Privacy statement [Version 1.0.0]
The information below describes everything you need to know about the data we store and process about you. This statement complies with the latest release of General Data Protection Regulations (GDPR) and applies to the Forge Bluepoint system.
Who we are, others involved
The subscription holder for your current site is the Data Controller . You are the Data Subject for your personal data we hold. We are the Data Processor. In the context of this document, we are;
We are Forge Ltd, a UK company registered at The Long Barn 1, Tickenham, Bristol BS21 6RY. You can reach us at privacy@weareforge.io, or call us on +44 (0)800 368 7727 if you have any privacy concerns.
Legal Basis for Storing your Data
Our legal basis for storing your personal data are 3-fold, ordered by importance.
- Vital Interest
- Legal Obligation
- Legitimate Interests
The legal basis that applies to your data depends on your role in the system and what you’re doing within Forge Bluepoint. We’ll reference the Legal Basis for storage and processing during this document (in particular around your rights).
Your Rights
You need to know what your rights are regarding your personal data. These vary based on the current Legal Basis for storing and processing your data, based on your role and what you’re doing in Forge Bluepoint.
| Vital Interest | Legal Obligation | Legitimate Interests | |
|---|---|---|---|
| Right to be Informed | Yes | Yes | Yes |
| Right to Object | No | No | Yes |
| Right to Access | Yes | Yes | Yes |
| Right to Rectification | Yes | Yes | Yes |
| Right to Erase | No | No | Yes |
| Right to Restrict | No | Yes | Yes |
| Right to Portability | Yes | Yes | Yes |
Right to be Informed
This Privacy Information document aims to keep you informed about how we store and process your personal data and your rights relating to it. You will be emailed a link to this document when you are invited as a Visitor for the first time or set up as a User by a Site Operator.
We only send this email when an email is specified on definition in Forge Bluepoint. For example; if a host invites you using just your name (“John Smith”) we won’t be able to identify you or send you an invite. Note you can request access the next time you are being checked in – see "Right to Access" below for more information.
Right to Object
You do not have a right to object if you qualify for our Vital Interest or Legal Obligations legal basis for data storage and processing.
Site Users (Operators and Hosts) fall under the Legal Obligations legal basis, and therefore cannot object to being added to Forge Bluepoint. This is due to the Tenant Companies commercial responsibilities on site.
Example
As a Visitor, on entry to a building you cannot object to having your data stored. In the event of an evacuation, we need to know everyone on site for their own safety.
Right to Access / Rectification
We recognise your right to access and update your personal data. By signing into Forge Bluepoint you can view and update all of your personal data, such as profile details, visits performed across all our Sites. See "Signing into Forge Bluepoint".
If we don’t have your email address you won’t be able to sign in to access or rectify your data (see “Ad-hoc Visitor” in our Technical document). When you are next checking in at a Forge Bluepoint site, ask the reception team to give you access. You’ll need to provide your email address, allowing us to invite you to Forge Bluepoint.
How to
Once signed into Forge Bluepoint you can access your profile to view your data and perform updates.
Right to Erase
You do not have the right to erase (aka Right to be Forgotten) if you qualify for our Vital Interest or Legal Obligations legal basis for data storage and processing.
Site Users (Operators and Hosts) fall under the Legal Obligations legal basis, and therefore cannot request to be deleted. This is due to the Tenant Companies commercial responsibilities on site.
More Info
You can object to this decision by raising a complaint directly with the ICO (Information Commissioners Office).
Right to Restrict Processing
You have the right to restrict processing in Forge Bluepoint. You will still be visible to those who know your email address, but they will not be able to invite you to a Site as a Visitor or added as a new Host or Operator. Note this effectively will black list yourself, preventing your invitation onto Forge Bluepoint sites. Your status will be clearly communicated to those attempting to interact with you.
You also have the right to prevent all notifications (email, SMS etc) via your Profile page or by invoking the relevant link available in all Forge Bluepoint emails sent to you.
You can restrict your profile and notifications on the Profile page.
Right to Portability
You have the right to download your personal data into a portable format – in our case a CSV file (comma separated text file).
How to
Download your profile information and history from the Profile page.
Use our Search page to search and download all visits, deliveries etc where you were featured.
Our Legal Basis, justifications
Our Legal Basis for storing personal data is central to GDPR and our response. How did we come to select our Legal Basis for GDPR?
Vital Interest
This applies when you are an active Visitor or Contractor on a Forge Bluepoint site, generally for Health and Safety purposes; to make sure we have a record of you on Site, ensure you’ve agreed to any relevant safety inductions and ensure you’re represented accurately in mustering reports in the event of fire or other emergency warranting evacuation or similar.
Legal Obligation
We (the Data Processor) have an obligation to the Data Controller (the Site team, Landlord or owners) to provide accurate data about those who will, are and have visited their sites. In some cases, this can be to support Visitor and Contractor sections of PCI compliance, or other industry regulations as specified by the Data Controller (please contact the respective data controller for more information).
Legitimate Interests
For the purposes of providing the Forge Bluepoint services to you and our Data Controllers we will store and process your data. If you are not subject to our Legal Obligations or Vital Interest (not recorded as a Visitor, or currently on Site, respectively) we store and process your data using a Legitimate Interest.
Third Party Access
We don’t provide your personal data to any third parties for marketing or any other purposes.
Site Operators and Hosts can download search results, which will include elements of your personal data (Name and Forge Bluepoint Id). At the point of download they must agree to our Third Party Terms, which transfers Data Processor responsibilities to them for the downloaded content.
Changes to this Statement
We will from time to time make changes to this information as Forge Bluepoint changes and grows. Before we implement any changes that impact your personal data we’ll ensure everyone has been made aware of the changes. Primarily this will be performed at logon to Forge Bluepoint, and secondarily via email if you do not login within one calendar month of the change.
Terms and Abbreviations
| Term | Meaning |
|---|---|
| Site | A physical building or campus, a Forge Bluepoint customer. |
| Tenant Company | The company of a tenant in a Forge Bluepoint building. |
| Site Team | A Sites management team, usually providing material facilities and concierge services. |
| Landlord | The owner of a Site. |
References
| Guide to the General Data Protection Regulation, Information Commissioners Office [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/] |
| Microsoft Azure Trust Center, Microsoft Corp, 2018 [https://azure.microsoft.com/en-gb/support/trust-center/] |