BOFA Privacy Notice
Your privacy is important to us. We will only use your personal information to administer your account, provide the products and services you have requested from us, and to keep you informed with relevant information about our products and services. The protection, confidentiality and integrity of your personal data are our prime concerns. This privacy notice explains what personal information we collect from you when you interact with our products and services, and how we use this information.
Our products and services
BOFA International (including BOFA Americas) hereby referred to as affiliates designs, manufactures and distributes fume extraction systems internationally.
In addition, in selected regions, we provide associated services, such as local exhaust ventilation (LEV) servicing. This Privacy Notice applies to these products and services and the relating platforms, including www.bofainternational.com, BOFA branded apps, other BOFA related websites, apps, communications and services.
What personal data do we collect?
We need certain personal information to be able to offer you the best experience and to keep you informed of our products and services. You provide some of this data directly, for instance when you interact, contact or purchase products and services from BOFA. Additionally, we receive some of your personal data indirectly through your devices, by recording how you interact with our services (e.g. through cookies). This allows us to personalise and improve our products.
Title (Mr, Mrs etc.);
Your telephone number;
Payment and billing information, e.g. bank account;
Cookies and other similar technologies
You can manage your cookie preferences through your browser settings.
How do we use your personal data?
We only use your data for the purposes for which it was collected and, where relevant, to meet local legal obligations.
We use your personal data for the following purposes:
Customer support – We use your information to support you in your use of our products and services. This may include the use of personal information to help diagnose product problems, rectify erroneous transactions and provide other customer support related services.
Customer engagement and communication – We use your information to communicate with you via email or other electronic media for instance on service-related matters, such as invoices. Other instances where we engage with you include administering your account, resolving complaints, and asking you to take part in one of our surveys.
Marketing – We would like to send you information which may be of interest to you about our products and services. We communicate with you via email or other electronic media. You have the right at any time to stop us from contacting you for marketing related purposes. Depending on your preferences, you can unsubscribe, change your settings by contacting firstname.lastname@example.org.
Safety, security and dispute settlement – We use your details to protect the security, integrity and safety of our products, services and customers. This includes processing in the context of detecting and preventing fraud, theft and other misuse of our services.
Maintenance, development and incident management – If you experience issues with one of our products or services, we may need to process some of your personal information, such as your name and case ID, in order to resolve the respective issue. We may also use your personal information in relation to certain system development processes, for instance if we move customer data to a new database.
General business process execution, internal management and management reporting – To be able to run our business, we may also use your personal information for general business processes. This includes processing your information for archiving, product traceability and other administration related purposes, management reporting or processing in relation to audits.
Where do we share your personal data?
We share your information:
To the extent necessary to operate our business, to provide you our services, to complete any related transactions and collect related payments, to provide customer care and to communicate with you in connection with our services. For instance, to process payments and transactions.
Where you gave us explicit consent to do so;
- If we are legitimately requested or obliged to do so pursuant to law enforcement, e.g. for investigation of illegal activities;
- To enforce our agreement with you, for instance in cases where you have not paid for your products or services received, we may share your information with a debt collector;
- To enforce our rights towards third parties, or to defend ourselves against any third-party claims or allegations;
- To protect the security, integrity or safety of our services.
To be able to provide you with our services, we make use of some intra-company facilities, e.g. for database purposes, administration, marketing and fraud prevention. As such, we also share certain personal data with our affiliates. Such intra-company sharing of data will only occur for purposes of operating our business, performing your service contract and as has otherwise been outlined in this Privacy Notice.
Where is your personal data processed?
Your personal data is mainly processed by our staff in the United Kingdom. We may also share data with our affiliates in the context of operating our business, providing our services and other processing purposes as outlined in this Privacy Notice. Our affiliated offices are located in the Germany and the United States. For hosting and maintenance purposes your personal data is located in the United Kingdom.
To the extent any other personal data will be transferred to a country outside the European Union or an international organisation, we will make sure that this only happens to such countries and international organisations that ensure an adequate level of protection, have put appropriate safeguards in place to protect your data and your rights in accordance with the EU privacy law (GDPR), or as is otherwise allowed under the GDPR.
If you wish to receive more information of the safeguards we have implemented, please contact email@example.com.
How long do we keep your personal data?
We will retain your personal information only for as long as is necessary for the purposes for which the information was collected, or as long as is required pursuant to law.
If you do not use your account for more than 24 months, we will mark it in our database as “inactive”. We will then no longer actively use your account information, e.g. to inform you on our products and services, but will archive the account to be able to easily re-activate it should you wish to use our services again in the future.
In case you wish to close your account, please contact your Account Manager or our Customer Services team. Upon closure, we will remove your personal information without undue delay except for information that we are obliged to keep pursuant to law. For instance in order to meet statutory administrative retention obligations, we need to keep some of your account related information (e.g. copies of invoices/receipts), for six years.
Data may be retained longer in cases where it is used in relation to a legal claim or is used in relation to a valid legal process.
Accessing and managing your personal data
You can amend your personal details by notifying your Account Manager or BOFA Customer Service team. If you are not a BOFA customer, you can notify firstname.lastname@example.org with any change to your details.
If you want a copy of the personal data that we hold of you or, if you wish to request a restriction of processing of your personal data or to object to processing, please contact our Customer Services department. We will respond to such requests within 30 days.
Lawful basis for data processing
We only collect and process your personal data when there is a lawful basis to do so. The lawful basis we rely on in this respect includes:
- Contract: the processing is necessary to perform your service contract;
- Legitimate interest: for example, i) a legitimate commercial interest to process certain of your personal data, e.g. for running our business and the purposes of certain forms of direct marketing and profiling; ii) to archive certain account information to facilitate you to re-use your account in the future; or iii) if there is a legitimate interest from business or security perspective, e.g. to prevent fraud or abuse of our services, or for purpose of network and information security of our IT systems;
- Legal obligation: the processing necessary to comply with a legal obligation, e.g. the legal requirement to keep administrative records for a certain period of time, or the legal obligation to share certain data on a police order for criminal investigation purposes;
- Consent: where you gave us explicit consent to process the data concerned, for example – if applicable – to share your data with partners or other third parties for commercial purposes.
If you have given your consent to the processing, you have the right to withdraw your consent at any time, by emailing email@example.com. We will discontinue the processing of your information upon receipt of your withdrawal. However, any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. We will not be under the obligation to reverse the processing.
Questions, concerns and complaints
If you have questions or concerns about the way in which we use your personal data, please contact firstname.lastname@example.org.
If you feel that an issue has not properly been resolved, you also have the right to lodge a complaint with the supervisory authority ICO: https://ico.org.uk/concerns/.