Image Gradient
BOP Consulting Logo | HomeButton

BOP Consulting Privacy Policy 

Data privacy is of the utmost importance to BOP: for our client-commissioned projects, for the World Cities Culture Forum (WCCF) which we organise and deliver on behalf of the Greater London Authority (GLA), and for our own marketing and communications. We simply cannot function as a business without respecting the wishes of the people who provide us with personal data. We therefore want to be open and transparent about our processing of personal data and we have a policy setting out how this is processed and protected.
 

1. What personal data do we collect and why?

As an international research consulting company, BOP is in the business of providing strategic, policy and commercial insight to our clients. We use many ways to generate this insight. Some projects only call for secondary research, for instance, evidence and literature reviews, statistical and spatial analysis of both existing datasets and unstructured publicly-available data collected via data mining, AI and machine learning techniques. However, many more of our projects involve primary research with businesses, visitors, audiences, practitioners, participants and policymakers (among others). We capture this personal data in a variety of ways: in-person and online surveys and online consultations, but also via interviews and focus groups.


Additionally, we hold personal data on representatives of member cities and others linked to the World Cities Culture Forum (WCCF) and its activities (e.g. the annual Global Summit). Our role and responsibilities as defined by the EU General Data Protection Regulation are different with regard to this WCCF membership data when compared to data provided to us by research participants for client-commissioned contracts (see 2 below).
 

Lastly, we like to keep in touch with our clients and other people around the world who are interested in our work, including the World Cities Culture Forum (WCCF). This means that we also store some limited personal data in order to send updates via email newsletters.


2. Who is the Controller of your personal data?

This depends on who you are and the context in which you have provided personal data to us.

For personal data captured in relation to BOP’s own marketing and communications, in particular if you have signed up to our company email newsletter, BOP Consulting is the Controller of your data.
 

If you are a representative of a member city of the WCCF, other city representative who has attended a closed WCCF event, or have signed up to the WCCF newsletter, then BOP Consulting is also the Controller of your data.
 

If you are a client, or a research participant in a client-commissioned project, BOP Consulting acts as a Data Processor on behalf of our clients.
 

3. How and where is your data stored, protected and used?

There are a number of general principles and processes that we use across all the activities for which we collect and hold personal data (as described above in 1). In particular, these cover what we will (and will not) use your data for, how your data is protected, and how you can contact us regarding the data that we may hold on you.
 

After the ‘General principles and processes’ section below, we also provide more detailed information according to whether you are a Client, Research participant, Member city of the World Cities Culture Forum (WCCF), or someone interested in how we use data for BOP’s marketing and communications, or for disseminating and promoting the work of WCCF.
 

General principles and processes

The data that we collect is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws. For transfers outside the EEA, BOP will use Standard Contractual Clauses and Privacy Shield (e.g. the EU-US Privacy Shield Program) as safeguards for countries without an 'adequacy decision' from the European Commission.
 

BOP Consulting is committed to keeping personal data safe and secure. We maintain all necessary physical, electronic and procedural security measures to help safeguard client data and personal information. Third parties that provide us with support or services (e.g. subcontractors) may also receive client data or personal information, and we require them to maintain security measures similar to ours with respect to such information.
 

Our security measures include using IT companies and platforms that protect our IT infrastructure from external attack and unauthorised access, as well as proactively guaranteeing to meet the requirements of the EU General Data Protection Regulation. We also have internal policies setting out our data protection approach and training for BOP employees.
 

BOP Consulting will take reasonable steps to ensure personal data is accurate, complete, current and relevant, being used only to fulfill our obligations to our clients. Upon request, we are very happy to provide people with access to the personal information that we have collected about them. We will correct any information that is inaccurate or incomplete, change their consent status, or have their personal information deleted all upon request.
 

From time to time, we may need to update our Privacy Notice. The latest version of the Privacy Notice will always be available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data or your rights.
 

Client information

We treat all information we receive from clients as confidential and do not use the information for any purpose other than to fulfill our obligations to them. We keep client information secure at all times, and prevent the misuse and unauthorised disclosure of it by our employees or any third parties.
 

Research Participant information

We collect data and information in our studies for research purposes. Our use of that information is typically limited to the specific research contract that we are undertaking for a client. Responding to a survey is legally understood to be providing ‘implicit consent’ for personal data to be used in relation to a specific project covered by a contract between BOP Consulting and a client.
 

However, there are some occasions where we additionally ask research participants if their details can be retained and used for follow-up activity(s) not connected to the initial research work (e.g. to register interest in follow-up research opportunities, to register to receive a copy of the subsequent research report, or to receive future information from either the relevant client on whose behalf we are conducting the research, or directly from BOP Consulting). In these limited instances, ‘explicit consent’ will be sought from research participants for any and each additional use of data that is sought.
 

Individual responses provided by participants in our research work are held in strict confidence. By default, they will not be shared directly with our clients, nor published for public consumption. The only exceptions to this default principle are instances where it is deemed materially important to the research that responses provided by individuals / individuals representing particular organisations should be directly identifiable (e.g. in the case of attributed quotations, or material provided for case studies by named individuals). Again, in any and all of these instances ‘explicit consent’ will be sought from research participants for disclosure of this information.
 

We do not lease, sell or give personal information to third parties (i.e. organisations that are not BOP Consulting or the relevant Data Controller) for the purpose of directly marketing any products or services. In some cases we may need to share personal information with third parties that provide research services in support of the specific research project (e.g. subcontractors working with BOP to deliver a client-commissioned project). Any third party that receives personal data from us is obligated to follow all of the same privacy protection regulations as followed by BOP Consulting.
 

We do not contact children under the age of 18 without consent from a parent, guardian, or organisation working with children who are also responsible for their safekeeping while in their care (e.g. a school, youth club, arts organisation) and who have complied with relevant statutory safeguards.
 

BOP also has an Ethical Research Policy that is available upon request.


BOP Newsletter subscribers and website visitors

At BOP, we manage our own company email newsletter through a password protected Mailchimp account, which only BOP employees have access to. Our newsletters are available to anyone that proactively opts-in and gives their explicit consent to receive it. We do not lease, sell or give this personal information to any third parties. We will contact BOP newsletter subscribers at least every two years to check-in with them and re-establish their consent for us to contact them. We also give our subscribers the option to opt-out at the bottom of every newsletter we send to them.
 

We use cookies - small text files which are transferred to your browser by our website (www.bop.co.uk) to identify data traffic patterns. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings – though BOP will never use cookies for this purpose. You maychange the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”. 

Google Analytics, a web analytics service provided by Google, Inc. (“Google”) also places cookies on your computer, to enable Google to provide us with activity reports relating to our website (www.bop.co.uk). Google uses this data only to provide us with information on how users use the website and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

 

We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.


World Cities Culture Forum (WCCF)

Representatives of cities that are members of the World Cities Culture Forum (WCCF) and / or representatives of cities that attend closed WCCF events agree to share their contact details with each other as part of their membership and attendance. As BOP Consulting organises and delivers the World Cities Culture Forum (WCCF) on behalf of the GLA, these representatives also agree to share their contact details with the GLA as well as with BOP Consulting. Any representative can opt out of this at any time by emailing Genevieve@bop.co.uk.
 

BOP Consulting also manages a WCCF newsletter through a password protected Mailchimp account, which only BOP employees have access to. Like the BOP newsletter, the WCCF newsletter is available to anyone that proactively opts-in and gives their explicit consent to receive this. We do not lease, sell or give this personal information to any third parties, apart from the GLA, which BOP is acting on behalf of to deliver the World Cities Culture Forum. BOP Consulting does not use the email subscription data for any other purposes than in relation to WCCF newsletter mailouts. We will contact WCCF newsletter subscribers at least every two years to check-in with them and re-establish their consent for us to contact them. We also give WCCF subscribers the option to opt-out at the bottom of every newsletter we send to them.
 

BOP Consulting also manages the WCCF website (www.worldcitiescultureforum.com).

For this reason, we also use cookies for the means of our WCCF activities. As previously mentioned, cookies are small text files which are transferred to your browser by our WCCF website (www.worldcitiescultureforum.com) to identify data traffic patterns. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings – though BOP will never cookies for this purpose. You may change the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”.

 

As with www.bop.co.uk, we also use Google Analytics for our WCCF website. This is for the same purposes; collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

We take your privacy seriously. Period.