Data Privacy Policy


BASA Privacy Policy

BASA’s Privacy Policy is devised to help you feel more confident about the privacy and security of your personal details and shows how BASA intends to process, retain and remove your personal data, and the lawful basis for doing so. It is applicable to any personal information which is given by you or your company to the BASA secretariat.

What data do we process and who is it shared with?


BASA’s Data Protection Mapping document outlines how BASA handles the data included in new member applications, and who the data is shared with. It also applies to existing members and new contacts that are added throughout a company’s membership. Our lawful basis for processing this data is that it is “necessary for a member’s legitimate interests” and information is sent to members that we feel is relevant to a specific role.

Data is only shared with individuals in your company the BASA Secretary and the BASA Administration Officer and is not shared with any non-members or other third parties apart from:

  1. Mint Events, who manage the BASA events and event bookings for members who choose to contact them through the booking website or by telephone. The BASA office will not forward your data to Mint Events unless we have specifically asked your permission.
  2. BASA member MA Business who manage the BASA website, thus having access to the data held.
  3. Chemical Search International who run BASA’s training services and other member discounted services for members who choose to contact them.
  4. Croner who provide telephone and website services for members who choose to contact them to receive these services.

All BASA members have access to the Company profile and directory information that each member company chooses to declare for the annual Handbook and online open directory via their initial membership application and subsequent edits. Most data that is shared is shared directly between the member and the third-party provider and any data collected is only used to provide you with a service you have requested, or to provide information on an event you have booked.


New contact data is added to a simple excel spreadsheet stored on a cloud based secure server to receive information that has been requested, and/or information that we feel is of interest to that individual.

Data processed includes only contact and company name, job role, email address and telephone numbers, and a clear reason why we process and retain that data is recorded. In addition, relevant personal data gathered through attendance at meetings and events is retained (eg dietary requirements) and is shared only with organising and event venue staff.

How can the contact data we hold be viewed, amended or removed?


Members can log in to their Membership Profile on BASA’s website and view, amend or remove the contact data that we hold, and view the Committees and Contact Groups that we believe are of interest to your role, and which form the basis of the communications sent to you. Alternatively, a request for such data to be viewed, amended or removed can be made by emailing: or

Such data will usually be removed within three working days but will always be removed within one month of such written request being received.

A request for your contact data to be viewed, amended or removed can be made at any time by emailing or

Newsletters, information about events and other marketing communication will include the option to Unsubscribe from those communications. The Unsubscribe will usually be processed within three working days but will always be actioned within one month of such written request being received.

What data do we retain and what data do we remove?

Each nominated member company data controller is able to immediately delete any of their company contacts from the website at any time by logging in to their account on the BASA website. If the BASA Secretariat are notified that an individual has left a company, the website will be updated so that no further information is sent to that person. New contacts should subscribe to the website by applying to an existing company via the login function. Contact data may be retained for up to ten years at which time it will be deleted, unless there is a legitimate reason for its further retention*. This includes data gathered about an individual when they register for a meeting or event.

As above, if a request is received for that data to be deleted this will usually be removed within three working days but will always be removed within one month of such written request being received.

*Such data is available on request from or

What process do we have to secure disposal of personal data?

Once a request has been made to remove contact data, this will be carried out by the BASA Secretary or BASA administration officer in the timescales noted above. This will involve permanent deletion from the website and permanent deletion from the master spreadsheet.

It is the responsibility of both the BASA Secretary and BASA Accounts Officer to ensure GDPR compliance and in case of query, contact or in the first instance.

For the purposes of GDPR, BASA is both a Data Processor and Data Controller, and as noted above our lawful basis for processing your data is that “the processing is necessary for your legitimate interests” as defined in clause 6(1)(f) of the legislation.


You should be aware that information and data may be automatically collected through the use of Cookies. "Cookies" are small text files that store basic information that a web site can use to recognise repeat site visits and as an example, re-call your name if this has been previously supplied. We may use this to observe behaviour and compile aggregate data in order to improve the website, target the advertising and assess general effectiveness of such advertising.

Cookies do not attach to your system and damage your files. If you do not want information collected through the use of Cookies, there is a simple procedure in most browsers that allows you to deny or accept the Cookie feature. Note, however, that ‘personalised’ services may be affected if the cookie option is disabled.


Security is very important to us. Secure Socket Layer (“SSL”) encryption technology is used for protection of information in transit for any sensitive transactions such as payments. Additional security procedures are in place to protect the confidentiality, integrity and availability of your user information. Your user information will not be kept longer than is necessary for the purposes stated at the collection point or in this Privacy Policy.

Data Breaches

In the unlikely event of a data breach, Members will be notified as soon as we are aware of the breach and provided with details and steps that will be taken.

Notification System

Information, advice and services are provided to Members as part of the membership subscription package and these are directly accessed via the members only website area and also via a notification system which sends a brief email summarising the working group documents in a weekly snapshot email and all other postings in a bi-weekly snapshot email. Members can choose to continue receiving either of these snapshot emails at any time, by logging on to the BASA website members area and clicking on the membership profile option on the left under their name.

Other Communication

From time to time, members may receive other communication from the BASA office as part of the day to day running of the work of the association (subscriptions, benefits, payments, working group activity, member company data controller responsibilities to maintain their company data) and this will continue as part of the Association Business.