This privacy notice is part of a wider privacy composite notice which outlines all the data we process regularly as an organisation. This notice only refers to people who are subscribed to our newsletters. If you would like information on the data we process for one of our programmes, e.g. the CREST Awards, then please get in touch using the details at the bottom of this notice.

This policy outlines

  • Your rights, including details on whether the data subject is obliged to provide the personal data and the consequences of failure to provide it

  • The data we collect

  • The purposes of this collection, and our lawful reasoning for doing so

  • The recipients of the personal data, including transfer to a third party (where applicable)

  • Details of any transfer to a third country and details of the safeguards and the means by which to obtain a copy of them or where they have been made available

  • What to do if you have a complaint about this privacy notice, and details of the right to lodge a complaint with the supervisory authority.

  • Changes to this privacy notice

  • Access to personal information

  • How to contact us

  • The identity and the contact details of our Data Protection Lead.

Your rights

As a Data Subject you have the following rights:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erase

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling.

For further information please visit the Information Commissioner’s website.

Visitors to our websites

When someone visits,,,,,,, and we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

People who contact us via social media

If you send us a private or direct message via social media the message will be stored on the platform for up to 1 year. It will not be shared with any other organisations.

People who make a general complaint to us

When a complaint has been made we will create a secure file containing the details of the complaint. This would usually contain the identity of the complainant and any other individuals involved in the complaint.

We will only use the necessary personal information to process the complaint through our standard complaint procedure. Our complaint procedure is used to check on the level of service we provide and make decisions to improve where possible. We do compile and publish statistics showing information such as the number of complaints we receive, but not in a form which identifies anyone.

In most cases we will disclose the identity of the complainant to the member of the staff the complaint is about, as there may be a dispute regarding the accuracy of the complaint. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in secure files in line with our data retention policy. This means that information relating to a complaint will be retained for 2 years. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Subscription to our newsletters

Collection purpose and lawful reasoning

  • Consent

  • If you have opted in for one of our newsletters (BSA, Educator, Partner or Branches) you will receive this newsletter, which will include receiving updates on our work, details of events and details of related work our partners may be doing.

Data Held

  • We collect your name, email and occasionally a postal address. If you explicitly opted in for a newsletter while signing up for another service, then this policy only applies to the data we have for our newsletters.

How we collect the data

  • This data is collected via online forms and through programme opt-ins. If you sign up for our newsletter via one of our programmes, then you are agreeing for your name and email address to be transferred to our marketing lists, for the purpose you consented to.

How the data is stored

  • We use a third-party provider, Dotmailer, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Dotmailer’s privacy policy.

  • We may also store information on a CRM system, ThankQ. ThankQ's privacy policy can be found here.

Retention period

  • If you have signed up to a newsletter, your email address and name will be stored on Dotmailer for 2 years since your last open. If you have paid for a product from us and opted in for this marketing, then your information will be stored on Dotmailer on an opt-out basis.

  • Your data may also be stored on ThankQ for up to 2 years.

  • We do not send any of our marketing information to third parties, and the data is only shared internally if necessary and in compliance with data regulations.

Complaints or queries about this policy

The BSA tries to meet the highest standards when collecting and using personal information and we take any complaints we receive about this very seriously.

You can make a complaint if you think our collection or use of information is inaccurate, unfair or misleading.

We also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of BSA’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

[email protected]

Access to personal information

What can you tell me about the data you have about me?

On receipt of evidence of your identity, we can provide:

  • confirmation that your data is being processed;

  • access to your personal data; and

  • any other supplementary information

In some cases what will be provided may be limited if in sharing the data we would also be providing data on another individual. In these cases, we may have to ask for consent to contact the other individual for consent, edit out some of the data relating to the individual, or not share a portion of the data. If this is the case, we will communicate this with you as soon as possible and explain the reasoning behind this.

When will the information be provided?

Information will be provided within one month of receipt. However, we may extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform the you within one month of the receipt of the request and explain why the extension is necessary.

How will the information be provided?

We will verify the identity of the person making the request, using ‘reasonable means’. If the request is made electronically, we will provide the information in a commonly used secure electronic format.

How to contact us

If you have any queries or concerns, please contact our Data Protection Lead:

Gill Riches

Director of Strategy & Operations

165 Queens Gate, London, SW7 5HD

E: [email protected]


T: +44 (0)20 7019 4924