In May 2018 regulations governing the use of your personal information changed. You can read about the changes on the Information Commissioner’s Office ICO’s website.

We want you to feel secure when visiting our website and are committed to maintaining your privacy when doing so.  Please read our Privacy Notice which explains how we’ll use any personal data we collect from you or that is provided to us. 

Data controller

For the purposes of the UK Data Protection Act 18, Australian Act and New Zealand and the EU General Data Protection Regulation 2016/679 (GDPR), BSMimpact Ltd (at 17 Langhams Way, Wargrave, RG10 8AX) is the (data) controller for the processing of personal data we hold about you.

Our nominated representative is Elaine Burrows, at

What information do we gather?

As a company providing Business Service Management consultancy, we may sometimes need to process your data gathered from our website to pursue our legitimate business interests.  The nature of our legitimate interests are; responding to enquiries, managing training bookings, skills discussion bookings, improving the performance of our website.

Information from is gathered in two ways:

(1) indirectly (for example, through our site’s technology); and

(2) directly (for example, when you provide information on various pages of

One example of information we collect indirectly is through our Internet access logs. When you access, your Internet address is automatically collected and is placed in our Internet access logs.

An example of information we collect directly is when you voluntarily submit it to us, such as via a Contact form or Registration form for training.

The information we gather for the Contact form includes name, email address, phone number, organisation name, subject, enquiry.

The information we gather for the Training Registration form includes first name, last name, email address.  Training bookings are managed by a 3rd party; Go To Training and payment is collated by PayPal. 

For Training bookings, we do not collect or store financial data (bank details or credit cards) from individuals.  Companies can either pay via PayPal or we can invoice companies directly.

The information we gather for the Skills Discussion includes name, email address, salutation, position, location, team, country, gender, duration of employment contract, time in current role / organisation, manager, team leader, skills.

Where data is provided via 3rd parties, we require an agreement is in place to ensure the supplier (data processor) is compliant with GDPR and data protection requirements.

How do we use this information?

We analyze the Internet access logs to determine what is most effective about our site, to help us identify ways to improve it, and eventually, to determine how we can tailor to make it more effective.

We use the information within the Contact form, Training Registration form and Skills Discussions to ensure we respond to your questions or requests and to manage any training bookings or Skills Discussions.

How long will we keep this data?

We will keep this information from when it was initially gathered or contract termination whichever is the latest, for 7 years for legal and business operational requirements. Business operational requirements include; so that we know if we have already dealt with you i.e. services that we have provided or so we can deal with any future services, compliments or complaints.

Will we share this with outside parties?

Data we collect may be transferred throughout BSMimpact’s organization. We will not sell individual information and will share it only with our advisors.

If data is provided to 3rd parties, where this occurs, we require an agreement is in place to ensure GDPR requirements are met for data privacy and protection.

Will your data be transferred outside of the EU?

The website is designed and managed by JustCode Limited who are based in the UK, it is also hosted in the USA by a company called Servint (with datacenters in the USA), therefore your information will be transferred outside of the EU/EEA.  To ensure the security of your data we have in place safeguards including; an agreement with our data processors JustCode Limited that meets GDPR requirements, a privacy policy from Servint the hosting provider, and confirmation that Servint use Privacy Shield.  A copy of the safeguards can be obtained by emailing

What about sensitive personal data?

We do not process special categories of information. However, if we did process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we would always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

What about data security?

We take appropriate steps to maintain the security of your data on We have an Information Security Policy to manage the security of your data, which is supported by appropriate standards to ensure our systems and processes are robust.

You should understand that the open nature of the Internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended.

Personal Data Breach

In the event of a personal data breach, we have appropriate processes in place to detect, investigate, and report. We will notify the appropriate supervisory authority after becoming aware of it if the breach is likely to result in a risk for the rights and freedoms of individuals.  If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform those individuals without undue delay. We will also keep a record of any personal data breaches, regardless of whether we are required to notify authorities.

Your rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data.  You have the right to:

  • request from us access to and rectification or erasure of your personal data,
  • restrict processing, object to processing as well as in certain circumstances, right to data portability,
  • if you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn,
  • to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.

If you have any queries regarding this privacy notice or if you would like to make a request to access your personally identifiable information that’s held by us, please contact us via email: