Privacy Policy
This information has been produced to help you understand everything you need to know about the way Boutros Bear collects, uses, and shares personal data, what your legal rights are and how to exercise them.
We hope you’ll take some time to read this document; we’ve tried to keep it all as simple as possible and to avoid jargon, and we’ll make our best efforts to keep you informed if there are any changes to the way we process your personal data in the future.
Boutros Bear takes its responsibility for protecting your data very seriously and we do advise you get to know our practices. If there’s anything here you don’t understand, or if you want to ask any questions, please feel free to contact us.
This ‘Privacy Policy’ was last updated on 26th September 2023.
Who is the Data Controller?
We are Boutros Bear.
Registered address: 36 Queens Road, Newbury, Berkshire, United Kingdom, RG14 7NE
Registration number: 11509447
In this document Boutros Bear may be referred to as “we”, “us”, or “our”.
What kinds of Personal Data does Boutros Bear Process?
Boutros Bear collects personal data for various purposes; with that in mind we have created a list of the types of personal data that we may collect, either directly from yourself or from other sources, in order to achieve those purposes.
The kinds of personal data we may collect include:
Customer / Client / Participant | Identity Data: First name, Maiden name, Last name, Username or similar identifier, Title, Date of birth and Gender. Contact Data: Billing address, Delivery address, Email address, Telephone numbers. Financial Data: Bank account and Payment card details. Other: IP address, Username, Password, Company name and role. Health and Biometric Data – including but not limited to type of treatment, date of diagnosis, type of diagnosis, medical condition and history. |
Applicant / Temp / Volunteer / Intern | Contact details, CV. |
Supplier / Trader | Contact details, Bank details. |
Sub-Contractor | Contact details, CV, Bank details. |
What are the reasons Boutros Bear collects Personal Data?
Legal Obligations
Boutros Bear uses personal data firstly to fulfil any contractual obligations that exist between us and yourself. Where we request personal data be provided to enter into, or meet the terms of any such contract, you will be required to provide the relevant personal data or we will not be able to deliver the goods or services you want. In such cases the lawful basis of us processing the personal data is that it is necessary for the performance of a contract.
We are required by law to process personal data for purposes relating to our legal obligations, these include:
To provide for our financial commitments, or to relevant financial authorities.
To comply with regulatory requirements and any self-regulatory schemes.
To carry out required business operations and due diligence.
To cooperate with relevant authorities for reporting criminal activity, or to detect and prevent fraud.
To investigate any insurance claims, claims of any kind of harassment or of discrimination, or any other claim whereby the organisation may have to defend itself.
Consent
Boutros Bear may process Personal Data for the following purposes where it has received consent to do so:
To inform you of goods and services provided by third-party organisations.
To monitor people’s activities, either through online means or otherwise, to identify trends and/or behavioural patterns, or for profiling.
To use health and biometric data as part of clinical trials.
You may withdraw your consent for us to process your personal data for these purposes at any time; after a withdrawal of consent request is received, we may have to contact you to verify the request.
Withdrawing your consent for us to process your personal data will not affect the lawfulness of the processing beforehand.
Special Category Personal Data
Boutros Bear may intend to process the following kinds of Special Categories of Personal Data:
Genetic or bio-metric data, Data concerning health information,
Where Special Categories of Personal Data are processed, one or more of the following lawful basis shall apply:
Boutros Bear has received explicit consent.
It is necessary for preventive or occupational medicine, for the assessment of the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or pursuant to contract with a health professional.
Where does Boutros Bear obtain Personal Data from?
We will collect personal data directly from you in various ways. This could include when you complete an online form, or if you provide the data directly to a representative of Boutros Bear.
We collect some personal data from publicly accessible sources such as:
Companies House, Electoral Register.
We may also gather personal data by any of the following methods:
From technical functionality that gathers data automatically from computer equipment when people visit our online platforms.
Analytics providers such as: * Everfit based outside the UK; * Cliniko based in the UK;
Who will Boutros Bear share your Personal Data with?
To achieve the above stated purposes for which we process your personal data, we may have to share your personal data with certain third parties.
We shall make all reasonable efforts to ensure that any third-party we share your personal data with is also compliant with data protection law.
The kinds of third parties we may share your personal data with include:
Organisation where it is necessary to provide goods or services.
Organisations where it is necessary to setup various resources.
The specific types of third-party Boutros Bear may share your personal data with include:
Grace Solutions | IT support |
2idesign Ltd. | IT systems and design. |
Everfit | Mobile App and Exercise platform |
Cliniko | Clinical platform |
Where will Boutros Bear store your Personal Data?
As a part of our standard business practices, we may transfer your personal data to organisations based in countries that have not been granted an adequacy decision under the General Data Protection Regulation.
Where data is transferred to such countries, we shall ensure that specific safeguards or derogations have been established.
These might include where the data transfer is necessary in order to fulfil a contract between us and yourself, where we have received your specific consent after having made you aware of any risks involved, or where contracts are in place between us and the third-parties involved that ensure the recipient organisation has a suitable standard of data protection in place.
How long will Boutros Bear keep your Personal Data?
We will keep your personal data only for as long as required to achieve the purposes for which it was collected, in line with this privacy notice.
The following criteria are what determine the period for which we will keep your personal data:
Until we are no longer required to do so to comply with regulatory requirements or financial obligations.
Until we are no longer required to do so by any law we are subject to.
Until all purposes for which the data was originally gathered have become irrelevant or obsolete.
Until the goods and/or services we have provided are no longer in active use.
Until it has been requested that we no longer process the data and that it is erased; in some cases, where there is a remaining relevant or legal reason why we are required to keep this data, we may opt to restrict the amount of processing being conducted to what is absolute necessary rather than erase it.
Purposes and Data Retention Policy
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Category of data | Lawful basis for processing including basis of legitimate interest | Retention Period |
Personal Data | |||
To register you as a new customer | (a) Identity (b) Contact | Performance of a contract with you | 6 years |
To process and deliver your order including: (a) Manage payments, fees and charges; and (b) Collect and recover money owed to us. | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) | 6 years |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Privacy Policy (b) Asking you to leave a review or take a survey | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) | 6 years |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation | 6 years |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) | 6 years |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) | 6 years |
To make suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications | Necessary for our legitimate interests (to develop our products/services and grow our business) | 6 years |
Special Categories of Personal Data | |||
Complying with health and safety obligations | Health and Biometric Data | (a) Processing is necessary for compliance with a legal obligation to which the we are subject (Article 6 GDPR) (b) The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 9 GDPR) | 10 years |
To assist with Boutros Bear’s research and development activities in respect of cancer research and drug discovery | Health and Biometric Data | (a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 9 GDPR) (b) Performance of a contract with you (Article 6 GDPR) | 10 years |
To use as part of clinical trials (further information available upon request) | Health and Biometric Data | (a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 9 GDPR) (b) Performance of a contract with you (Article 6 GDPR) | 10 years |
To create a data set allowing Boutros Bear to: (a) analyse data for specific patterns; (b) better understand rates of reoccurrence; and (c) evaluate the outcomes of Boutros Bear’s services compared to existing treatments, pharmacological and non-pharmacological interventions | Health and Biometric Data | (a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 9 GDPR) (b) Performance of a contract with you (Article 6 GDPR) | 10 years |
To process and deliver your order including provision of: (a) a learning management system (LMS) as part of the services Cancer Rehabilitation Programme and HR and Line Management Programme; and (b) a gym management system (GMS) as part of the Cancer and Rehabilitation Programme only. | Health and Biometric Data | (a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 9 GDPR) (b) Performance of a contract with you (Article 6 GDPR) | 10 years |
Your Rights, Our Responsibility
There are several rights granted to you immediately upon providing us with your personal information; some of these are mentioned above. We’d like you to know that at Boutros Bear we take your rights seriously and will always conduct ourselves in a way that is considerate of our responsibility to serve your legal rights.
The Right of Access
This grants you the right to confirm whether or not your personal data is being processed, and to be provided with relevant details of what those processing operations are and what personal data of yours is being processed.
If you would like access to the personal data we have about you, we ask that you contact us using the details below.
The Right to Rectification
This one is fairly straight forward; if you notice that the data we have about you is inaccurate or incomplete, you may request we rectify the mistake. We will make every effort to respond to requests of this type immediately.
The Right to Erasure
Otherwise known as the ‘right to be forgotten’, this given you the right to request your personal data be deleted.
This is not an absolute right; if you were to request that we erase your personal data, we would erase as much of that data as we could but may have to retain some information if it is necessary.
Were we have received a request for personal data to be erased, if it is necessary for us to retain some of that information we shall ensure that the remaining data is used only when and where it is absolutely necessary.
The Right to Objection
The right to object is a basic freedom all democracies enjoy. If you wish to object to the way we use, or have used, your personal data you may do so freely.
The Right to Complain
We will always try to maintain the highest standards and encourage the confidence our customers have in us as an organisation. To achieve this, we request that any complaints be first brought to our attention so we can properly investigate matters. If you would like to complain about Boutros Bear to a regulatory body, you may do so by contacting your local data protection supervisory authority.
Boutros Bear Contact Details
Boutros Bear Ltd
Quern House, Mill Court
Great Shelford
Cambridge England CB22 5LD
01223 343235
Who is the Boutros Bear Data Protection Officer?
Ametros Group Ltd
Lakeside Offices, Thorn Business Park
Rotherwas Industrial Estate
Hereford England HR2 6JT
0330 223 2246
Who is the Boutros Bear EU Representative?
Ametros Ltd
Unit 3D, North Point House, North Point Business Park
New Mallow Road
Cork - Ireland