Privacy Policy
Who We Are
BFT Consulting Ltd (trading as Blue Flag Transport Consultancy) is a UK transport compliance consultancy registered at 18 Chivers Way, Northstowe, Cambridge CB24 1AH (Company Number 14943001).
We are the data controller for the personal data collected through this website (www.bftconsulting.co.uk). This means we are responsible for deciding how and why your personal data is used.
If you have any questions about this policy or how we handle your data, please contact us at info@bftconsulting.co.uk or on 0330 179 7379.
What Personal Data We Collect
We collect personal data only through the following channels on our website:
2.1 Contact and Enquiry Form
When you submit an enquiry via our website contact form, we collect:
- Your name
- Your email address
- Your telephone number (if provided)
- Your company name and operator licence details (if provided)
- The content of your message
2.2 Calendly Booking
When you book a consultation or discovery call through our Calendly scheduling link, we collect:
- Your name and email address
- Any information you provide in the booking notes
Calendly processes this data on our behalf as a data processor. Their privacy policy is available at www.calendly.com/privacy.
2.3 Newsletter and Email Sign-Up
If you subscribe to our newsletter or email updates, we collect your name and email address. You may unsubscribe at any time by clicking the unsubscribe link in any email we send, or by contacting us directly.
2.4 BFT Vault (Compliance Management Platform)
BFT Vault is our compliance management platform for transport operators. If you are a BFT Vault client, access to the platform and any data held within it is governed by your service agreement with BFT Consulting Ltd. Please refer to that agreement for details of how your compliance data is stored and managed.
How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To respond to your enquiry or service request
- To arrange and confirm consultation appointments
- To send you newsletters, compliance updates, and information about our services (where you have opted in)
- To fulfil our contractual obligations to you as a client
- To comply with our legal and regulatory obligations
Our Legal Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we process your personal data on the following legal bases:
- Legitimate interests – to respond to enquiries and manage our business relationships
- Contract – where processing is necessary to provide our services to you
- Consent – for newsletter and marketing communications (you may withdraw consent at any time)
- Legal obligation – where we are required to process data to comply with the law
How Long We Keep Your Data
We retain your personal data only for as long as is necessary for the purpose it was collected, or as required by law:
- Enquiry and contact form data: up to 2 years from the date of enquiry, unless an ongoing client relationship is established
- Client data: for the duration of the engagement and for 6 years thereafter, in line with statutory limitation periods
- Newsletter subscription data: for as long as you remain subscribed
When data is no longer needed, it is securely deleted or anonymised.
Sharing Your Personal Data
We do not sell, rent, or trade your personal data with any third parties.
We may share your data only in the following limited circumstances:
- With Calendly, as a data processor, solely for the purpose of managing appointment bookings
- With professional advisors (such as solicitors or accountants) where strictly necessary
- Where required by law, regulation, or a court order
Any third party with whom we share data is required to handle it securely and in accordance with applicable data protection law.
Cookies and Website Tracking
We do not currently use analytics tools or tracking technologies on our website beyond those strictly necessary for its operation.
If this changes, we will update this policy and, where required, obtain your consent before any tracking takes place.
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Request a copy of the personal data we hold about you.
Request that inaccurate data be corrected.
Request that your data be deleted, subject to legal requirements.
Ask us to limit how we use your data.
Receive your data in a structured, machine-readable format.
Object to our processing on grounds of legitimate interests.
Withdraw consent at any time where processing is consent-based.
Exercise Your Rights
To exercise any of these rights, please contact us. We will respond within one calendar month in accordance with UK GDPR requirements.
Data Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.
All data submitted via our website is transmitted over secure, encrypted connections (HTTPS).
Complaints
If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.
We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO. Please contact us first at info@bftconsulting.co.uk.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The current version will always be published on our website. The date at the top of this document indicates when it was last revised.
We recommend that you review this policy periodically.