Policy: Data Privacy
Effective Date: 1/1/2021
Business Network of Emergency Resources (BNet) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection laws, including the European Union’s General Data Protection Regulation (GDPR). Please read it carefully.
We take the security of our data very seriously and have a responsibility to the individuals we hold data on behalf of our systems and servers. Please refer to the following headings below to review what kind of data we keep and the process to request, review, change, or remove data we hold.
Data protection laws generally say that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
If you have any questions about this notice or how we collect and use personal information about you, please contact us a [email protected].
In this age of the Internet where privacy has become an increasing concern, we take your privacy very seriously. The privacy and security of your personal data (the “Personal Information”) which we collect from you is important to us. It is equally important that you understand how we handle this data. BNet will not knowingly collect or use Personal Information in any manner not consistent with this policy, as it may be amended from time to time, and applicable laws.
We reserve the right to keep customer data for a period of time adequate to ensure compliance and respond to follow-up inquiries. Pursuant to regulatory, legal, and security requirements. This timeline is determined based on the type of data, the security implications of storing the data, the legal requirements and the privacy of the individual referenced in the data.
Information About Us
We are Business Network of Emergency Resources. Our principal address is 34 South First Street, Suite 3, Fulton New York 13069. We can be reached at [email protected] or by phone at 888-353-2638.
Collection of Information
Participation Agreement and Data Collection
When you sign our Participation Agreement (PA) there will be personal information about you relating to that PA such as your business name, contact name and details, PA details, delivery details, and correspondence with us about the PA.
We need certain information to carry out our PA with you and you must provide this in order to enter into a contract with us (or as required under that PA), if you do not, we may not be able to carry out our agreement with you. Mandatory information fields are generally set out when you are entering into the contract, but in particular, you must provide the following information:
- Your name and details as required in our application.
- Your delivery address.
- Information to verify your identity and business legitimacy.
- Name and contact details of individual users of our service(s) covered by the PA.
- Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us, will include personal information (such as names and contact details) in the correspondence. This may include inquiries, reviews, follow-up comments and disputes with you or your organization.
- Call information. We may also collect details of phone numbers used to call our organization and the date, time and duration of any calls.
- We will keep and use that information to carry out our PA with you to comply with any legal requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or inquiry and administering you (or your organization’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- If you work for one of our clients, suppliers or business, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you or provided by your organization. Your organization should have informed you that your information would be provided to us and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organization. If we have a business relationship with you or your organization, we may receive information about you from your organization.
- Where your information relates to our Participation Agreement (PA), it is kept for a period of up to 7 years after your account is closed to enable us to deal with any after inquiries or claims and as required for tax or other governmental purposes. It may be stored in our archive for reference purposes for as long as our business needs may require, which we will review after 7 years.
- Payment information is collected and stored at a PCI authorized processor, “Authorized.net,” and is retained for a period of up to 16 months after the date of the order.
Use of the Information Collected
The primary purposes for collection, storage and/or use of your Personal Information include, but are not limited to:
- Business Processes and Management. Personal Information is used to run our business operations including, reporting and/releasing public data (e.g., annual reports, etc.) and populating employee directories. Information may also be used to comply with government regulation.
- Communication and Identification. We use your Personal Information to identify you and to communicate with you.
- We may collect your name and contact details (such as your email address, phone number or business address) in order to send you information about our services. We may collect this directly from you, or through your company, our client.
- If you are an existing client or are acting as a business we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential clients.
Information We Receive from Third Parties
We do not solicit information from Third Parties about you. You may be required to provide information from a third party to meet the requirements of your Participation Agreement.
Common uses of your information.
We will only use your personal information when the law allows us to do so. Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:
- We need to perform an agreement we have entered into with you.
- We need to comply with a legal obligation.
- It is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
- We need to protect your interests or where it is needed in the public interest.
- Change of purpose. We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or seek your approval.
Sharing Your Information
As well as any sharing listed above, we may also share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.
Why might we share your personal information with third parties?
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our clients, or others or where we have another legitimate interest in doing so. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We also may need to share your personal information for third-party service providers (including contractors and designated agents) so that they can carry out their services.
Which third-party service providers process your personal information?
The following activities are carried out by third-party service providers: alert notification, payment processing and general system wide announcements.
How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal information with a regulator or to otherwise comply with the law.
Your Rights If an EU Subject
If you are an EU subject, Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. Under certain circumstances, by law you have the right to:
Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at [email protected].
No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Time for response. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
Exercising Your Rights - Important Notice to all participants:
Data privacy rules provide you with these various rights and you have the full ability to exercise them at your discretion. However, given the nature of our programs which we operate in the United States, in
Security of Personal Information
We employ reasonable security measures and technologies, such as password protection, encryption, physical locks, etc., to protect the confidentiality of your Personal Information. Only authorized employees have access to Personal Information. If you are an employee with such authorization it is imperative that you take the appropriate safeguards to protect such information. Paper and other hard copy containing Personal Information (or any other confidential information) should be secured in a locked location when not in use. Computers and other access points should be secured when not in use by logging out or locking.
Passwords and user IDs should be guarded and not shared. When no longer necessary for business purposes, paper and hard copies should be immediately destroyed using paper shredders or similar devices. Do not leave copies in unsecured locations waiting to be shredded or otherwise destroyed. Do not make or distribute unauthorized copies of documents or other tangible medium containing Personal Information. Electronic files containing Personal Information should only be stored on secure computers and not copied or otherwise shared with unauthorized individuals within or outside of the BNet.
BNet will make reasonable efforts to secure Personal Information stored or transmitted electronically from hackers or other persons who are not authorized to access such information.
Any violation or potential violation of this policy should be reported to your immediate supervisor. The failure by any employee to follow these privacy policies may result in discipline up to and including discharge of the employee. Any questions or suggestions regarding this policy may also be directed to your immediate supervisor.
BNet acts to protect your Personal Information and ensure that unauthorized individuals do not have access to such information by using security measures to protect Personal Information. We will not knowingly disclose, sell, or otherwise distribute your Personal Information to any third party without your knowledge and, where appropriate, your express written permission, except where disclosure is reasonably necessary to comply with the law.
Changes to this Privacy Notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.