Privacy Policy | btcm360.com

BRIDG T.C.M Privacy Policy

BRIDG T.C.M PRIVACY STATEMENT

Introduction

This BRIDG T.C.M specialists in providing career development training for professionals. We have developed a solid reputation as a Center of Excellence Engineering, Quality & Project Management and Supply Chain Training in providing high-impact courses that have benefited a large number of participants from the private, public, and government sectors. We are ISO 29993:2017 Certfied learning service provider and Autodesk Authorized Training Center (ORG 10272).

We have developed a solid reputation as a reliable in providing high-impact courses that have benefitted many participants from the private, public, and government sectors. Our presence for the last decade-built credibility in the market through our local and overseas trainers.

About Us:

BRIDG T.C.M started its journey

As a successful learning service provider BRIDG T.C.M got Certificate of Registration as ISO 2999:2017 organization very first time in South Asia on 2018. After getting approval BRIDG T.C.M updated their tuition mode and try to outspread internationally also enlighten people about quality value in the profession. In 2019 BRIG T.C.M became Autodesk Authorized Training Center in South Asia.

For all queries relating to this Privacy Statement and our handling of personal data please contact monir@btcm360.com

Alternatively, you can write to us at:

Data Protection BRIDG T.C.M
Level 2, 118 Kolabagan Dhaka-1205

What we collect

We may collect the following information from you when you join BRIDG T.C.M, place bookings, complete surveys, or application forms, provide services to us, or purchase goods or services from us:

your name, date of birth, and gender

addresses (home and work), contact email addresses and contact telephone numbers (home, work and mobile)
your credit/debit card and /or bank details
employment status
career details – current job/description of role/employer.
company name and address

current qualifications (where relevant to BRIDG T.C.M, g., completion of accredited degrees)
study center/university details
assessment information for qualifications
examination marks and results and exemption details
learning opportunities are undertaken as part of continuous professional development

online self-assessment tools use and scoring
competency questionnaires use and scoring
skills and interests
date of joining BRIDG T.C.M, membership status, and grade
purchases you have made from BRIDG T.C.M Brands

inquiries and contacts, you have made to BRIDG T.C.M Brands
data related to election ballots and results
username and password, you use to sign in
the IP address you use to log in
personal data you supply when you are using the Supply Management Jobs services (these services allow you to receive job alerts, upload your CV and share your details with recruiters)

photos and video footage (were captured at our events)

Sensitive data that we may collect (this includes Special Categories of personal data as defined by GDPR)

annual household income and savings – only applicable to BRIDG T.C.M Foundation applicants
evidence of your health (medical history, diagnosis, or special requirements), where needed for reasonable adjustments, special consideration, exam deferrals, BRIDG T.C.M Foundation applications, or accommodating your requirements when attending BRIDG T.C.M Brands events/courses
information you provide us when applying for special consideration, discretionary membership discounts or to defer an exam

information you provide us regarding any specific needs you have for attending our events or training courses

How your information is collected

We collect information from you, for example, when you:

make inquiries with us
submit an application for membership, to sit an exam, or to apply for a membership upgrade

book onto an event/training course
purchase learning materials
choose to upload your information via your My BRIDG T.C.M or Supply Management Jobs account
sign up to and/or make use of the services we (BRIDG T.C.M Brands) have available (such as E-Learning, the Self-Assessment, Skills Gap Analysis tools or Supply Management Jobs)
use our website (see our Cookies policy below)

We may also collect information about you from third parties, such as:

your employer or sponsor (for instance, where you have been enrolled in one of our corporate programs)
our study center (if you have chosen to study through one)
partners that we work with

What we do with the information we collect

We require this information to understand your needs and provide you with a better service, and for the following reasons:

to respond to your inquiries
to administer your membership and provide the benefits set
allow you access to the BRIDG T.C.M Brands site(s) and services
to fulfill our obligations arising from any contracts entered between you and BRIDG T.C.M Brands, and for their general management – this includes providing the products and services that we offer, where Terms and Conditions apply

to administer and manage the examination and assessment processes including the performance of study centers
to organize and deliver BRIDG T.C.M Brands events and training courses, and fulfill any specific needs you may have
process payments from or to you
maintain CPD records
to run elections

evaluate your professional attributes, where necessary.
notify and remind you when your membership is due for renewal
provide you with information relating to your studies
notify you of governance updates, including sending you invitations to vote in our Annual General
provide you with news, products, services, and membership updates

invite you to provide feedback on our products and services, for example in surveys
invite you to take part in research campaigns and surveys
fulfilling prize draws and competitions
using photo and video footage in post-event publicity (please notify us when booking onto an event if you object to this)
to notify you of changes to our membership offering

monitor how you respond to our communications
to allow us to monitor usage statistics as a basis for future improvements to relevant website processes
to monitor and improve our products and services
to meet security/health and safety requirements where you attend an event or training course
to verify your identity

to enable us to track system used by user
internal record keeping
to periodically conduct quality checks on the data we hold on you

Professional Register

BRIDG T.C.M provides a professional register, accessed through our website, listing the names, membership grades, achievement of the ethics mark and chartered status, and country of current BRIDG T.C.M members.

We do this as we believe that it is in the public interest for individuals and organizations to be able to easily identify those professionals who have achieved or are working towards professional recognition, CIPS and BRIDG T.C.M/CIPS Chartered Professional, and who remain current members of CIPS.

When registering for membership you will automatically appear on the register. If you do not want your member details to be shown, then simply log in to your profile and tick the opt-out checkbox.

Our lawful bases for processing your information

We will only use your personal information where one of the following applies:

You have given us your consent, such as to send you marketing communications or information about third parties which we think you may find interesting. You can withdraw your consent anytime by clicking unsubscribe on the link located at the bottom of the emails you receive from us. Please be advised, that changes to your preferences may take up to 10 days to fully
It is necessary for performing a contract that we have with you, such as the fulfillment of a service you have signed up for as a
For our own (or a third party’s) legitimate interests provided your rights do not override these interests, such as:

Fraud prevention

Sending appropriate targeted communications to you based on previous purchases or interest in BRIDG T.C.M services
Monitoring and improving our products and services
Enhancing the learning experience (for example, tailoring our events/training courses to the audiences attending or sharing information relevant to your studies with your study center)
Fulfilling the requirements of our Charter
Enhancing the networking opportunities that we offer

Managing the data, we hold

We sincerely comply with a legal obligation, such as the BD Act Your personal information will only be used for the purpose or purposes it was collected. It will not be sold, shared, or distributed to third parties unless we have your permission or where it is necessary for one of the reasons listed

Recipients with whom we may share your data with

Agents and organizations contracted to perform business functions on our behalf (for example we work with Rakib who support BRIDG T.C.M Helpdesk including providers of third-party application used for the purposes of delivering products/services to you.
Venues hosting BRIDG T.C.M Brands events (where necessary to meet security and safety requirements, and fulfill any specific needs you may have)

BRIDG T.C.M Brands event sponsors (we will only share your name, job title, and company name – this is done to tailor the event content to the audience. Please notify us when booking if you do not want your data to be shared in this way)
If you apply for a job via Supply Management Jobs, your details will be shared with the recruiter promoting the specific role. At your request, we will share your data with Top CV and/or allow recruiters to access your CV
Third-party IT and payment processing providers
Email service providers (we use A2 Hosting as our provider).
Third-party analytical services

Knowledge Partners whom we run joint research campaigns with

We may publish or share anonymized statistics under the condition that no personally identifiable information can be derived from such statistics by third parties, such as our recognized study center partners.

How long do we hold your Information for

BRIDG T.C.M Brands has a variety of obligations to keep the data that you provide us. These include ensuring that transactions are processed correctly, identifying fraud, and complying with any laws and rules that apply to us and to our service providers. BRIDG T.C.M Brands has a Data Retention Policy to ensure that your data is not held for longer than is necessary. We hold the information that you provide to us while you are an active, registered user and member, and when you register for our services. Therefore, even if you close your account or membership with us, we may keep certain data (such as membership information) to meet our obligations but for no longer than required or permitted by law.

Where your information is stored

Your information is held securely within the BD, however, may be stored and processed in any country in which our Regional Offices or agents operate in order to provide our products/services within those respective regions and/or to adhere to audit and regulatory requirements.

If your information is transferred outside the UK for these purposes, then we will take measures to ensure that your data always remains protected to the standard imposed by the General Data Protection Regulation. We require our trusted third parties to meet BRIDG T.C.M Brands’ data protection standards. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.

Keeping your personal information secure

To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. BRIDG T.C.M Brands’ websites are maintained on a secure server. All our suppliers and contractors meet the standards we require. Restrictions are also in place so that users only have access to data that is required for them to do their job. Staff training is undertaken regularly, and checks are made by IT staff to ensure data quality is maintained.

All payment card details are processed by a third-party payment processor who encrypts the details using SSL (Secure Socket Layer) technology. Once orders have been processed all encrypted credit card information on the webserver is deleted.

We also have in place a comprehensive email security Policy; all incoming and outgoing email is scanned by multiple security systems before being accepted or sent out. These security systems will block and hold messages that contain viruses and malware, spam messages, or other inappropriate content.

Where appropriate, senders will be informed that their message has been held by our systems and if held in error the message can be released and successfully sent.

Unfortunately, no data transmission or storage system is completely secure. If you feel that the security of your account or interaction with us has been compromised, please contact us immediately. If such a disclosure does occur, we will contact you as soon as possible to explain what has happened and take all steps required of us to meet our obligations under the legislation.

Your rights in controlling your personal information

You can ask us to make changes in how your data is handled and we will respond promptly should a request be made. You have the following rights over the personal data about you that we are holding and processing:

Right to be informed. This Statement provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us.

Right of access. You may request details of personal information that we hold about you under the DataProtection Act 2018 and the General Data Protection Regulation. This is called a Subject Access Request.Further information this process and how to apply can be found at:

Right to request information held is accurate and how to update it. If you believe that any information, we are holding on you is incorrect or incomplete, please email us at monir@btcm360.com and we will respond as quickly as possible.

Right to erasure. In certain circumstances, you may ask us to delete information about you and stop processing or publishing it (often called the Right to be Forgotten).

Right to object to the processing that is likely to cause you damage or distress. Where you challenge the accuracy or lawful processing of your information, we will consider this.

The right to receive an electronic copy of any information you have consented to us holding is known as data portability. You can ask us to provide the personal data about you we hold, securely and in a machine-readable format, so it can be moved, copied, or transferred to be used across different services or for you to give to another organization.

Right to object. We will ensure that we have the right consent in place for sending you information. You can unsubscribe from our mailings and remove your details at any time. If you wish to stop receiving communications from us, you will be able to do so by contacting us at monir@btcm360.com

Rights related to automated decision-making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.

What we use cookies for

A cookie is a tiny file that is stored on a user’s computer or electronic device and issued to your computer when you enter a website. It stores a small amount of information relating specifically to the client and the website. The cookie can be accessed by both the web server and the user’s computer.

When visiting any webpage ending with the suffix BRIDG T.C.M.org, we cookies that allow you to:

carry information across pages of the site
avoid having to re-enter information
maintain a shopping basket or booking form

after the member login, to access member-only information or receive member-only

Types of cookies Session cookies

Session cookies are stored only temporarily during a browsing session. No information about you is stored in the session cookie and it is deleted automatically as soon as you close the browser window to leave the site.

Persistent cookies

This type of cookie is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Persistent cookies are used where we need to know who you are for more than one browsing session. For example, this type of cookie is used to store your preferences, so that they are remembered for the next visit.

Third-party cookies

We also use third-party cookies such as Facebook Pixel, LinkedIn Insights, and Twitter Universal Website Tag to monitor how our website is used and to better tailor the website to you and the promotions that you may see.

If you want to find out more about how to control your cookies, please visit the links below depending on the web browser that you use. However, please remember that if you choose not to receive cookies at any time, the BRIDG T.C.M website may not function properly, and certain services will not be provided which may affect your experience of the website.

Internet Explorer

Chrome
Firefox
Safari
Opera

You may also find the information on www.aboutcookies.org useful. This website is run by an external company to BRIDG T.C.M and we cannot verify the content of this website.

BRIDG T.C.M Data Protection Policy

1 Overview

The BRIDG T.C.M is the leading voice of the professional development training. BRIDG T.C.M is the Data Controller and Data Processor of the information that you provide to us as a member and to access our services and training. BRIDG T.C.M are proprietorship company in Bangladesh.

BRIDG T.C.M Data Protection Policy sets out how we respect the personal information that we collect and hold in the course of carrying out our role representing the procurement and supply profession, our clients and members. We are committed to ensuring that the privacy of our members, business partners and employees is protected and upholding the principles of data protection.

2 Purpose

BRIDG T.C.M as Data Controller and in cases, Data Processor, must be able to demonstrate compliance with data protection law. This policy outlines BRIDG T.C.M framework in upholding Article 5 of the GDPR and Data Protection Principles in that data shall be:

processed lawfully, fairly and in a transparent manner
collected for specified, explicit and legitimate purposes

adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
accurate and, where necessary, kept up to date
kept for no longer than is necessary for the purposes for which the personal data are processed
processed in a manner that ensures appropriate security

3 Objectives

Adhering to data protection principles, BRIDG T.C.M will manage data throughout the information life cycle and will seek to audit and review its processes and procedures in data handling. With constant regard to continuous improvement, the data protection management system will adopt best practice principles and GDPR requirements. This management process will be achieved by adopting the following policy objectives.

3.1 Process data lawfully and fairly

BRIDG T.C.M must have a ‘lawful Basis’ or ‘grounds for processing’ before legally processing personal data. There are 6 different grounds for processing:

Consent – the individual/data subject has freely given their consent to the processing and data must be collected through a clear affirmative
Contractual – processing is necessary for the performance of a contract or agreement to which the individual is party or is required prior to entering a

Legal requirement – processing is necessary for compliance with a legal obligation to which the individual is subject.
Public interest – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
Legitimate interests – processing is necessary for the purposes of the legitimate interests of the organization or a third party where the interest and rights and freedoms of the individual are not overridden, and the data is used in ways which people would reasonably
Vital interests – processing is necessary to protect the vital interests of the individual or of another

Where processing is intended to require Special Categories of personal data (see definitions), a specific condition permitting such processing must also be identified as laid out in the GDPR & Data Protection Act 2018.

Once legal grounds for processing have been established, its activities will be included within the Data Asset Inventory – Article 30.

3.2 Collect data that is necessary and for a legitimate purpose

BRIDG T.C.M will ensure that personal data collected is necessary for processing and not further processed in a manner that is incompatible with those purposes; under GDPR further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.

BRIDG T.C.M will communicate in a clear and transparent manner ensuring that all data subjects are informed of the purpose for their data being processed and only use their personal data in a way that the data subject expects and with accordance to their rights.

3.3 Select data that is adequate and relevant

BRIDG T.C.M will ensure that the data processed will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and those purposes will be transparent and clear. If intentions are to use the data for any other purpose data subjects are informed and have the right to object.

3.4 Maintain accurate records

BRIDG T.C.M will ensure that data is accurate and, where necessary, kept up to date. All data subjects will be provided with the means to update their personal data and every reasonable step will be taken to erase or rectify without delay inaccurate records.

Records will be restricted if there is any dispute over their accuracy until a time where the data has been rectified and authorized as an accurate account of the subject’s data.

3.5 Appropriate retention period for information

BRIDG T.C.M will not store data for any time longer than necessary or if the data subject withdraws consent or objects to its processing (unless there is another legal ground to justify its retention). To manage the process of establishing and keeping records for a suitable period, BRIDG T.C.M has a Retention Policy and process that outlines the assessment and categorization of data for storage and deletion.

3.6 Securing personal data

BRIDG T.C.M depends on information and communications technology systems to operate global membership and administrative functions. Security of these systems, the hardware, and networks on which they reside and the data which they host is necessary both to honor BRIDG T.C.M obligations to providers of data (students, members, suppliers, partners, and employees).

BRIDG T.C.M Information Security Policy in conjunction with BRIDG T.C.M Acceptable Usage Policy outlines the activities taken to protect data within the organization.

4 Upholding the rights and freedoms

4.1 Information and rights for data subjects

Individuals can request that we make changes in how their data is handled and we must respond promptly should a request be made.

Right to be informed – we must communicate clearly and use plain language in all our external messaging when initially collecting the data or at first opportunity
Right of access – we must have in place processes to respond to requests for what information we are holding (Subject Access Requests)

Right to rectification – we must ensure we correct inaccurate information in the data we are processing without delay
Right to erasure – we may be required to delete the data and stop processing it or publishing it (often called the Right to be Forgotten)
Right to restrict processing – where the accuracy or lawful processing is challenged then temporary limits on the processing are required
Right to data portability – we may be asked to provide the personal data we hold, securely and in a machine-readable format, so it can be moved, copied, or transferred to be used across different services
Right to object – individuals have the right to object to processing where our lawful basis is legitimate interests or where we directly market to them

Rights related to automated decision making – if there is additional profiling or automated decision making based on the data, we hold that then an individual can object

BRIDG T.C.M Subject Access Request (SAR) guideline outlines how an individual can contact BRIDG T.C.M to initiate the SAR process.

4.2 Subject Access Request

BRIDG T.C.M collection of personal data is handled in accordance with the BRIDG T.C.M Privacy Statement. All BRIDG T.C.M employees, providers and partners are expected to comply with this policy and demonstrate a commitment to protecting others’ privacy.

Requests from data subjects (see definitions) are called Subject Access Requests. The process for making a request is set out in the BRIDG T.C.M published guidance ‘Making a Subject Access Request’. This is a simple checklist to guide you on the steps to make sure you recognize and handle a request (SAR) effectively, and in compliance with the data subject’s rights and BRIDG T.C.M internal processes. The information is provided free of charge.

4.3 Breach management

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

Personal data breaches can include:

access by an unauthorized third party through their direct action or lax internal security procedures or practices
deliberate or accidental action or inaction by an employee, volunteer or supplier

sending personal data to an incorrect recipient, g. wrong copy recipient to an email
USB stick, laptop or phone containing personal data being lost or stolen
alteration of personal data without permission
loss of availability of personal data

BRIDG T.C.M breach management procedure is outlined in the BRIDG T.C.M Breach Management Policy and Identifying and Reporting Data Breach guideline documents.

4.4 Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) is a methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that involve the processing of personal data. Privacy by design means that BRIDG T.C.M identifies and minimizes the data protection risks of a project or new initiative. BRIDG T.C.M manages all new data assessments through its DPIA management process.

5 Governance

BRIDG T.C.M has the following governance framework in place to manage Data Protection Compliance:

Data Controller:

Any person, or organization, who makes decisions about how and why data is processed. A data controller must be a person recognized in law and they are responsible for compliance. BRIDG T.C.M is a Data Controller.

Senior Leadership Team (SLT):

Responsible officers of all organization-wide data protection
Oversight of Data Compliance Management Group

Data Compliance Management Group

Ensuring that there are adequate and competent resources available to support Data Protection Processes
Updating Article 30: processing activities documentation
Establish roles and responsibilities including appointment of one person with responsibility for the GDPR Breach Management Process
Conduct management reviews of the GDPR Breach Management Process ensuring it is fit for purpose and seeking continual improvement
Commitment to GDPR Breach Management Process and supporting implementation throughout the organization

Signing off audit processes and alignment with BRIDG T.C.M Data Protection Policy
Review training and testing outcomes
Reporting to SLT and GBT where applicable: including incident reports

Data Protection Officer:

Inform and advise senior leadership of their obligations under data protection
Promote a culture of data protection throughout the organization
Review policies and procedures to ensure they are fit for compliance
Advise on data protection procedures and best practice
Monitor and report on compliance to senior leadership

Maintain accurate records and documentation
Point of contact for data protection for all internal and external contacts
Investigate breaches and recommend remedial and mitigating actions
ICO point of contact
Advise and assist in the DPIA process

Data Processor:

Any person, or organization, who acquires records and processes personal data or who processes data on behalf of the Data Controller. An organization can be both a Data Controller and Data Processor even where they may appoint third parties to carry out elements of data processing on their behalf, such as Cloud Computing services. BRIDG T.C.M is both Controller and Processor. Our third parties who handle data for us are also Data Processors.

6 Audit and review

The Data Protection Officer as chair of the Data Compliance Management Group performs and audit and review function. This policy outlines the GDPR requirements and objectives for the audit and the policies and processes will be reviewed at least on an annual basis to ensure future proofing and suitability and compliance.

All breaches will be reviewed on a case-by-case basis and will document the mitigating actions and steps to remedy the breach and return to security and protection of data. All process will be reviewed to ensure that BRIDG T.C.M operates within regulation timeframes for responding and reporting on all SARs and breach investigations.

7 Training and exercise

BRIDG T.C.M will ensure that training and information will be made available to all data processors. Training will be given to all new personnel and third-party data processors. The Data Protection Officer will ensure that all training will remain current and fit for purpose.

8 Definitions

Data Subject

A living person who is the subject of personal data. The individual has enhanced rights under data protection law.

Personal Data

Any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Processing

Processing of data means any operation or set of operations that is performed on personal data, which includes but is not limited to, collection, storage, use, recording, disclosure, or manipulation of data whether by automated means.

Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. Organizations are required to report a data breach that creates a risk to the rights and freedom of the individuals concerned, to the Information Commissioner’s Office (ICO) within 72 hours of the breach occurring or when made aware of the breach. If the individuals are at high risk of potential harm, then they must also be notified. Example: A computer account is hacked, and data listing contact details is accessed, or an employee takes unencrypted data out of the office against acceptable use policy and loses it.

Data Protection Officer (DPO)

This is the role in an organization that has responsibility for ensuring that personal data is protected and that the organization is compliant with the legislation. There should be a degree of independence, so the DPO reports directly to the highest management level of the organization as a part of the organization’s governance.

Binding Corporate Rules

A set of binding rules designed to allow organizations to transfer personal data from the BD to the organization’s related operations outside the BD but within the organization. BCRs must demonstrate adequate safeguards and be authorized by the appropriate lead authority in the BD to vouch for data compliance.

Cross border processing

The processing of data by a Controller or Processor who operates in more than one BD member state, or the processing of data in one member state of the subject’s resident in one or more member state.

Privacy Shield

Prior to GDPR, the BD- other countries and EU Privacy Shield Frameworks impose stronger obligations on US organizations to protect the personal data of data subjects in BD. The Privacy Shield, and now GDPR, requires the

BD to monitor and enforce protection, and to cooperate with the Supervisory Authorities. This is administered by the Department of Commerce and the Federal Trade Commission.

Data Protection Authority

Also known as a Supervisory Authority. The national authority in every BD member state enforces data protection in that member state. In the BD it is the Information Commissioner.

Data Privacy Impact Assessment

A methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that use or protect personal data.

Privacy by Design

The principle of the inclusion of data protection from the onset of the designing and planning of systems, rather than as a later addition.

Subject Access Request

The request by an individual to have access to, and information about, the personal data that a controller holds. Application is by a subject access request that is free of charge.

Special Categories of Personal Data

This is sensitive data that requires more protection. It includes information revealing race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

Third-party

Any person or organization is other than the Data Subject and the Data Controller. A third party can also be a Data Controller and a Data Processor.