British fire consortium logo
JOIN US
Legal

Privacy Policy

How The British Fire Consortium collects, uses, and protects your personal data.

Effective date: 1 January 2025

1. Introduction

The British Fire Consortium ("BFC", "we", "us", or "our") is committed to protecting the privacy of our members, website visitors, and anyone who interacts with our services. This Privacy Policy explains how we collect, use, store, and share your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The British Fire Consortium is the data controller responsible for your personal data. If you have any questions about this policy or your data, please contact us at:

Email: info@britishfireconsortium.com
Address: The British Fire Consortium, United Kingdom

3. What Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: full name, job title, company name
  • Contact data: email address, telephone number, postal address
  • Membership data: membership number, application details, membership history
  • Training data: course enrolments, certifications, attendance records
  • Financial data: payment details and transaction history for membership fees and course bookings
  • Technical data: IP address, browser type, operating system, and browsing behaviour on our website
  • Communication data: correspondence and enquiries sent to us

4. How We Collect Your Data

We collect personal data through the following means:

  • Membership application and renewal forms
  • Training course registrations
  • Contact and enquiry forms on our website
  • Email, telephone, and in-person communications
  • Event registration and attendance
  • Cookies and similar technologies on our website (see our Cookies Policy)

5. How We Use Your Data

We process your personal data for the following purposes:

  • To manage and administer your membership
  • To process training course bookings and certifications
  • To communicate important updates, newsletters, and event information
  • To process payments and maintain financial records
  • To respond to your enquiries and provide technical support
  • To display member logos on the "Our Members" section of our website
  • To comply with legal and regulatory obligations
  • To improve our website, services, and member experience

6. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contract: processing necessary for the performance of your membership agreement or training booking
  • Legitimate interests: to operate and improve our services, communicate with members, and maintain a professional network
  • Consent: where you have given explicit consent, such as for marketing communications
  • Legal obligation: to comply with applicable laws and regulations

7. Data Sharing

We do not sell your personal data. We may share your data with the following parties only where necessary:

  • Training and accreditation bodies (e.g., EAL) for certification purposes
  • Payment processors for handling transactions securely
  • IT and hosting providers who support our website and systems
  • Legal or regulatory authorities where required by law

All third parties are required to process your data securely and in accordance with applicable data protection legislation.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Membership records are typically retained for the duration of your membership and for a period of six years following its expiry, in line with UK legal and financial record-keeping requirements. Training records may be retained longer where required for certification purposes.

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data in certain circumstances
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: receive your data in a structured, commonly used format
  • Right to object: object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at info@britishfireconsortium.com.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Access to personal data is restricted to authorised personnel on a need-to-know basis.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.