.  Please review our Cookie Policy which is part of (and incorporated into) this Privacy Policy for more information, including on how to refuse or selectively accept cookies and/or similar technologies.

Retention 

As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes.  This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights which is affected.

Security

The security of data is very important to our business.

In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review.

However, we can only be responsible for systems that we control, and we would note that the internet itself is not inherently a secure environment.

No method of transmission over the Internet or method of electronic storage is 100% secure. BTON strives to use commercially acceptable measures designed to protect personal information; we cannot guarantee its absolute security.

BTON security procedures mean that we may request proof of identity before we disclose personal information to you before we process your requests.

Anonymised data

We may create anonymised data from personal data, and any anonymisation would be carried out in accordance with applicable law as well as relevant guidelines from regulators such as the UK Information Commissioner (‘UK ICO’).

Anonymisation may, for example, be achieved by aggregating data to the point that no individual can be identified such as aggregating website use statistics to see which web content is working well and which could be improved. 

Anonymised data does not allow for the identification of any individual person and, as it is no longer personal data, neither data protection laws nor this Privacy Policy would apply to such data.

Third Party Services

If you access the services of another provider through our websites or services, for example through a link on the Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. 

 If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software.

Your use of a Third-Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third-Party Service and Third-Party Software before using it.

Your data protection rights

Under data protection law, you have certain rights.  These include:

  • Your right of access

You have the right to ask us for copies of your personal information.

  • Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

  • Your right to object to processing

You have the right to object to the processing of your personal data in certain circumstances.

  • Your right to data portability

You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances (where the processing is carried out by automated means.)

  • Your right to withdraw consent

You have the right to withdraw your consent at any time.

If you are unsure how to withdraw your consent contact the Privacy department at the top of this notice.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Complaints. 

You have the right, at all times, to notify a complaint to any regulator such as the UK Information Commissioner, although we would welcome the opportunity to discuss and resolve any complaint with you first.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Version: September 2020

Cookie Policy

Use of ‘cookies’

A cookie is a text-only string of information that a website transfers to the cookie file of your computer’s hard disk so that the website can recognise your computer.

A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.

When you visit our website we send you a cookie. Cookies may be used in the following way: to compile anonymous, aggregated statistics that allow us to understand how users use our site and to help us review, develop and improve our website and services.

We use Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

The cookies collect information in a way that does not directly identify anyone, this includes the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.

Read Google’s overview of privacy and safeguarding data

Two types of cookies may be used on this website: session cookies, which are temporary cookies that remain in the cookie file of your browser until you leave the site; and persistent cookies, which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).You usually have the ability to accept or decline cookies by modifying the settings in your browser. If your browser does not have that capability, you can delete cookies from your hard drive using your browser’s settings.

BTON use the following Trackers
www.google-analytics.com
snap.licdn.com
px.ads.linkedin.com
maps.googleapis.com
p.typekit.net
Use.typekit.net
fonts.gstatic.com

CookieDescriptionDurationType
PHPSESSIDThis cookie is native to PHP applications. The cookie is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. Necessary
_gaThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.2 yearsAnalytics
_gidThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.1 dayAnalytics
_gat_gtag_UA_158875240_1Google uses this cookie to distinguish users.1 minuteAnalytics
UserMatchHistoryLinkedin – Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.4 weeksOther
langThis cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. Functional
lidcThis cookie is set by LinkedIn and used for routing.1 dayFunctional
langThis cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. Functional
bcookieThis cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.2 yearsFunctional
bscookieThis cookie is a browser ID cookie set by Linked share Buttons and ad tags.2 yearsAdvertisement
lisscThis cookie is provided by LinkedIn. This cookie is used for tracking embedded service.1 yearAnalytics