Last updated: 28 May 2021
This section of our website is designed to help you understand what we do with information we may hold about you, referred to as “personal data”. In summary, we use personal data in the following ways:
This page is divided into sections reflecting those different activities.
We are BYND LIMITED of the United Kingdom, a limited company whose registered office is at 75 Bermondsey Street, London, SE1 3XF. Our registered company number is 07123452. We're also associated with BYND LLC, a limited liability company based in the US. Both companies are trading under the Beyond brand and may provide you with our services.
We are the publisher of this website, and a controller in respect of the personal data which it collects. This privacy notice applies to all of our public websites and provided services unless specified otherwise.
If you have any questions or concerns about the information in this notice, or about our handling of personal data more generally, or if you would like more detailed information, you should email us at email@example.com.
The servers hosting our website log basic activity for the purpose of monitoring the technical health and security of our sites and finding and diagnosing problems with it. Typically, this will consist of information about your browser, operating system, device type, and your IP address, as well as the pages viewed and any errors encountered.
This information is not used for any other purpose, and is separate from our use of Google Analytics, described below.
This information is processed and retained by our vendors according to their privacy policies. You can learn more about how our hosting vendors process data below:
We do this on the basis of our legitimate interest in maintaining our website and fixing problems with it. We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We consider this use is proportionate because it is appropriate to our relationship with you, we only use your data as necessary for maintaining the website and, it is in your reasonable expectation that we would need to use certain personal data in this way.
We use a Google service called Google Analytics to help inform our marketing decisions – for example, the information provided by Google might tell us that we have a large number of visitors from a particular area, or falling into a particular demographic.
The service works by saving to your device a series of small files called “cookies”, which contain information which Google can use to track your activity on our website and identify unique visitors.
We ask for your consent before we store performance cookies on your device using our website’s privacy preference centre.
The information presented to us by Google is statistical in nature and does not identify you personally, but if you have a Google account and you are logged in to it on the device you’re using to browse our website then it is likely that Google will know who you are.
You can learn more about Google Analytics data protection here: https://support.google.com/analytics/answer/6004245?hl=en.
The analytics information that is associated with cookies or other user identifiers and is stored on Google servers is retained for 26 months from the date of your last visit.
You can learn about Google Analytics data retention here: https://support.google.com/analytics/answer/7667196?hl=en.
You can find details of how Google uses your personal data on their privacy notice here: https://policies.google.com/privacy.
Our marketing communications include periodic newsletters and information in relation to a specific marketing campaign. When you sign up to receive our marketing information using one of our contact forms, we store your contact information so that we can send you personalised content over email.
If you contact us for the purposes of doing business with us or we have an existing relationship with you, we may ask if you’re interested in receiving our marketing information, but we will rely on your consent before we send you our newsletters or promotional emails.
We may therefore store the following information about you:
When you provide contact information to download or receive information regarding a specific marketing campaign, we may send you relevant information for up to one year afterwards.
When you subscribe to our newsletters, we may send you marketing communications for as long as you've subscribed. You may opt-out from our marketing emails at any time by using the unsubscribe link in the emails.
We may retain certain data about you after you've unsubscribed, but only as necessary to ensure you will not receive any further marketing communications.
We use Mailchimp for promoting our business and your personal data will be stored and processed on Mailchimp servers. When you interact with an email campaign that you receive from us, Mailchimp may collect information about your device and interaction with the email.
You can learn more about Mailchimp's data privacy and how they collect this information here: https://mailchimp.com/legal/privacy/.
We use Mailchimp sign up forms and Eventbrite when organising our events. We store your contact information when you sign up for an event so that we can contact you before and after the event.
We store the following information about you:
We give you an option to subscribe to our newsletter. If you subscribe to our newsletter, we may transfer your contact information to our marketing mailing lists hosted outside Eventbrite. See the "Marketing and promoting our business" section for more information about how we process this information.
We may require a payment when you're attending our ticketed events. The payment information will be processed on a third-party platform. We may store the sales information in our financial systems for up to six years from the end of our fiscal year to meet our legal requirements.
We may share your contact details with third parties who are organising the events with us, for example, event venues or partners we're working with on the event.
We store your contact details as long as you're attending the event and we need to contact you regarding the event. We may keep your information after the event, for the purposes described above.
The information about your attendance may be publicly visible on the Eventbrite website to other users. Any information stored in your Eventbrite account will be retained according to the Eventbrite policies.
You can learn more about Mailchimp's data privacy and how they collect this information here: https://mailchimp.com/legal/privacy/.
Where we work with other businesses and organisations, we will have the business contact details of the relevant people who work there, and we will use them to manage our relationship with that business and carry out the usual sorts of business administration tasks.
We share this information with our parent company, Next Fifteen Communications Group Plc ("Next 15"), because it operates a number of our “back office” functions for us, and with our and their technology suppliers (to the extent necessary for them to perform their functions).
We keep information about employees of clients or suppliers for as long as the relevant businesses are customers or suppliers (as applicable), and for up to ten years afterwards, in case of issues or disputes.
We do this on the basis of our legitimate interest in operating our business. We have considered our legitimate interests carefully and have balanced our legitimate interests against your rights under data protection law. We consider this use is proportionate because it is appropriate to our relationship with you, we only use your business contact details and, it is in your reasonable expectation that we would need to use your personal data to contact you in this way.
You may participate in the research work we do for our clients. This includes interviews, field studies, usability testing and surveys. We may also send you a post-test questionnaire following a research session.
We may use a third-party recruitment agency in the recruitment process of any external research subjects. The recruiters may provide us with your contact information so we may contact you before and during the interview process.
We ask for your consent before you participate in an interview and process your data. During the interview process, we may collect various types of information for demographics purposes. This may include some special categories of personal information. You may refuse to answer any questions without needing to provide us with a reason.
When we're conducting interviews remotely, we may record audio and video so that we may reference these during the research process. We will ask consent from every participant for the recording and you may end the sessions at any time.
We may need to share your personal data with the client so that they may use your contribution for the purpose of the research. We will inform you of this when you participate in our research and ask for your consent before sharing your personal information.
Your personal data, including any audio and video recordings, and any special categories of data, shall be retained for as long as it is required in connection with the research purpose and record-keeping. Your personal data will usually be deleted once the project that the data was relevant to has been completed. We will make you aware of any changes to this in advance of the research taking place and ask for your consent before extending this period.
We use third party platforms to conduct interviews and these vendors may store and process your data. If you have any questions regarding these technology providers, you can contact us at firstname.lastname@example.org for more information.
You may participate in workshops for the work we do for your business. Some of these workshops may also take place during the events we organise.
The data collected during the workshops may be with our Beyond employees or other participants attending the workshop or working on the project. This information will likely include your name, occupation and any relevant contact details needed to access these workshops. We may also ask for your photograph to personalise the experience.
Information about the particular workshop and details of the use of your data will be provided in advance of your participation in the workshop. We may share the research data with our clients. We will inform you of this when you participate in our research and ask for your consent before sharing your personal information.
When we're conducting workshops remotely, we use third party platforms that may store and process your data. If you have any questions regarding these technology providers, you can contact us at email@example.com for more information.
We may collect and store the following types of information on the websites and applications we develop and manage for our clients:
The information we collect and process for our clients may be shared with our internal team and suppliers as needed for them to provide the services for our client.
Outside of our general day to day business applications, the suppliers used for each service will vary from client to client. The websites or services we manage for our clients will include a privacy notice with details of the personal data collected and processed as applicable to those services.
Where you apply for a job opening posted by us and you are a European job applicant, the provisions in the Privacy Notice for recruitment will apply to our processing in addition to what has been provided to you in this privacy notice.
See the full Privacy notice for recruitment for further details here: https://apply.workable.com/beyond-101/gdpr_policy/
We use Workable to assist with our recruitment process. When you see a job opening posted on our website at https://www.bynd.com/careers/, you will be provided with a link to submit a job application on the Workable website.
We may collect and process the following types of information from you in our recruitment process:
When you submit a job application, we rely on your consent to disclose your information to us and any service providers involved in our recruitment process. Workable and any other service providers we use will process your personal data in accordance with our instructions.
When you apply for a job opening on a third-party job site or similar online service provider, you should note that the provider may collect and retain your personal data in addition to what has been outlined here. Any use of such third-party providers will be in accordance with their privacy notice.
We may additionally collect information from other sources:
Where we are collecting information from these sources (and not directly from you), we are relying on legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are the recruitment of staff for our business.
We may use technology solutions to select appropriate candidates for us to consider based on criteria expressly identified by us, or typical in relation to the role for which you have applied. This type of process to find suitable candidates is automated, however, any decision as to who we will engage to fill the job opening will be made by our staff.
We will hold your personal information for 12 months from the date you’ve applied for a role or since we’ve collected the information from other sources.
We operate in multiple countries in Europe and we may need to transfer your personal data outside of the country from which it was originally provided, within the UK and the EEA.
We also operate in the United States, and we may need to transfer your personal data outside of the UK and the EEA.
Our parent company, Next 15, operates globally and any data processed by them may be transferred outside of the UK and EEA.
Due to the global nature of our technology providers we may store your personal data outside of the UK or the EEA. Our technology providers have developed processes to ensure that where your personal data is transferred outside of the UK or EEA they have a legal basis for doing so and your personal data is protected to the same standard as it would be protected in the UK or EEA by putting in place safeguards.
Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by either ensuring that the relevant countries have been deemed to provide an adequate level of protection for personal data or, otherwise, we may use specific contracts approved for use in the UK and EEA which give personal data the same protection it has in the UK and EEA.
If you would like further details about how the technology providers transfer your personal data please click on the links in the relevant sections above or contact our data protection team at firstname.lastname@example.org.
European and UK privacy laws grant people certain rights in relation to their personal data. Below is a short overview of those rights.
If those laws apply to you, you can exercise your rights by contacting us at email@example.com. If you do contact us to exercise your rights, it is a good idea to be as specific as possible about which rights you wish to exercise because it enables us to respond more quickly.
You have the right to have access to the information we hold about you. There are a few exceptions to that right, designed to protect the rights of other people. If it is information you have given to us, you have the right to receive it in a portable electronic format.
If we hold information about you that is factually inaccurate then you have the right to have it corrected. This right does not extend to matters of opinion.
You may have the right to have some or all of your information deleted, principally if the information you want deleted is no longer needed or if we don’t have a legal basis to continue using it (for example, if we are using it on the basis of your consent and you withdraw your consent).
If we’re relying on your consent to do something with your information (for example, our use of Google Analytics) then you have the right to withdraw that consent at any time.
If we are doing something with your data not on the basis of your consent but on the basis of our “legitimate interest”, then you have the right to object to what we are doing, and we must stop unless we can show that there is a compelling and legitimate reason to continue, or what we are doing relates to a legal claim.
If you dispute the accuracy of information we hold about you, or we do something unlawful with your information but you don’t want us to delete it, or if we don’t need the information any more but you want us to preserve it in connection with a legal claim, or for the period in which we are considering a valid objection you have raised under your right to object discussed above, then you have the right to require us to restrict use of that information to simply storing it and using it only for legal claims, protecting the rights of others and matters of important public interest.
If you are unhappy with how we have handled your personal data, you have the right to complain to your local data protection authority, which in the UK is the Information Commissioner's Office. You can reach them through their website at http://ico.org.uk. If you are based in the EU, then you can find the contact details for your local supervisory authority on the website of the European Data Protection Board at https://edpb.europa.eu/about-edpb/board/members_en.
We will keep our privacy notice under regular review and changes we make to our privacy notice in the future will be posted on this page and if the changes will have an effect on you or the way we use your personal data we will bring them to your attention where appropriate.
If you have any questions about this privacy notice or about the ways we use your personal data, please contact our data protection team at firstname.lastname@example.org.