Sheffield City Centre BID Limited (‘Sheffield BID’), based at The Stamp House, 52 Bank Street, Sheffield S1 2DS, confirms that we comply with data protection legislation.
Business to business, public sector and education marketing
BID Levy Payers
Operating as a business improvement district Sheffield BID has a legal obligation to hold liable party information to ensure that the original Ballot and any subsequent Renewal is legitimate. Data is supplied to Sheffield BID by Sheffield City Council through a baseline agreement. The data is taken from the Council’s non-domestic rates database to identify eligible hereditaments in the BID area and for billing of the rate payers for each eligible hereditament. This data is enhanced with personally-identifiable information collected by members of the BID team to communicate with BID Levy Payers and their representative employees on a day to day basis.
Legitimate Interest
In accordance with the General Data Protection Regulation (GDPR) to be enforced in May 2018, Sheffield BID uses Legitimate Interest as the lawful basis for business communication. All marketing activities conducted within this category provide clear options for the audience to unsubscribe or opt-out of future communications.
Business to consumer marketing
Residents and visitors
Sheffield BID undertakes email marketing to individuals to promote events and encourage participation in city centre activities, and to increase footfall, dwell time and spend.
Consent
In accordance with the General Data Protection Regulation (GDPR) enforced in May 2018, Sheffield BID relies solely upon your consent where you have provided your Personal Information through one of our websites or to a third party who licences your data to us. You must have given your consent freely and you can withdraw your consent at any time.
Your Personal Data:
What we need
Sheffield BID is the ‘Controller’ of personal data that identifies employees of those businesses that by law must pay the BID levy on business rates.
We process this data based on legitimate interest rather than consent. We collect basic personal data about you which includes your name, job title, business or personal email address and your contact telephone number. We identify in the data we process whether you are a local contact, billing contact or a voter contact.
This personally-identifiable information is collected by members of the BID team to communicate with BID Levy Payers and their representative employees on a day to day basis. (The definition of BID team extends to the two BID-funded Council Ambassadors and the BID-funded Police Sergeant who collect personal information on our behalf.)
Why we need it
We need to know your basic personal data to fulfil several legal obligations:
What we do with it
All the personal data we process is handled within the United Kingdom by our staff in Sheffield, South Yorkshire. Sheffield BID’s CRM database Solomon stores personally identifiable data of employees of BID Levy Payers.
Individuals have a right to access their details on Solomon through a unique login. A one-click, destroy on demand option has been incorporated into the system for personal information which is no longer valid.
For the purposes of IT hosting and maintenance this information is located on servers within the European Union. We also use an automated system for email marketing. This system – MailChimp – is located outside of the European Union. It is certified through the EU-US Privacy Shield Framework and subscriber data is processed securely and appropriately in line with the legal requirements of the European Union.
We only share your Personal Information with our appointed carriers, sub-contractors and distributors in order to fulfill specific BID services to Levy Paying businesses. We ensure the parties with whom we share your Personal Information follow practices at least as protective as those described in this Privacy Policy.
We have a Data Protection policy in place to oversee the effective and secure processing of your personal data. You may request a copy of this policy by emailing manager@sheffieldbid.com.
How long we keep it
Your information which we use for engagement purposes will be kept for i) as long as Sheffield BID is operational. The term of the BID ends on 31 March 2026 pending a renewal ballot for a further five years or ii) for as long as your organisation is eligible to pay the BID levy.
What we would also like to do with it
We will only use your personal information for the purposes of contacting you about Sheffield BID’s activities and local issues relating to the city centre which may have an impact on your employer’s business. In this respect we process your personal data based on legitimate interest rather than consent.
Cookies
Our policy concerning the use of cookies is detailed below in the subsequent privacy policy for individual users.
What are your rights?
If at any point you believe the information we process on you is incorrect you can ask to see this and have it corrected. You have a right to request that Sheffield BID erases any personal data held. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the legislation, you can complain to the Information Commissioner’s Office (ICO) on 0303 123 1113. More information can be obtained from ico.org.uk/concerns.
Our Data Protection Officer is Diane Jarvis and you can contact her at manager@sheffieldbid.com.
Revisions to this Privacy Policy
We may update or revise all or any part of this Privacy Policy from time to time. A copy of the current Privacy Policy will be posted on our website and we encourage you to check it from time to time so you are aware of any changes or updates to the notice.
We at Sheffield BID respect everyone’s right to privacy. This Privacy Policy describes the types of personal information that you may provide to us or which we may otherwise collect when you communicate with us, including when you visit one of our websites located at:
https://www.dinesheffield.co.uk
http://www.sheffieldcitycentre.com
https://www.sheffieldgiftcard.co.uk
http://www.shefffieldbricktropolis.co.uk
http://www.sheffieldchristmastrail.com
This Privacy Policy also describes how we may use your information, with whom we may share it and how we protect it. We also tell you how you can reach us to update your information, unsubscribe from receiving marketing communications from us, or answer any questions that you may have about our privacy practices.
By communicating with us, including when you access and use our websites you are accepting and agreeing to the information practices described in this Privacy Policy. This Privacy Policy explains:
What information is collected and how we obtain it
We collect personal information relating to you, such as your name, address, phone number and/or email address (“Personal Information”) in the following situations:
Information you provide when you contact us (including by email, phone, SMS, via the website or otherwise), subscribe for email newsletters and updates to services, order items from us, participate in market research initiatives or promotional events, complete a questionnaire or competition entry form or submit a job application form.
Information collected automatically using cookies: whenever you interact with one of our websites (including when you browse the website or download information from it) we collect and store certain types of information about your visit using cookies. We describe how we use cookies and how you can disable them below. The information we collect using cookies includes information which identifies the computer you use to access the website, the date and time of the visit and the pages visited. Information collected automatically is used to produce aggregated and anonymous reports concerning the use of our websites. These reports will not personally identify you.
How we protect your information
We apply appropriate security measures to prevent unauthorised access to Personal Information we hold about you. All Personal Information about our users is stored within a robust secure environment.
Our practice is that no data is ever provided to third parties except in the circumstances described below.
Please note that email correspondence with us is in free format text and cannot be encrypted. Accordingly, please do not send any sensitive information such as credit card details or passwords via email. Please also note that perfect security does not exist on the Internet. You’ll know that you’re in a secure area of our website when a “padlock” icon appears on your screen and the “http” portion of our URL address changes to “https.” The “s” stands for “secure.”
Payment and card details
Where a website operated by Sheffield BID takes payment and card details, payment processing services are provided by a third party global payments processor called Stripe. By inputting payment card details, you are consenting to Stripe processing your Personal Information to pay for your gift card. Your card details will be securely stored by Stripe for ease of use in future transactions using the application. However, your CSC/CVV number is not stored and must be entered each time you use a card for authentication. Sheffield BID does not store your card details on its systems.
How we use the information we collect
We will only use your Personal Information for the purpose(s) for which you provide it to us including for example to:
Updates and Promotional offers: unless you have told us that you do not wish to be contacted for this purpose, we send you updates and information on our events and promotional offers within Sheffield City Centre. These may include joint promotions with our business partners. If you no longer want to receive such communications, you can unsubscribe using the link on the email. Alternatively, you can notify us by writing to:
Marketing Department
Sheffield City Centre BID Ltd
The Stamp House
52 Bank Street
Sheffield
S1 2DS
Or email at enquiries@sheffieldbid.com
All the personal data we process is handled within the United Kingdom by our staff in Sheffield, South Yorkshire. However, for the purposes of IT hosting and maintenance this information is located on servers within the European Union. In certain circumstances we do transfer your Personal Information to countries outside the European Union. In each instance we only use organisations that are certified through the EU-US Privacy Shield Framework, designed to ensure compliance with the legal requirements of the European Union. For example, we use automated marketing platforms such as Mailchimp.com (for email marketing) and SurveyMonkey.co.uk (for insight, opinion and feedback surveys). In addition, where we use the payment processor Stripe to process Gift Card payments, Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”) – an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US.
How long we keep it
We keep your data for the minimum period we consider necessary to resolve any queries and to ensure legal and regulatory compliance. We currently consider this period to be two years. We reserve the right to amend or review our storage policies from time to time. We do not guarantee that we will keep your data for the two-year period if our policies and procedures change and it may be deleted well within that period. Within this time frame we will contact you to reconfirm your consent.
Information we share
We only share your Personal Information with our appointed carriers, sub-contractors and distributors and with other entities as described below. We ensure the parties with whom we share your Personal Information follow practices at least as protective as those described in this Privacy Policy.
Agents: from time to time we employ other companies to perform functions on our behalf including fulfilling order deliveries, sending customer communications, analysing data, providing marketing assistance, processing payments, improving our services and providing customer service. They may have access to Personal Information needed to perform their functions, but they are not permitted to use it for other purposes.
Fraud: where necessary to prevent fraud we may exchange your Personal Information with other companies and organisations.
Legal reasons: we may disclose information about you (i) if we are required to do so by law, (ii) in response to a request from law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
With your consent: other than as set out above, you will receive notice when information about you might go to third parties and you will have an opportunity to choose not to share your information.
Collection of information by third party sites
Our websites may contain links to other websites whose privacy practices may be different to ours. You should check the privacy notices of those third party sites as we have no control over information that is submitted to or collected by those sites. We are not responsible for the content of those sites, any products or services that may be offered through those sites, or any other use of those sites.
Cookies
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can recognise your computer when a user of your computer returns to a website previously visited by someone using your computer.
A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number that identifies your computer. Cookies are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
There are two broad categories of cookies “first party cookies” and “third party cookies”. First party cookies are cookies that are served directly by the website operator to your computer. They are used only by the website operator to recognise your computer when it revisits that site. Third party cookies are served by a service provider on behalf of the website operator. They can be used by the service provider to recognise your computer when it visits other websites. Third party cookies are most commonly used for website analytics or advertising purposes.
When you visit one of our websites we serve a cookie to your computer. Cookies may be used in the following ways:
To enable the personalisation features on our website (which give you the ability to recall recently viewed pages and see information which you have input on line); and
To compile anonymous, aggregated statistics that allow us to understand how users use our website and to help us improve the structure of our website. We cannot identify you personally in this way.
Two types of cookies may be used on our websites; “session” cookies, which are temporary cookies that remain in the cookie file of your browser until you leave the site and “persistent” cookies, which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).
Disabling / enabling cookies
You can accept or decline cookies by modifying the setting in your browser. The “help” portion of the toolbar on most Internet browsers will tell you how to change your browser cookie settings, including how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether For further details on how to do this please visit the educational sources http://www.allaboutcookies.org and http://www.youronlinechoices.eu.
Please note that if you disable cookies you may not be able to use all the features of our websites.
Revisions to this Privacy Policy
We may update or revise all or any part of this Privacy Policy from time to time. A copy of the current Privacy Policy will be posted on our website and we encourage you to check it from time to time so you are aware of any changes or updates to the notice.
Your rights and freedoms
You must have given to Sheffield BID consent for your data to be processed, including email addresses used for electronic communication. You have a right to access the information we hold about you upon request and at no cost. You have a right to request that Sheffield BID erases any personal data held.
How to contact us
Should you:
then please write to us at:
Sheffield City Centre BID Limited
The Stamp House
52 Bank Street
Sheffield
S1 2DS
Alternatively, please email us at: enquiries@sheffieldbid.com.
In the event of a complaint please contact Diane Jarvis at manager@sheffieldbid.com.
The Personal Information which you provide to us or which we gather from the websites or during the provision of services to you is controlled by Sheffield City Centre BID Limited which trades as Sheffield BID (company number 9601967), Registered Office: The Stamp House, 52 Bank Street, Sheffield S1 2DS.
Sheffield BID is registered with the Information Commissioner’s Office and retains a solicitor to consult on data protection and privacy issues.
These terms and conditions are governed by English Law and you and we submit to the non-exclusive jurisdiction of the English Courts.
Last updated: 9 May 2023